PRIVACY POLICY
I. GENERAL PROVISIONS
1.

This privacy policy of PZ Stelmach Sp. z o.o. website under the domain http://stelmach.pl is informative, which means that it is not a source of obligations for Users.

2.

Each time when this Privacy Policy refers to:

a.

a User, it should be understood as an entity for which services may be provided on the Website;

b.

a Webpage or Website, it should be understood as a webpage under the domain   http://stelmach.pl.

c.

a Personal Data Controller or a Data Controller, it should be understood as PZ Stelmach Sp. z o.o. with its seat in Opole at ul. Północna 22, 45-805 Opole, entered into the Register of Entrepreneurs of the National Court Register under No.: 0000275847, with a share capital of PLN 2,192,000.00, NIP (Tax ID No.) 7542889545, REGON (Business registry No.) 16011198800000, the registration files of which are kept by the District Court in Opole, 8th Economic Division of the National Court Register.

3.

The Data Controller of personal data collected via the webpage is ul.PZ Stelmach Sp. z o.o. Seated in Opole at ul. Północna 22, 45-805 Opole, entered into the Register of Entrepreneurs of the National Court Register under No.: 0000275847, with a share capital of PLN 2,192,000.00, NIP (Tax ID No.) 7542889545, REGON (Business registry No.) 16011198800000, the registration files of which are kept by the District Court in Opole, 8th Economic Division of the National Court Register.

4.

In all matters related to the processing of personal data, you can contact the Personal Data Controller in the following way:

a.

using this phone number: +48 77 54 90 100,

b.

at the e-mail address: biuro@stelmach.pl,

c.

by letter to the following address: ul. Północna 22, 45-805 Opole.

5.

Users' personal data are processed in accordance with generally applicable law, in particular according to the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation), the Act of 10 May 2018 on the protection of personal data (i.e. Dz. U. of 2019, item 1781) and the Act of 18 April 2002 on the provision of electronic services (i.e. Dz. U. of 2020, item 344)

6.

The Data Controller exercises due diligence to protect the interests of data subjects, and in particular ensures that the data collected by him are processed in accordance with the law; they are collected for designated, lawful purposes and are not subjected to further processing inconsistent with these purposes; factually correct and adequate in relation to the purposes for which they are processed and stored in a form that allows the identification of persons to whom they relate, not longer than it is necessary to achieve the purpose of processing.

II. PURPOSES AND TIME OF PROCESSING, AND DATA RECIPIENTS
1.

Each time the purpose, scope and recipients of data processed by the Data Controller result from actions taken by the User on the webpage.

2.

The possible purposes of collecting Users' personal data by the Data Controller and the legal bases assigned to them are as follows:

a)

conclusion and performance of a contract - art. 6 letter b of the GDPR

b)

consideration of negative comments and complaints - art. 6 sec. 1 letter c of the GDPR

c)

pursuing claims related to a concluded contract - art. 6 sec. 1 letter f of the GDPR, where the legitimate objective is to pursue claims, until the final completion of the proceedings, including enforcement proceedings

d)

archiving of settlement documents - art. 6 sec. 1 letter c of the GDPR

e)

conducting marketing activities of own products and services without the use of electronic communication means - Article 6 sec. 1 letter f of the GDPR, where the legitimate objective is to conduct marketing activities promoting the conducted activity, until an objection is raised.

f)

conducting marketing activities of own products and services with the use of electronic communication means - if you have granted your consent - art. 6 sec.1 letter a of the GDPR;

g)

handling of notifications and other requests addressed to the Data Controller using the contact form or in another form using the Data Controller's data available on the Webpage - art. 6 sec.1 letter f of the GDPR, where the legitimate interest is to respond to requests and inquiries using the contact form or in any other form, including ensuring accountability of actions taken.

3.

Personal data are processed for the time necessary to achieve the purposes for which they were collected, in particular for the period of:

a)

analysis of the User's request submitted before the conclusion of a contract;

b)

in the event of concluding a contract, the User's personal data will be processed for the duration of the contract, and after this period until the expiry of the limitation period for any claims arising from generally applicable law, including in particular civil law, or until the Data Controller completes the investigation or defence of claims;

c)

data contained in the books and related settlement documents, including accounting documents, will be processed for the period required by the provisions of the Accounting Act and tax law;

d)

data obtained on the basis of the User's voluntary consent will be processed until it is withdrawn,

e)

data processed on the basis of art. 6 sec.1 letter f of the GDPR will be processed not longer than until the User submits an objection, unless the Data Controller has valid legitimate grounds for processing, overriding the interests, rights and freedoms of the person whose the data relates to (the User) or the basis for establishing, investigating or defending claims.

4.

The personal Data Controller may transfer data to the following categories of recipients:

a)

entities conducting business activities such as postal or courier services;

b)

entities enabling the Personal Data Controller to perform remote payment operations;

c)

banks, when it is necessary to conduct settlements;

d)

state authorities or other entities authorized under the provisions of law;

e)

entities providing billing services to the personal Data Controller;

f)

entities providing legal services to the personal Data Controller;

g)

entities supporting the personal Data Controller in the activities carried out on his/her behalf, in particular suppliers of external systems supporting the Data Controller's activities.

5.

Users' personal data are not transferred to a third country or an international organization.

III. RIGHTS WITH RESPECT TO PROCESSED DATA AND VOLUNTARY DATA PROVISION
1.

Each User is entitled to:

a)

the right to access the content of his/her data,

b)

the right to rectify, delete and limit the processing of his/her data,

c)

the right to transfer his/her data,

d)

the right to object,

e)

the right to withdraw consent to the processing of personal data at any time, if the basis for the processing of the User's data is his/her consent, while the withdrawal does not affect the lawfulness of the processing, which was carried out on the basis of consent before its withdrawal.

2.

The User may exercise the rights described in point III.1. letters a - e by sending a message to the personal Data Controller by traditional mail or e-mail to the contact details described in point I.4 of this Policy.

3.

The User has the right to lodge a complaint with the President of the Personal Data Protection Authority, if the User considers that the processing of his/her personal data violates the provisions on the protection of personal data, including the provisions of the GDPR.

4.

Providing data is necessary to conclude contracts, settle the conducted business, respond to requests, and to consider negative comments and complaints. In the remaining scope, providing data is voluntary.

IV. PROCESSING OF PERSONAL DATA IN AN AUTOMATED MANNER
1.

Users' personal data may be processed by the Data Controller of personal data in an automated manner; however, they will not be profiled or subject to automated decision making.

2.

This webpage uses cookies. Detailed information on what cookies are, what data are collected through them, and what they are used for can be found in the Information tab on cookies available on the webpage.

V. FINAL PROVISIONS
1.

The Data Controller uses technical and organizational measures to ensure the protection of the processed personal data that is appropriate to the threats and categories of data protected, in particular, protects the data against disclosure to unauthorized persons, their take over by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction.

2.

The Data Controller uses technical measures to prevent the acquisition and modification of personal data sent electronically by unauthorized persons.