I. General information and definitions
The Personal Data Administrator (hereinafter referred to as PDA) collected through website https://plantalux.pl/ is Plantalux Ltd. with its registered office in Konopnica, entered into the Register of Entrepreneurs kept by Lublin Wschód District Court in Lublin with its registered office in Świdnik, 6th Economic Department of the National Court Register under the number 0000628224, REGON (National Business Registry Number): 364944526, NIP (VAT identification number): 9462661551, e-mail: email@example.com
- Personal data – information about identified or identifiable natural person. An identifiable person is a person who can be directly or indirectly identified, particularly on the basis of an identifier such as name and surname, identification number, location data, internet ID or one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
- Processing – means an operation or a set of operations performed on a personal data or on sets of personal data in an automated or non-automated manner, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Cookies – means IT data, in particular small text files, collected and stored on devices through which User can access the website.
- Administrator Cookies – means Cookies published by PDA, related to providing services by electronic means by PDA using Website.
- External Cookies – means Cookies published by PDA partners using Website.
- Device – means an electronic device via which User gains access to PDA site.
- User – means an entity to whom services by electronic means can be provided in accordance with the law or which can enter into the providing services by electronic means agreement.
- Consent – means voluntary, precise, informed and unambiguous indication of wishes by which the data subject, in a form of statement or in an explicit affirmative action, shall agree to processing his personal data.
III. Legal basis for the processing of User’s personal data
- Personal data collected by PDA is processed in accordance to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the GDPR), the Polish Data Protection Act of 10 May 2018 (Dz. U. 2018 poz.1000) and the Polish Act of 18 July 2002, on Providing Services by Electronic Means (Dz. U. Z 2017 r., poz. 1219 ze zm.).
- PDA processes only personal data that was provided by User having used the website. The processing of Users’ data is carried out in the following areas:
- conclusion and performance of the sales contract, including issuing the invoice or receipt and the provision of the service (the scope of data: name, surname, home address, delivery address, e-mail) – following the act of GDPR art. 6, paragraph 1, point B, i.e. since the processing is necessary to perform the contract, which the data subject is a party to,
- establishing a cooperation (the scope of data: name, surname, home address, e-mail, phone number, other information provided by an candidate in an application form) – following the act of GDPR art. 6, paragraph 1, point A, i.e. on the basis of consent given by the data subject,
- pursuing claims (the scope of data: name, surname, home address, delivery address, e-mail, other information necessary to prove the existence of claim or to defend the rights) – following the act of GDPR art. 6, paragraph 1, point F, i.e. since the processing is necessary for the purposes of the legitimate interests pursued by PDA or a third party,
- fulfilling the legal obligations of PDA in accordance to running a business (the scope of data: all information given by User) – following the act of GDPR art.6, paragraph 1, point C,
- conducting one’s own marketing and promotional activities (the scope of data: name, surname, home address, e-mail, phone number) (GDPR art. 6, paragraph 1, point F),
- conducting marketing and promotional activities based on a separately given permission (GDPR art. 6, paragraph 1, point A),
- sending commercial information through electronic means following art. 10, paragraph 2 of the Polish Act of 18 July 2002, on Providing Services by Electronic Means (Dz. U. Z 2017 r., poz. 1219 ze zm.) – based on the separately given permission (GDPR art. 6, paragraph 1, point A),
- using telecommunications terminal Equipment and automated calling systems for direct marketing purposes following art. 172 of the act of 16 July 2004 on Telecommunications Law (Dz. U. Z 2017 r. Poz.1907 ze zm.), based on a separately given permission.
IV. What data does PDA collect?
- PDA collects or may collect the following personal data using the contact form available on the website or through direct contact with User (via e-mail or phone):
- identification data (including name, surname, date of birth, place of birth),
- contact details (phone number, home address, e-mail),
- employment information,
- other data provided by User during contact with PDA.
- Browsing the content of website does not require providing personal data other than automatically acquired information concerning parameters for the connection.
V. Profiling gathered data
- PDA does not profile Users’ personal data.
VI. Processing time of personal data
- Personal data will be processed for a period:
- necessary to perform contracts concluded through a contracting party, including after their completion due to the possibility of the parties to exercise their rights under the contract, as well as due to the possible claims;
- until the given consent is withdrawn or an objection against personal data processing is raised – in cases of User’s personal data processing based on separately given permission;
- PDA also stores Users’ personal data if necessary to fulfill his legal obligations, resolve dispute, enforce obligations of User, maintain safety, prevent fraud and abuse. Period of data processing in abovementioned cases is determined individually, but cannot be longer than 10 years since the moment of the implementation of the above goals.
VII. User permissions
- The administrator shall ensure implementation of permissions referred to in paragraph 2 below for Users. In order to implement permissions, send an appropriate request by e-mail to firstname.lastname@example.org or by post to the PDA address.
- User has a right to:
- access the content of data – in accordance with art. 15 of GDPR,
- rectify/update data – in accordance with art. 16 of GDPR,
- erase data – in accordance with art. 17 of GDPR,
- restrict data processing – in accordance with art. 18 of GDPR,
- transfer data – in accordance with art. 20 of GDPR,
- raise objection to data processing – in accordance with art. 21 of GDPR,
- withdraw given permission expressed in any time, however the withdrawal of consent does not affect the lawfulness of processing which has been granted before revoking the permission – in accordance with art. 7, paragraph 3 of GDPR,
- lodge a complaint to the supervisory authority, i.e. President of the Personal Data Protection Office – in accordance with art. 77 of GDPR.
- PDA examines requests that have been made without delay, but no later than one month after they were received. However, if, due to the complex nature of the request or the number of request, PDA cannot examine User’s request within the specified period, he will inform User of the intended extension and indicate the treatment of notification date, no longer than 2 months.
- PDA informs each recipient to whom personal data has been disclosed of rectification or erasure of personal data or restriction of processing, which has been carried out in accordance with User’s request, unless it will prove impossible or require disproportionate effort.
VII. Sharing data
- In order to perform the contract, PDA may share the data collected from you to entities including: employees, associates, courier companies, online payment system operators, entities providing IT services to us. In such cases, the amount of data transmitted is limited to the required minimum. Furthermore, the information provided by you can be made available to the appropriate public authorities, if required by the law.
- Recipients not indicated above are not granted access to processed personal data outside in a form that might make possible any form of Users identification, unless User has consented to it.
VIII. Technical measures
- PDA makes every effort to secure your data and protect it from third parties, as well as performs safety oversight of data throughout the period of processing in a way to guarantee the protection against unauthorized access by third parties, damage, distortion, destruction or loss of data.
IX. Transfer of personal data outside the European Economic Area
- Personal data of Users is not transferred to countries outside the EEA. The administrator uses servers to store data located in countries belonging to EEA.
- Cookies used by PDA are safe for User’s Device. This way especially, it is not possible for virus, malware or unwanted software to enter Users’ Devices. These files allow to identify software used by User and customize the service individually for each user. Cookies typically contain the name of domain which they come from, the time of storing them on the Device and the assigned value.
- Types of cookies:
- session cookies: are stored on User’s Device and remain there until the end of the browser session. The saved information is then permanently deleted from the Device’s memory. The session cookies mechanism doesn’t allow downloading any personal data or confidential information from User’s Device;
- persistent cookies: are stored on User’s Device and remain there until they are deleted. Ending of browser session or switching off the Device does not result in removing them from the User’s Device. The persistent cookies mechanism doesn’t allow downloading any personal data or confidential information from User’s Device.
- User has an option to limit or disable access of cookies to his Device. In case of enabling this option, the use of service is still possible, except for the features that require cookies by their very nature. It is recommended to use software with cookies enabled.
- service configuration;
- identifying the service User’s Device and its location to display website accordingly, customized to his individual needs;
- remembering the history of visited pages on site to recommend content;
- authentication of user in service and ensuring that his session is maintained on site;
- correct configuration of selected service features, particularly allowing verification of the authenticity of the browser session – ensuring security and reliability;
- optimizing and improving the efficiency of the services provided;
- analytics and viewership studies.
XI. Privacy and policy cookies change
- This document does not restrict any rights of User in accordance with applicable law.