Privacy policy
This document (hereinafter referred to as the Policy) defines the rules of processing personal data collected from Users while using the websites/services (hereinafter referred to as the Service) belonging to druck.pl sp. z o.o., with its registered office at ul. Słonecznikowa 12, 55-080 Smolec (registered in the National Court Register under the KRS number 0000534484), which is the Administrator of the personal data (hereinafter referred to as the “Administrator” or “We”).
Contact with the Administrator is possible by e-mail at info@druck.pl or in writing to the Administrator’s address.
“User” as defined herein is any natural person using the Website.
The legal basis for the Policy is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. The Policy fulfils the obligations of the Administrator towards the Users hereinafter referred to as “GDPR”.
The use of the website is tantamount to the User’s acceptance of the provisions of this Policy.
What data we process and the legal basis for this processing.
In the course of your use of the Website, we collect data, some of which may constitute personal data under the GDPR. We collect data in a couple of cases:
- The main group of data collected is diagnostic information, statistics and other information for the purpose of examining the quality of the Website’s services, detecting failures, examining the popularity of products and for security reasons in order to detect and prevent abuse, crime, etc. The data includes, for example, the User’s IP address. The legal basis for the processing of this data is Article 6(1)(j) GDPR, i.e. the Administrator processes this data in pursuit of its legitimate interests. We process this data for a period of 38 month.
- When the User uses contact forms, order forms or contact via email boxes, the Administrator processes the following set of data: IP address, Email address, Phone number, First and last name and others provided by the User in the request. The legal basis for the processing of this data is Article 6(1)(b) GDPR, i.e. the Administrator processes this data because it is necessary to take action at the request of the data subject prior to entering into a contract. The IP address, on the other hand, is processed as in point 1. We process this data for a period of 60 days.
- When entering into a sales contract with the User, we process the following data: IP address, Email address, Phone number, First and last name, Mailing/delivery address, and other data provided by the User, for example in the order comment. We process the data using Article 6(1)(b) GDPR, as it is necessary for the performance of a contract to which the data subject is a party, and under Article 6(1)(c) GDPR, i.e. fulfilling the Administrator’s legal obligation, for example in connection with the need to document sales for tax purposes, and under Article 6(1)(j) GDPR, i.e. fulfilling the Administrator’s legitimate interest, for example for the purposes of claiming claims, handling guarantees and warranties, etc. Data is deleted up to 60 days after the purpose for which it is processed has been fulfilled.
- The Administrator may also process personal data with the User’s consent pursuant to Article 6(1)(a) GDPR. In this case, the Administrator is bound by the content of the consent given by the User.
Data recipients.
In the course of its activities related to the maintenance of the Website and the performance of contracts with Users, the Administrator entrusts data to the following entities:
Telecommunications companies, debt collection companies, banks, operators of payment and instalment systems, postal operators, carriers, business information offices, companies archiving or destroying documents and data carriers, partners providing technical services (e.g. development and maintenance of IT systems and websites), hosting companies.
Data is entrusted to the extent necessary to fulfil the purpose of the processing and the contracts concluded and protected in accordance with the GDPR by each entity to which the data is entrusted.
Users’ personal data are not transferred outside the European Union.
Rights of the personal data subject.
- The right of access to the content of your personal data, i.e. the right to obtain confirmation as to whether the Controller is processing your data and information concerning such processing,
- The right to rectification of data if the data processed by the Controller is incorrect or incomplete,
- The right to request the Administrator to delete data,
- The right to request the Controller to restrict data processing,
- The right to data portability, i.e. the right to receive personal data provided to the Controller and send it to another controller,
- The right to object to processing based on the legitimate interest of the Controller or to processing for direct marketing purposes,
- The right to lodge a complaint with the Polish supervisory authority or the supervisory authority of another EU Member State with jurisdiction over the data subject’s habitual place of residence or work or over the place of the alleged breach of the GDPR,
- The right to withdraw consent at any time (without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal),
- The right to obtain human intervention on the part of the Controller, to express your own views and to challenge a decision based on automated data processing.
The rights mentioned in points 1)-6) and 8)-9) above can be exercised, inter alia, by contacting the Administrator (address given in the introduction).
Security.
In order to protect the User’s personal data from being made available to unauthorised persons, from being collected by an unauthorised person, from being processed in violation of the applicable regulations, and from being altered, lost, damaged or destroyed, technical and organisational measures are applied to ensure the protection of the processed personal data appropriate to the risks and categories of data protected.
In particular, the Administrator uses technical measures to prevent data from being obtained or modified by unauthorised persons. The Administrator protects data sets from access by unauthorised entities. In addition, the data provided by the User when filling in and submitting web forms is encrypted through the use of SSL certificates.
Policy change.
The Administrator reserves the right to make changes to the Policy and at the same time ensures that the User’s rights under this document will not be restricted without his/her consent. Any changes to the Policy will be published on the Website.
Contact with the supervisory authority.
In all matters relating to the processing of the User’s personal data and the application and implementation of this Privacy Policy, the User has the right to lodge a complaint with the President of the Data Protection Authority.