Plastrol privacy policy

This document applies to P.W.U-H Plast-Rol Sp. J, the websites operated by the company at www.plastrol.pl and plastrol.emp365.pl and its broadly understood activities, hereinafter referred to as the “Service”. This document specifies the terms and conditions related to personal data processing and cookies.

§1. HOW TO CONTACT THE DATA CONTROLLER

The data controller with respect to personal data processed in relation to the Service is P.W.U-H Plast-Rol Sp. J. with registered office in Lotyń (64-918) ul. Pocztowa 16, e-mail: plastrol@plastrol.pl, tel. 67 266 04 20.

§2. ON WHAT BASIS DO WE PROCESS YOUR DATA

When collecting personal data, we always inform about the legal basis for processing. This basis stems from provisions of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – the General Data Protection Regulation). When we inform about:

  • Article 6(1) (a) of the GDPR, it means that we process personal data on the basis of your consent,
  • Article 6(1) (b) of the GDPR, it means that we process personal data because it is necessary to perform the contract or undertake pre-contractual actions, at your request,
  • Article 6(1) (c) of the GDPR, it means that we process personal data in order to comply with a legal obligation,
  • Article 6(1) (f) of the GDPR, it means that we process personal data in order to pursue our legitimate interests.

§3. INFORMATION ON DATA PROCESSING

In connection with Art. 13 of the Regulation (EU) 2016/67 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (known as the “GDPR”), we present information concerning the circumstances related to processing of your personal data broken down by individual categories:

  • Article 6(1) (a) of the GDPR, it means that we process personal data on the basis of your consent,
  • Article 6(1) (b) of the GDPR, it means that we process personal data because it is necessary to perform the contract or undertake pre-contractual actions, at your request,
  • Article 6(1) (c) of the GDPR, it means that we process personal data in order to comply with a legal obligation,
  • Article 6(1) (f) of the GDPR, it means that we process personal data in order to pursue our legitimate interests.

B2B store users

PURPOSE OF PROCESSING LEGAL BASIS RETENTION
1) Conclusion and performance of the sales contract Processing is necessary to undertake pre-contractual actions and to perform the contract (Article 6 (1) (b) of the GDPR) Until the contract is terminated
2) Keeping of accounting and tax records Processing is necessary to comply with a legal obligation (Article 6 (1) (c) of the GDPR in connection with Art. 74 of the Accounting Act and other tax laws) 5 full years after the end of the calendar year
3) Handling of orders and requests for quotation Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to maintaining financial liquidity
4) Collection of debts Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to maintaining financial liquidity Until full settlement
5) Pursuance of claims and defence against claims Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to defending the entrepreneur's interests 6 years after the end of the relationship
6) Marketing of own services Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to looking after the entrepreneur's interests and good image 2 years after the data is collected or until objection is received
7) Marketing of foreign (partner) services / goods Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to selling the services of and promoting business partners 2 years after the data is collected or until objection is received
8) Use of the online store and ensuring that it functions properly Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to management of a website 2 years after the site was last visited

Suppliers

PURPOSE OF PROCESSING LEGAL BASIS RETENTION
1) Establishment of business relationships – purchasing Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to purchasing goods and services necessary for the operation of business until the contract is terminated
2) Conclusion and performance of the purchase contract Processing is necessary to undertake pre-contractual actions and to perform the contract (Article 6 (1) (b) of the GDPR) do momentu rozwiązania umowy
3) Filing of complaints, claims, requests Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of th GDPR) related to ensuring the quality of deliveries One year after the complaint, claim, request is filed

Representatives of contractors

PURPOSE OF PROCESSING LEGAL BASIS RETENTION
1) Establishment of business relationships – selling to the entity represented by the given person Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to the goal of selling services Until a valid objection / request for erasure is made
2) Handling of complaints, claims, requests Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to ensuring quality and looking after the entrepreneur's image One year after the complaint, claim, request is filed
3) Keeping of accounting and tax records Processing is necessary to comply with a legal obligation (Article 6 (1) (c) of the GDPR in connection with Art. 74 of the Accounting Act and other tax laws) 5 full years after the end of the calendar year
4) Collection of debts Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to maintaining financial liquidity Until full settlement
5) Pursuance of claims and defence against claims Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to defending the entrepreneur's interests 6 years after the end of the relationship

Correspondence senders and recipients

PURPOSE OF PROCESSING LEGAL BASIS RETENTION
1) Registration of correspondence and responding Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to responding to letters in a timely manner, making payments to suppliers in a timely manner and ensuring the quality of relationship with contractors and other interested parties 10 years after the correspondence is sent or received
2) Pursuance of claims and defence against claims Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to defending the entrepreneur's interests 6 years after the end of the relationship

Website users

PURPOSE OF PROCESSING LEGAL BASIS RETENTION
1) Use of the website and ensuring that it functions properly Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to management of a website 2 years after the site was last visited
2) Pursuance of claims and defence against claims Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to defending the entrepreneur's interests 6 years after the end of the relationship

Job candidates

PURPOSE OF PROCESSING LEGAL BASIS RETENTION
1) Selection of a job candidate Processing is necessary for purposes stemming from legitimate interests of the data controller (Article 6 (1) (f) of the GDPR) related to hiring new employees Up to 3 months after the recruitment process is completed

§4. VOLUNTARINESS OF DATA PROVISION

Whenever we ask for your data, remember that providing that data is voluntary, although necessary for us to fulfil the stated purpose. If you do not provide the data, we will not be able to process it.

§5. INFORMATION CONCERNING DATA PROCESSING CARRIED OUT TO ENSURE SAFETY

  1. From the moment you open our website, we process the following data to ensure safety of services:
    • public IP of the device which made the request,
    • browser type and language,
    • date and time of request,
    • number of bytes sent by the server,
    • URL of the previously visited website if our website is visited via a link,
    • information on errors in request handling,
  2. This data is processed under a legitimate interest (Article 6(1) (f) of the GDPR).
  3. Our legitimate interest with respect to this processing is keeping server event logs and protecting the Service against potential hacking attacks and other abuse, which includes being able to determine the IP address of the person conducting illegal activities in relation to the Service, such as attempting to circumvent security measures or publishing illegal content using our servers.
  4. We will store this data for a period necessary to fulfil the stated purposes, but not longer than until expiry of the statute of limitations for claims under separate provisions of law.
  5. You have the right to access your data, to have your data rectified, to have your data erased, to restrict the processing of your data and to object to such processing.
  6. You have the right to lodge a complaint with a supervisory authority. All information on how to lodge a complaint can be found at https://www.uodo.gov.pl
  7. Provision of this data is necessary to use the Service. Failure to provide this data will prevent you from using the Service.
  8. The recipient of this data is our hosting provider.

§6. INFORMATION CONCERNING DATA RECIPIENTS

We use third-party services to process personal data. For this reason, your personal data may be received by third parties. Whenever we collect personal data, we always inform about these recipients, but we do so in brief to maintain the expected legibility of the message. Should you require detailed information on individual recipient categories, please contact us in any way that is the most convenient for you.

The data controller will transfer your data depending on the purpose for which it was collected. Recipients may include, but are not limited to: IT service providers, hosting providers, postal and courier service providers, law firms and all authorities empowered under the law.

§7. INFORMATION CONCERNING THE TRANSFER OF DATA TO THIRD COUNTRIES

  1. Because we use services of third-party providers, your personal data may be transferred outside the European Economic Area.
  2. The European Commission has found that certain countries outside the European Economic Area (EEA) adequately protect personal data.
  3. As no adequacy decision has been issued with respect to the country to which we transfer your personal data, the data is transferred on the basis of your consent.

§8. MANDATORY RIGHTS OF DATA SUBJECTS

Whenever we mention rights related to the processing of your personal data, we refer to the rights described below. These rights may be exercised regardless of the legal basis for the processing of personal data.

Right to erasure (right to be forgotten)

You have the right to request that we immediately erase all personal data concerning you. We are then obliged to erase the personal data without undue delay if one of the following grounds applies:
  • you have withdrawn your consent to process your personal data and we have no other basis for processing it,
  • you have effectively objected to the processing of data which concerns you,
  • your personal data has been unlawfully processed,
  • your personal data has to be erased for compliance with a legal obligation,
  • your data has been collected in relation to the offer of information society services.

Right to rectification

You have the right to request that we immediately rectify all inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right of access to data

You have the right to obtain from us confirmation as to whether or not we process personal data concerning you. If that is the case, you have the right to access your data and to receive additional information about:
  • the purposes of the processing,
  • categories of personal data concerned,
  • recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
  • the existence of the right to request that we rectify or erase your personal data or restrict the processing of that personal data, the right to object to such processing and the right to lodge a complaint with a supervisory authority,
  • the source of the data if your data has not been collected from you,
  • the existence of automated decision-making, including profiling, and the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Upon receipt of a request to that effect, we are obliged to provide a copy of the personal data subject to processing. If such request is made by electronic means, unless otherwise requested, information will also be provided electronically.

Right to erasure (right to be forgotten)

You have the right to request that we immediately erase all personal data concerning you. We are then obliged to erase the personal data without undue delay if one of the following grounds applies:
  • you have withdrawn your consent to process your personal data and we have no other basis for processing it,
  • you have effectively objected to the processing of data which concerns you,
  • your personal data has been unlawfully processed,
  • your personal data has to be erased for compliance with a legal obligation,
  • your data has been collected in relation to the offer of information society services.

Right to erasure (right to be forgotten)

You have the right to request that we immediately erase all personal data concerning you. We are then obliged to erase the personal data without undue delay if one of the following grounds applies:
  • you have withdrawn your consent to process your personal data and we have no other basis for processing it,
  • you have effectively objected to the processing of data which concerns you,
  • your personal data has been unlawfully processed,
  • your personal data has to be erased for compliance with a legal obligation,
  • your data has been collected in relation to the offer of information society services.

Right to restriction of processing

You have the right to request that we restrict processing in the following cases:
  • you contest the accuracy of the data – for a period which enables us to verify its accuracy,
  • the processing is unlawful and you object to erasure of the data, requesting the restriction of its use instead,
  • we no longer need the personal data for the purposes of the processing, but you need it to establish, exercise or defend claims, you have objected to processing of your data – pending the verification whether our legitimate grounds override the grounds for your objection.

Automated decisions, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar manner. This right does not apply if the decision in question:
  • is necessary for the conclusion or performance of a contract between you and us,
  • is authorised by Union or Republic of Poland law which lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
  • is based on your explicit consent.

Right to lodge a complaint

Masz prawo do wniesienia skargi w związku z przetwarzaniem Twoich danych osobowych, do organu nadzorczego: Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa, tel. 22 531 03 00, fax. 22 531 03 01, e-mail: kancelaria@uodo.gov.pl.

§8. NON-MANDATORY RIGHTS OF DATA SUBJECTS

Whenever we mention rights related to the processing of your personal data, we refer to the rights described below. The ability to exercise these rights is each time dependent on the legal basis for the processing of personal data. If you do not know which rights apply to you, please contact us in any way that is the most convenient for you.

Right to withdraw the consent to processing

If we process your personal data on the basis of your consent, you have the right to withdraw that consent at any time. Of course, withdrawal of your consent does not affect the lawfulness of processing based on that consent before its withdrawal.

Right to data portability

You have the right to receive the personal data which you have provided to us in a structured, commonly used and machine-readable format. You also have have the right to transmit that personal data to another controller without hindrance from us if processing is based on your consent or on a contract and is carried out by automated means. In exercising your right to data portability, you have the right to request that we transmit the personal data directly to another controller, where technically feasible. This right may not adversely affect the rights and freedoms of others.

Right to object

If we process your personal data under Art. 6(1) (f) of the GDPR, you have the right to object to the processing of that data on grounds relating to tour particular situation.

At that point, we are no longer allowed to process that personal data, unless we can demonstrate the existence of:
  • compelling legitimate grounds for the processing which override your interests, rights and freedoms,
  • grounds for the establishment, exercise or defence of legal claims.

If you object to the processing of your personal data for direct marketing purposes, we will not be able to process your data for such purposes.

§9. B2B STORE – INFORMATION

The B2B Store website uses only cookies (described in §10) and, depending on how the user’s browser is configured, auto-completion (all users can disable auto-completion in browser preferences). When you log into the system, session cookies are used. Other than the indicated data, the store does not automatically collect any information; information is collected only after it has been entered by the system user (e.g. by placing an order).

§10. COOKIES

The Service website uses cookies. These are commonly used small files containing a string of characters, which are sent to and stored on en devices (e.g. computers, laptops, tablets, smartphones) used to visit the Service. This information is sent to the browser cache, and the browser sends it back on subsequent visits to the website. Cookies can be categorised using three approaches, i.e. in terms of:

a) the purposes for which they are used:
  • Necessary cookies – they enable proper operation of the Service and its functions, e.g. authentication and security cookies. Without them being stored on your device, you will not be able to use the Service.
  • Functional cookies – they make it possible to store your selected settings and tailor the Service to your needs and preferences, e.g. with respect to the selected language, font size, website layout. They help improve the functionality and performance of the Service. Without them being stored on your device, the use of certain features of the Service will be limited.
  • Business cookies – this category includes e.g. advertising cookies. They make it possible to tailor the advertisements displayed within and outside the Service to your preferences. Without them being stored on your device, the use of certain features of the Service may be limited.
b) their validity – two categories are identified:
  • session cookies – cookies which exist until the end of a given session,
  • persistent cookies – cookies which exist after the session has ended.
c) their controller – the following categories are identified:
  • Service Provider cookies,
  • third party cookies.

Under “business” cookies we may use cookies which make it possible to learn the preferences of persons who visit our website. For example, we can analyse the frequency of visits. This allows us to be more responsive, for example, by displaying ads tailored to the needs and preferences of specific audiences or of those who have previously visited our website. If you do not consent to the use of cookies, such advertising will not be possible.

The Service Provider may make use of cookies utilised by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States, for the following services:
  • Google Ads – these cookies make it possible to conduct and assess the quality of advertising campaigns carried out using the Google Ads service,
  • Google Analytics – these cookies make it possible to assess the quality of advertising campaigns carried out using the Google Adwords service and to study User behaviour and traffic and prepare traffic statistics,
  • Google Maps – these cookies make it possible to store information about the User which enables the use of map functionality available via the Google Maps service. Google Inc. may track the User's location,
  • YouTube – these cookies make it possible to store information about the User which enables the use of YouTube service functionality. Google Inc. may track the User's video playback.

The Service Provider may make use of cookies utilised by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. These cookies may be used to link the user account in the external Facebook social media service with the Service account, if the Service Provider enables this functionality. These cookies may also be used to process the User’s actions on Facebook performed via the “Share” or “Like” buttons. The processing of these actions may be public.

§11. DATA CONTROLLER COOKIES

Cookies controlled by us enable the following functionality:
  • access authentication,
  • protection of the Service against hacking attacks,
  • "memorisation" of the contents of completed form fields by the browser (optional),
  • tailoring of the Service website content to your preferences.

This makes using the Service functionality easier and more enjoyable.

§12. CONSENT TO THE USE OF COOKIES AND COOKIE MANAGEMENT

Consent to the processing of cookies is voluntary and may be withdrawn at any time. Please note, however, that if you do not consent to the use of certain cookies, you may face limitations in using the Service and its functions, or even be unable to use them at all. Consent to the processing of cookies may be given by:
  • changing the settings of the software installed in the User's telecommunications end device,
  • using the button which contains a statement of consent to the processing of cookies or confirmation that the User has read its terms and conditions.

Browser settings typically allow the storage of cookies and other information on the end device by default. If you do not consent to the storage of cookies, you need to change browser settings accordingly. It is possible to disable their saving for all connections from a given browser or for a particular website, and to delete them. The way in which cookies are managed depends on the software. Current cookie management rules can be found in browser settings.

§13. CACHE

When you visit the Service website, we may automatically use the cache installed on your device. Cache can store data intersessionally, i.e. between consecutive visits to the Service website. The purpose of utilising cache is to make using the Service faster by eliminating situations where the same data would be repeatedly downloaded from the Service, putting load on the User’s internet connection. Cache can also store such data as login password.

§14. LINKS TO OTHER WEBSITES

The Service may contain links to other websites. We are not responsible for the privacy and cookie processing policies of these sites. We recommend that you read the privacy and cookie policies of these sites when you enter them.

§15. CHANGES TO THE PRIVACY AND COOKIE POLICY

  1. Privacy and Cookie Policy takes effect on the date of publication on the Service website.
  2. Changes to the Privacy and Cookie Policy are made via publishing of its new text on the Service website.