Privacy Policy

1. Introduction

The protection of personal data is treated as one of the most important aspects of operations. Ensuring the security of processed personal data is a priority. In compliance with applicable data protection regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), this document aims to inform users about the legal basis for data processing, methods of data collection and usage, as well as the rights of data subjects.

2. Definition of Personal Data

Personal data includes information about an identified or identifiable natural person. An identifiable person is someone who can be directly or indirectly identified, particularly by reference to an identifier such as name, identification number, location data, or other factors specific to the individual’s identity.

3. Purpose and Basis of Data Processing

Personal data is processed for various purposes, including:

• Providing services and fulfilling contractual obligations.
• Handling inquiries and communication with users.
• Marketing activities, including sending newsletters or personalized offers (if consent has been given).
• Ensuring website security and preventing fraud.
• Fulfilling legal obligations, such as tax and accounting regulations.

Data processing is based on one of the following legal grounds: the necessity to perform a contract, compliance with a legal obligation, legitimate interests of the data controller, or the explicit consent of the data subject.

4. Methods of Data Collection

Personal data may be collected in the following ways:

• Directly from users when they provide their details through forms, emails, or other means of communication.
• Automatically through cookies and similar tracking technologies when users visit the website.
• From external sources such as social media platforms or business partners (only when legally permitted).

5. Cookies and Similar Technologies

The website uses cookies and similar technologies to enhance user experience, analyze traffic, and personalize content. Users can manage cookie preferences through browser settings.

There are different types of cookies used:

• Essential cookies – necessary for the proper functioning of the website.
• Analytical cookies – used to analyze user behavior and improve website functionality.
• Marketing cookies – used for personalized advertising and remarketing campaigns.

Users can adjust their cookie preferences or disable cookies altogether in their browser settings. However, restricting cookies may impact website functionality.

6. Rights of Data Subjects

Individuals whose data is being processed have the following rights:

• Right of access – the ability to obtain information about data processing and a copy of the processed data.
• Right to rectification – the right to request the correction of inaccurate or incomplete data.
• Right to erasure – the right to request data deletion in cases specified by law.
• Right to restriction of processing – the right to request a restriction on data processing in certain situations.
• Right to data portability – the right to receive data in a structured format and transfer it to another controller.
• Right to object – the right to object to data processing based on the legitimate interests of the controller.
• Right to withdraw consent – the ability to withdraw consent for data processing at any time, without affecting the lawfulness of processing conducted before the withdrawal.

To exercise these rights, please contact the data controller.

7. Sharing of Personal Data with Third Parties

Personal data may be shared with third parties only when required by applicable law or with the explicit consent of the data subject. Specifically, data may be shared with:

• companies cooperating in service provision, including hosting providers, analytics tools providers, and marketing service providers,
• authorities entitled to obtain data under legal regulations, such as law enforcement or regulatory bodies,
• payment processing entities if the user makes transactions requiring data processing.

When transferring data outside the European Economic Area (EEA), appropriate data protection mechanisms are applied in accordance with GDPR requirements.

8. Data Retention Period

Personal data is retained for as long as necessary to achieve the purposes for which it was collected, including:

• for the duration of the contract and after its termination – to the extent necessary for pursuing claims or fulfilling legal obligations,
• for the period required by accounting and tax regulations,
• until consent is withdrawn – if data processing is based on the individual’s consent,
• for as long as necessary to ensure compliance with other legal or regulatory obligations.

After these periods, personal data is deleted or anonymized.

9. Data Security Measures

Personal data is protected against unauthorized access, loss, alteration, or unauthorized disclosure through appropriate technical and organizational measures. These include:

• encryption of data transmission (e.g., SSL/TLS),
• access control to data processing systems,
• regular security testing of IT infrastructure,
• staff training on data protection practices.

All security measures are adjusted to evolving threats and applicable data protection standards.

10. Changes to the Privacy Policy

The Privacy Policy may be updated to reflect changes in legislation, regulatory guidance, or applied technologies. Any significant changes will be communicated appropriately, such as via a notice on the website.

Users are encouraged to regularly review the Privacy Policy to stay informed about data protection principles.