Privacy policy and cookies


PRIVACY POLICY

§1 General provisions

  1. This document constitutes an annex to the Regulations. When using our services, you entrust us with your information. This Privacy Policy is only intended to help you understand what information and data is gathered and what purpose we use it for.  This data is very important for us, so please read this document carefully as it sets out the rules and methods of processing and protecting your personal data. This document also defines the rules of using “Cookies” files.
  2. We hereby declare that we comply with the rules of personal data protection and all legal regulations provided for by the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC.
  3. The person whose personal data is processed has the right to contact us to receive comprehensive information on how we use their personal data. Our aim is always to be clear about the data we collect, how we use it, for what purposes and to whom we provide it, how we ensure that the data is protected when providing it to others, and which institutions you should contact in case of any doubts.
  4. The Seller shall apply technical measures such as: physical personal data protection measures, hardware measures of IT and telecommunications infrastructure, protection measures within software tools and database and organizational measures ensuring proper protection of processed personal data, and in particular, they shall protect personal data against unauthorised third parties, unauthorised persons obtaining them and using them for unknown purposes, as well as accidental or intentional change, loss, damage or destruction of such data.
  5. We have sole access to the data on the terms and conditions specified in the Regulations and this document. Personal data access may also be entrusted to other entities by means of which payments are made, which collect, process and store personal data pursuant to their Terms and Conditions and entities which are responsible for processing the order. Personal data is provided to the above mentioned entities to the extent required and only to the extent that ensures the performance of services.
  6. Personal data is processed only for the purposes that you have agreed to by clicking on the relevant fields of the form on the Website or in any other explicit way. The legal basis for the processing of your personal data is your consent to the processing of data or the requirement to provide the service (e.g. ordering a Product) that you have ordered from us (pursuant to Article 6(1)(a) and (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repeal Directive 95/46/EC (General Data Protection Regulation) – GDPR.

§2 Privacy Policy

  1. We take privacy seriously. We respect your privacy and provide you with the fullest and most comfortable use of our services.
  2. We value the trust Users place in us by entrusting us with their personal data in order to fulfill the order. We always process personal data in a fair manner and in such a way that we do not lose this trust, only to the extent necessary to fulfill the order, including its processing.
  3. You have the right to receive clear and complete information regarding the way in which we use your personal data and what purposes it is required for. We always clearly communicate the data we collect, how and to whom we provide it, and give information about the entities to be contacted in case of any doubts, questions or comments.
  4. Should we have any doubts about our use of your personal data, we will take immediate action to clarify and resolve such doubts and answer all related questions fully and comprehensively.
  5. We shall take all reasonable actions to protect User data against improper and uncontrolled use and to protect it in a comprehensive manner.
  6. The administrator of your personal data is  Enwar Sp. z o.o., ul. Strefowa 9, 58-160 Świebodzice, NIP (Tax Identification Number): 8842744389, REGON (statistical number): 021838385, National Court Register: 0000413497, biuro@enwar.pl bok@enwar.pl tel. 0048 74 853 24 59
  7. The legal basis for the processing of your personal data is Article 6(1)(b) GDPR. The provision of data is not obligatory, but necessary to take appropriate actions before the conclusion of the contract and its execution. We will transfer your personal data to other recipients who are entrusted with the processing of personal data for and on our behalf. Your data shall be transferred on the basis of Article 6(1)(f) of the GDPR where there is a legally justified interest in the proper execution of contracts/orders. Furthermore, we shall share your personal data with other business partners. We store the collected personal data in the European Economic Area (‘EEA’), but it may also be transferred to and processed in a third country outside this area. Every transmission of personal data is carried out in accordance with applicable law. When data is transferred outside the EEA, we use standard contractual clauses and the privacy shield as preventive measures for countries where the European Commission has not found an adequate level of data protection.
  8. Your personal data concerning the conclusion and performance of the contract shall be processed for the period of its execution, as well as for a period no longer than provided for by law, including the provisions of the Civil Code and the Accounting Act, i.e. no longer than 10 years, counting from the end of the calendar year in which the latest contract was performed.
  9. Your personal data processed for the purpose of concluding and performing future contracts shall be processed until you object.
  10. You are entitled to: access your personal data and receive a copy of your processed personal data, rectify your inaccurate data; request to delete your data (right to be forgotten) in case of the circumstances foreseen in Article 17 of the GDPR; request a restriction of data processing in the cases mentioned in Article 18 of the GOP, object to the processing of data in the cases stated in Article 21 of the GDPR, transfer of provided data, processed by automated means.
  11. If you believe that your personal data is processed unlawfully, you may lodge a complaint with the supervisory authority (Personal Data Protection Office, ul. Stawki 2, Warszawa). If you need further information regarding data protection or want to exercise your rights, please contact us by post to our address.
  12. We make every endeavour to protect against unauthorized access, unauthorized modification, disclosure and destruction of information in our possession. In particular:
    a) We monitor methods of collecting, storing and processing information, including physical security measures, to protect against unauthorised access to the system.
    b) We only provide access to personal data to those employees, contractors and representatives who need to have access to it. Furthermore, by virtue of the contract, they are obliged to maintain strict confidentiality, to allow us to control and check how they fulfil their duties and in case of non-fulfilment of these obligations they may suffer consequences.
  13. We shall comply with all applicable data protection laws and regulations and shall cooperate with data protection authorities and law enforcement agencies empowered to do so. In the absence of data protection legislation, we shall act in accordance with generally accepted data protection rules, principles of social coexistence and established customs.
  14. The detailed method of personal data protection is included in the Data Protection Policy (GDPR: Security Policy, Data Protection Regulations, IT System Management Manual) For security reasons, due to the procedures described therein, it is available for inspection only by state control authorities.
  15. If you have any questions about the way in which your personal information is handled, please contact us using the website where you were redirected to this Privacy Policy. The contact request shall be forwarded immediately to the appropriate person appointed for that purpose.
  16. The user has always the right to notify us if:
    a) no longer wishes to receive information or messages from us in any form;
    b) wishes to receive a copy of their personal data in our possession;
    c) correct, update or delete their personal data held in our records;
    d) wishes to report infringements, misuse or processing of their personal data.
  17. In order to make it easier for us to respond or react to the information provided, please enter your name and further details.

§3 Scope and purpose of personal data collection

  1. We process the essential personal data for the purpose of providing services and for accounting purposes and only such purposes, i.e. :
    a) to place an order,
    b) to conclude a contract, to lodge a complaint and to terminate the contract,
    c) to issue a VAT invoice or other receipt.
    d) monitor the traffic on our websites;
    e) collecting anonymous statistics to determine how users use our website;
    f) establishing the number of anonymous users of our sites
    g) monitoring how often the selected content is shown to users and what content is most frequently used;
    h) monitoring how often users choose a particular service or which service is most frequently contacted;
    i) examination of subscriptions to newsletters and contact options;
    j) use of a personalised recommendation system for e-commerce;
    k) the use of a communication tool both by e-mail and consequently by telephone;
    l) integration with the community portal;
    m) internet payments, if any.
  2. The following User data is collected, processed and stored:
    a) name and surname,
    b) address of residence,
    c) address for service (if different from your address of residence),
    d) tax identification number (NIP),
    e) e-mail address (e-mail),
    f) phone number (mobile, landline),
    g) preferences for the products ordered and for small architectural products
    h) information about the Internet browser used,
    i) other personal data voluntarily provided to us.
  3. The provision of the above data is entirely voluntary but also essential to the full service performance.
  4. The purpose of data collection and processing or use of the data by us:
    a) direct marketing, archival purposes of advertising campaigns;
    b) fulfilling the obligations imposed by law by collecting information on adverse effects;
  5. We may transfer your personal information to servers located outside your country of residence or to affiliates or third parties based in other countries including countries within the EEA (European Economic Area, EEA). – Free Trade Area and Single Market, including the countries of the European Union and the European Free Trade Association EFTA) for the purpose of processing personal data by these entities on our behalf in accordance with this Privacy Policy and applicable laws, customs and data protection regulations.
  6. Your personal data is kept for no longer than it is required for the proper quality of service and, depending on the way and purpose of obtaining it, we keep it for the duration of the service and after its completion for the purposes:
    a) to fulfil the obligations arising from law, tax and accounting regulations;
    b) to prevent abuse or crime;
    c) statistical and archival.
    d) Marketing activities – for the duration of the contract, granting individual consent to the processing of such data – until the activities related to the handling of the transaction are completed, your objection to such processing are raised or your consent is withdrawn.
    e) Sales-related and promotional activities – e.g. competitions, promotional activities – for the duration and settlement of such activities.
    f) Operational activities – until the obligations imposed by the General Data Protection Regulation and the relevant national legislation to prove the accuracy of the processing of personal data are time-barred
    g) to pursue any claims in relation to the contract performed;
  7. In view of the fact that many of the countries to which this personal data is transferred do not have the same level of legal protection for personal data as in user’s country. Your personal data stored in another country can be accessed, for example, by courts, law enforcement and national security authorities, in accordance with the laws of that country. Subject to lawful requests for disclosure, it is our commitment to require this processing personal data outside your country to take measures to protect your data in an appropriate manner in accordance with their national law.

TABLE:

Categories of persons/data

Purpose of processing

Legal basis

Data retention

 

BUSINESS ENTITY

 

Natural and legal persons

Contract conclusion and implementation

Article 6(1)(b) GDPR (contract performance)

The data will be processed no longer than 6 months after the 6 years of the end of the cooperation.

 

Pursuing claims, taking action for recovery

 

 

 

 

 

 

article 6(1)(f) of the GDPR (legitimate interest – pursuing claims)

 

 

 

Until the settlement of the dispute, and in the case of settlement of the liability (repayment) for a period of 6 years from the end of the year in which the liability which is the subject of the disputed contract expired.

 

 

 

 

 

 

 

 

SERVICE ACTIVITIES verification of needs

 

 

 

 

article 6(1)(f) of the GDPR (legitimate interest – analytical and statistical activities – possible consent)

 

 

If your consent is granted until it is revoked, limited, or otherwise restricted on your part.

 

 

Data on customer abilities and preferences

 

MARKETING

 

Potential customers, potential customer contact persons

Customer acquisition, including business customers, contact in order to present an offer

article 6(1)(f) of the GDPR (legitimate interest – direct marketing)

Until the data subject has effectively objected to the processing of personal data relating to them.

 

COMPLAINTS

 

Persons making complaints about services provided by the Administrator

Receiving and handling complaints from Service Users and potential customers

Article 6(1)(c) GDPR (legal obligation)
Article 6(1)(b) GDPR (contract performance)

10-year period from receipt of complaint for steel structures, ventilation, small architectural products, maintenance services, industrial

construction, air conditioning, trolleys, intralogistics, workbenches and in case of a dispute, until the resolution of the dispute, taking into account the relevant limitation periods for claims.

 

WEBSITE

 

Website users

User registration

Article 6(1)(b) GDPR (contract performance)

Until the end of the cooperation or 2 weeks after registration if the registration is not accepted.

 

Users subscribing to the newsletter

Sending notifications of new offers

Article 6(1)(a) GDPR (consent)

Until the data subject withdraws their consent, or 2 weeks after the subscription, if the subscription is not accepted.

 

Users posting their opinions on the portal and statements on the forum

Providing the opportunity to express an opinion about the employer and to post a statement on the forum

Article 6(1)(b) GDPR (contract performance)

Until the cooperation is completed.

 

 

§4 Cookies policy

  1. We automatically collect the information contained in the cookies in order to collect User data. A cookie is a small piece of text which is sent to the user’s browser and which the browser sends back when the user visits the website. They are mainly used to maintain the session by generating and sending back a temporary ID after login. We use “session” cookies stored on your terminal device until you log out, shut down the website or turn off your browser and “permanent” cookies stored on the user’s terminal device for the time specified in the parameters of the cookies or until you delete them.
  2. Cookies customize and optimize the website and its offer for the needs of Users through such activities as creating page view statistics and ensuring security. Cookies are also essential to maintain your session after you leave the website.
  3. The Administrator processes the data contained in the cookies each time the website is visited by visitors for the following purposes:
    a) optimising the use of the website;
    b) identifying Service Recipients as currently logged in;
    c) customization, graphics, choice options and any other content of the website to the individual needs of the Service Recipient;
    d) saving the automatically and manually added data from the Order Forms or the login data provided by the visitor;
    e) collecting and analysing anonymous statistics presenting the use of the website in the administration panel and google analytics
    f) creating remarketing lists based on information about your preferences, behaviour, how you use your interests in the Website and collecting demographic data, and then sharing these lists with AdWords and AdSense, Facebook Ads.
    g) Google Adsense cookies are used to display relevant advertising to you. Adsense Cookies do not contain any personal data. If you would like to learn more about Google AdSense cookies and how to control it visit http://www.google.co.uk/policies/privacy/ads/
    h) creating data segments based on demographic information, interests, preferences in the choice of products/services viewed.
    i) using demographic and interest data in Analytics reports.
    j) due to the necessity to prevent Internet robots from performing certain functions on our trading platforms, we use the Google reCAPTCHA mechanism to investigate occasionally whether the user’s behaviour does not bear any signs of robot behaviour. In this case we may disclose your IP address to Google LLC.
  4. The User can block and delete the collection of cookies at any time with their browser.
  5. If the User blocks the possibility of collecting Cookies files on their device, it may prevent or hinder the use of some of the website’s functionalities, to which the User is fully entitled, but must be aware in such a situation of functionality limitations.
  6. RECAPTCHA V2

Name of Cookies

Type of Cookies

Purpose of saving Cookies

Validity period of Cookies

CONSENT

Persistent

For occasional investigation of whether the user’s behaviour does not bear any signs of robot behaviour.

2 years (since last update)

NID

Persistent

For occasional investigation of whether the user’s behaviour does not bear any signs of robot behaviour.

2 years (since last update)

 

  1. GOOGLE ADWORDS

Name of Cookies

Type of Cookies

Purpose of saving Cookies

Validity period of Cookies

PREF

Persistent

It helps to personalize ads in your services (e.g. in a search engine) – especially if you are not logged into your Google account.

2 years (since last update)

id

Persistent

Used for advertising purposes outside Google websites from the doubleclick.net domain

2 years (since last update)

drt_, FLC, NID

Persistent

Ads server cookie .googleads.g.doubleclick.net. It collects information about user activities when you click on a Google Adwords advertisement and transmits information about conversions back.

12 hours (since last update)

 

  1. GOOGLE ANALYTICS

Name of Cookies

Type of Cookies

Purpose of saving Cookies

Validity period of Cookies

_UTMA

Persistent

Used to differentiate between users and sessions. The cookie is updated and every time the data is sent to Google Analytics.

2 years (since last update)

_UTMB

Persistent

It is responsible for storing information about a visit

30 min (since last update)

_UMTC

Session

The _utmc cookie cooperates with _utmb and its task is to establish whether to start tracking a new visit or whether the data collected should be classified as old one. It only contains information about the unique identifier of the website and expires when you close the browser window.

Until the end of the session

_UMTZ

Persistent

It contains information on the sources of visits. It allows to count the number of visits from search engines and data from marketing campaigns

6 months (since last update)

_UMTV

Persistent

It stores session ID. It is essential to store information about the event of being logged into the service.

2 years (since last update)

 

  1. YOUTUBE

Name of Cookies

Type of Cookies

Purpose of saving Cookies

Validity period of Cookies

PREF

Persistent

The cookie is used by Google to store preferences and user information relevant to the operation of Google Maps.

10 years (since last update)

Visitor_info1_Live

Persistent

The cookie is used by Youtube to store user’s preferences on video content pages.

8 months (since last update)

Use_Hitbox

Persistent

The cookie is used by Youtube to store user’s preferences on video content pages.

Until the end of the session

 

  1. GOOGLE MAPS

Name of Cookies

Type of Cookies

Purpose of saving Cookies

Validity period of Cookies

PREF

Persistent

The cookie is used by Google to store preferences and user information relevant to the operation of Google Maps.

2 years (since last update)

 

  1. FACEBOOK

Name of Cookies

Type of Cookies

Purpose of saving Cookies

Validity period of Cookies

datr

Persistent

The cookie is saved when your web browser gains access to facebook.com. The file enables the recognition of suspicious login attempts and thus provides greater security for users. It is used, for example, to signal unsuccessful login attempts or to create multiple accounts to send spam.

2 years (since last update)

 

  1. The user who does not want to use cookies for the purpose described above can delete them manually at any time. In order to read the detailed procedure instructions, please visit the website of the manufacturer of the browser you are using.
  2. More information on Cookies is available in the help menu of each web browser. Examples of Internet browsers that support the mentioned “Cookies”:
    a) Cookie settings Internet Explorer
    b) Cookie settings Chrome
    c) Cookie settings Firefox
    d) Cookie settings Opera
    e) Cookie settings Safari
    f) Cookie settings Android
    g) Cookie settings Blackberry
    h) Cookie settings iOS (Safari)
    i) Cookie settings Windows Phone

§5 Rights and obligations

  1. We have the right and, in cases specified by law, the statutory obligation to provide selected or all information concerning personal data to public authorities or third parties who make such a request for information on the basis of applicable Polish law.
  2. The User has the right to access the content of their personal data, which they make available, the User can correct and complete this data at any time, and has the right to request it to be removed from their database or to stop processing it, without giving any reason. In order to exercise your rights, you may send the applicable message at any time via e-mail or by any other means that will provide/transmit such request.
  3. The processing of personal data of individuals who are our customers is based on:
    a) a legitimate interest as a data controller (e.g. in the creation of a database, analytical and profiling activities, including analysis of the product, direct marketing of own products, securing documentation for the purpose of defending against possible claims or for the purposes of claims)
    b) consent (including in particular consent to marketing or telemarketing e-mail)
    c) the performance of the contract concluded
    d) legal obligations (e.g. tax or accounting law).
  4. The processing of personal data of individuals who are potential customers is based on:
    a) the legitimate interests of the data controller (e.g. in terms of database creation, direct marketing of own products)
    b) consent (including in particular consent to marketing or telemarketing e-mail)
  5. A request by the User to delete personal data or to stop processing may result in a complete inability to provide services or a serious limitation of the services.
  6. We attach special importance to the matter of profiling and indicate that:
    a) for profiling purposes, we generally process data which have previously been encrypted with ssl;
    b) we use common data: e-mail and IP address or cookies
    c) we profile to analyse or forecast personal preferences and interests of persons using our Websites or products or services and to match the content of our Websites or products to these preferences
    d) we profile for marketing purposes, i.e. matching the marketing offer to the above mentioned preferences.
  7. We undertake to act in accordance with applicable laws and rules of social coexistence.
  8. Information on extra-judicial handling of consumer disputes. The authorized entity under the Act on Out-of-Court Settlement of Consumer Disputes is the Financial Ombudsman, whose website address is as follows: www.rf.gov.pl.

§6 Basic safety principles

  1. Every User should take care of their own data security and the security of their devices that access the Internet. It is essential that such a device has an antivirus software with a regularly updated database of definitions, types and kinds of viruses, a secure version of the Internet browser it uses and a firewall on. The User should check if the operating system and the programs installed on it have the latest and compatible updates, as attacks use errors detected in the installed software.
  2. The access data to services offered over the Internet are – e.g. logins, passwords, PIN, electronic certificates, etc. – should be secured in a place that is inaccessible to others and cannot be hacked from the Internet. It should not be disclosed or stored on the device in a form that allows unauthorized access and reading by unauthorized persons.
  3. Be careful when opening strange attachments or clicking on links in emails that you did not expect from unknown senders or from the spam folder.
  4. It is recommended to run antiphishing filters in your Internet browser, i.e. tools that check whether the displayed website is authentic and is not used for phishing purposes, e.g. by impersonating a person or institution.
  5. Files should only be downloaded from trusted places, services and websites. It is not recommended to install software from unverified sources, especially from unknown publishers with unverified opinion. It also applies to mobile devices such as smartphones and tablets.
  6. When using a home wireless network Wi-Fi, the password should be set so that it is safe and difficult to crack, it should not be any formula or sequence of characters that is easy to guess (e.g. street name, host name, date of birth, etc.). It is also recommended to use the highest possible standards of wireless Wi-Fi network encryption, which can be run on the equipment you have, e.g. WPA2. 

§7 Use of Social Media Plugins

  1. Facebook.com, Twitter and other social networking plugins can be located on our websites. Services related to them are provided by Facebook Inc. and Twitter Inc. respectively.
  2. Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Facebook. In order to view Facebook plugins go to: https://developers.facebook.com/docs/plugins.
  3. Twitter is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. In order to view Twitter plugins go to: https://developers.facebook.com/docs/plugins.
  4. The plugin only provides the supplier with information about which of our websites you have accessed and how long it takes. If the User is logged in to their Facebook or Twitter account while visiting or staying on our website, the supplier is able to link their interests, informational preferences and other data, e.g. by clicking on the Like button or by leaving a comment or by entering their profile name in the searches. This information will also be forwarded by the browser directly to the supplier.
  5. Czater.pl is a service enabling you to create and set up a live chat on your website, allowing you to contact your customers in real time. The owner and Administrator of the Service is EBROS Mariusz Rosa, ul. Olimpijska 27, 05-220 Zielonka, hereinafter referred to as the Administrator.
  6. For more detailed information on the collection and use of data by Facebook or Twitter and on privacy protection, please see the following pages:
    a) Data protection/privacy advice issued by Facebook: http://www.facebook.com/policy.php.
    b) Data protection/privacy advice issued by Twitter: https://twitter.com/privacy
  7.  In order to prevent Facebook or Twitter from recording your visit on our website, you must log out of your account before visiting our website.

Copyright notice to the Regulations
The owner of all material copyrights to the template of this policy is LEGATO Law Firm, which has granted a non-exclusive and non-transferable right to use this document for purposes related to its own commercial activity on the Internet and extends legal protection to the aforementioned document for the duration of the agreement. Copying and distribution of the template of this document without the consent of LEGATO Law Firm is prohibited and may be subject to both criminal and civil liability. Internet sellers can learn more about the possibility of using the template of the privacy policy and cookies at http://www.kancelaria-legato.pl