§ 1 General provisions
- The controller of the personal data of the users of the website under the domain www.burkietowicz.pl is Grupa Burkietowicz sp.k. with its seat in Odolanów 36-430 ul. Kaliska 47. entered into the Register of Entrepreneurs of the National Court Register by the District Court Poznań – Nowe Miasto and Wilda in Poznań, IX Commercial Division of the National Court Register under the number 0000273583, NIP (tax identification number): 6222464097, REGON (statistical number): 251544033 (hereinafter referred to as: “controller”).
- Contact with the controller is possible:
(1) at the e-mail address: firstname.lastname@example.org
(2) in writing, to the controller’s address: ul. Kaliska 47, 36-430 Odolanów.
- The purpose of this Policy is to define the activities undertaken in respect of personal data collected through the controller’s website and related services and tools used by its users, as well as in the activity of concluding and performing contracts in contact outside the website.
- If necessary, the provisions of this Policy may be amended. The controller will communicate the change to the users by announcing the new content of the Policy. In the case of the database of persons who have given their consent to data processing by e-mail or who have provided e-mail data when performing contracts, it will also notify them of the change by e-mail.
§ 2 Purposes and grounds for processing personal data and storage of personal data
- We process your personal data in accordance with the General Data Protection Regulation, the Personal Data Protection Act, the Personal Data Protection Act of 10.05.2018, and the Electronic Services Act of 18.07.2002.
- In the case of the processing of personal data on the basis of an e-mail or complaint sent by the user, such processing shall be carried out on the basis of Article 6(1)(b) of the General Data Protection Regulation, according to which the processing is necessary in order to take action at the request of the data subject.
- If the user’s separate consent is obtained, his or her personal data may also be processed by the controller for marketing purposes, including sending of commercial information by electronic means to the e-mail address indicated by the user (Article 6(1)(a) of the General Data Protection Regulation).
- In the case of the conclusion and performance of a sales or service contract by the controller, the other party is obliged to provide the data necessary for the conclusion of the contract (which is a contractual requirement and, with regard to tax numbers, also a statutory requirement) and for this purpose the controller processes personal data (Article 6(1)(b) of the General Data Protection Regulation).
- In the case of research and analysis for the purpose of improving the performance of the available services (e.g. tracking tools), Article 6(1)(f) of the General Data Protection Regulation is indicated as the basis for data processing.
- We store your personal data for no longer than is necessary to achieve the purpose of the processing, i.e. until you withdraw your consent if the processing is based on such consent, until claims of the controller and the other party concerning the performance of concluded contracts become statute-barred (in the case of sales/service contracts, 2 years, counting by year end), and until an enquiry sent by e-mail is processed or the processing of complaints is completed.
- To the extent necessary for the proper functioning of the website, its functionality and the correct execution of payment operations (if such are carried out by the website), the website uses the user’s metadata. Metadata should be understood as the process of reading and recognizing, by the website’s IT system, the configuration and components of the computer used by the user in order to adapt the website to its capabilities and to establish a secure connection between the user’s computer and the website. It is important to note that such metadata cannot result in any identification of the user, nor is it in any way detrimental to the data stored on the computer. Nevertheless, the user has the right to withdraw consent to the processing of metadata at any time. This can be done by configuring your browser accordingly or by downloading the relevant plug-in provided by the producer of your browser. To do so, consult the software producer and its recommendations.
- The controller may use profiling for direct marketing purposes. Decisions made on its basis by the controller do not apply to the conclusion or refusal to conclude a contract or the possibility to use electronic services. The result of the use of profiling may be, for example, granting the person a discount, sending him or her a discount code, reminding him or her of unfinished purchases, sending a product proposal that may match the person’s interests or preferences, or offering better conditions compared to a standard offer. Despite the profiling, it is the individual who is free to decide whether to take advantage of the discount received in this way or the better terms and conditions and make a purchase. Profiling is based on the automatic analysis or prediction of a person’s behaviour on the controller’s website, e.g. by adding a specific product to the shopping cart, browsing a specific product page, or by analysing previous history of activity on the website. The condition for such profiling is that the controller has the personal data of the respective person in order to be able to subsequently send him or her e.g. a discount code.
- To the extent that is necessary for the proper functioning of the website, its functionality, the website may, during the use of the website by the user, collect other information, including but not limited to:
- IP address;
- device, hardware and software information, such as hardware identifiers, mobile device identifiers (e.g., Apple Identifier for Advertising [“IDFA”] or advertising identifier on an Android device [“AAID”]),
- platform type,
- settings and components,
- installed software
- necessary plug-ins;
- approximate geolocation data (based on IP address or device settings);
- internet browser data, including browser type and preferred language;
- Taking into account the nature, scope, context and purposes of the processing and the risk of infringement of the rights or freedoms of natural persons of different probability and gravity, the controller shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the Regulation and to be able to prove it. These measures shall be reviewed and updated if necessary. The controller applies technical measures to prevent the acquisition and modification by unauthorised persons, of personal data transmitted electronically.
§ 3 Data sharing
- The controller shall ensure that any personal data collected is used to fulfill obligations to users. The controller will not share information with third parties except in the following situations:
- a specific person expressly consents to such action beforehand, or
- if the obligation to provide such data results or will result from applicable laws, e.g. to law enforcement agencies.
- In addition, personal data of service recipients and customers may be transferred by the controller to the following recipients or categories of recipients:
- The controller may share anonymised data (i.e. data that does not identify specific users) with external service providers in order to better identify the attractiveness of advertisements and services to users, and in this regard, because of the seat of the software providers, the data may be transferred – subject to the rules of data protection – to third countries which, however, provide standard contractual provisions approved by the European Commission for the processing of personal data or which are duly authorised to do so on the basis of bilateral personal data processing agreements between the European Union and the third country in question, not being a member of the European Economic Area. These entities in the case of the controller are:
- Google LLC. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyse Web site statistics, Google Tag manager: used to manage scripts by easily adding code snippets to a website or application and to track users’ activities on the website, Google Ads used to display sponsored links in the search results of Google’s search engine and on cooperating websites as part of the Google AdSense programme,
- Meta Platforms, Inc. (registered office: 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook pixel used to track conversions from Facebook ads, optimise them based on collected data and statistics, and build a targeted audience list for future ads,
- Rocket Science Group LLC (registered office: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA) for the tools used to support the MailChimp newsletter.
- Third-party analytics technologies integrated with the controller’s services (including SDKs [Software Development Kits] and APIs [Application Program Interfaces]) may combine data collected in connection with your use of the controller’s website with information they have collected separately over time and/or across different platforms. Many of these companies collect and use information based on their own data protection policies, which can be found on their websites. The controller recommends to read these policies.
- When sharing data with third parties, the controller makes every effort to ensure that this is done only with entities certified under the (former) EU-US and Switzerland-US Privacy Shield programmes, which are available at www.privacyshield.gov. Such entities, when using information from the European Economic Area (EEA), will do so in accordance with the Accountability for Onward Transfer principle of the Privacy Shield programme. Where appropriate, the controller will rely on EU standard contractual clauses and other protections to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union of 16 July 2020 in relation to the EU-US Privacy Shield and the European Data Protection Board guidelines, the controller continues to assess the legal system of the countries to which data is transferred and, where necessary, updates measures to ensure adequate levels of protection.
§ 4 User’s rights
- The user whose personal data the controller processes has the right to:
- access, rectification, restriction, erasure and portability. The data subject has the right to request from the controller access to his/her personal data, rectification, erasure (“right to be forgotten”) or restriction of processing. He or she also has the right to object to the processing and has the right to portability of his or her data. The detailed conditions for exercising the rights indicated above are specified in Articles 15-21 of the GDPR Regulation.
- withdraw consent at any time – a person whose data is processed by the controller on the basis of expressed consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation) has the right to withdraw consent at any time without affecting the validity of the processing performed on the basis of the consent before its withdrawal.
- lodge a complaint to the supervisory authority. The person whose data the controller processes has the right to lodge a complaint to the supervisory authority in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection in Warsaw.
- object – the data subject has the right to object at any time – for reasons related to his/her particular situation – to the processing of personal data concerning him/her based on Article 6(1)(e) (public interest or services) or (f) (legitimate interest of the controller), including profiling on the basis of these provisions. The controller in such a case is no longer allowed to process this personal data. Unless he indicates the existence of valid legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
- object to direct marketing – if the personal data are processed for the purposes of direct marketing (based on the legitimate interest of the controller, not on the basis of the data subject’s consent). The data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
- The exercise of the above rights is based on the user’s request sent to the email address email@example.com. Such a request should include the user’s first name and surname.
- The user ensures that the data he/she provides or publishes on the website is correct.
§ 5 Cookies
- Cookies are IT data, in particular text files, stored on the users’ end devices (usually on the hard disk of a computer or on a mobile device) for the purpose of storing certain settings and data by the user’s browser in order to use websites. These cookies allow the website to recognize the user’s device and display the website accordingly, ensuring comfort during use. The storage of cookies therefore allows the appropriate preparation of the website and the offer according to the user’s preferences – the server recognises the user and remembers, among other things, preferences such as visits, clicks, previous actions.
- Cookies contain, in particular, the domain name of the website from which they come, the duration of their storage on the end device and a unique number used to identify the browser from which the connection to the website is made.
- Cookies are used for the purpose of:
- customising the content of the websites to the user’s preferences and optimising the use of the websites,
- creating anonymous statistics which, by helping to determine how a user uses websites, make it possible to improve their structure and content,
- providing website users with advertising content customised to their interests.
Cookies are not used to identify you and we do not identify you on their basis.
- The main classification of cookies is as follows:
- Essential cookies- these are absolutely necessary for the proper functioning of the website or the functionality you wish to use, as we would not be able to provide many of the services we offer without them. Some of them also ensure the security of the services we provide electronically.
- Functional cookies – are important for the functioning of the website due to the fact that:
- they are used to improve the functionality of the websites; without them, the website will work correctly, but will not be adjusted to the user’s preferences,
- they are used to ensure a high level of website functionality; without them, the level of website functionality may be reduced, but their absence should not prevent you from using it at all,
- they are used to provide most of the functionality of the websites; if they are blocked, some functions will not work properly.
- Business cookies- enable the implementation of the business model on which the website is based; their blocking will not make the entire functionality unavailable, but may reduce the level of service provided due to the website owner’s inability to generate revenue that subsidises its operation. Advertising cookies for example, fall into this category.
- Website configuration cookies – allow you to set functions and services on websites.
- Cookies for the security and reliability of websites – allow verification of authenticity and optimisation of website performance.
- Authentication cookies – allow to inform when the user is logged in, so that the website can show relevant information and functions.
- Session cookies – allow recording information about how users use the website. They may refer to the most frequently visited pages or to possible error messages displayed on certain pages. Session cookies used to record the so-called “session status” help to improve the services and enhance browsing experience.
- Cookies for processes on the website – enable the smooth functioning of the website and the functions available on it.
- Advertising cookies – enable the display of advertisements that are more interesting to users and more valuable to publishers and advertisers; these cookies can also be used to personalise advertising, as well as to display advertisements outside of websites.
- Location cookies – make it possible to adapt the information displayed to the user’s location.
- Cookies for analysis, research or audience auditing – allow the website owner to better understand the preferences of its users and, through analysis, improve and develop products and services. Usually, the website owner or research company collects information anonymously and processes data on trends, without identifying the personal data of individual users.
- Non-malicious cookies – includes cookies that are necessary for the proper functioning of the website and needed to enable the functionality of the website, but their operation has nothing to do with tracking the user
- Tracking cookies – used to track users, but do not include information that allows (without other data) to identify a specific user.
- Cookies are also used to make it easier for you to log in to your user account, including via social media, and to enable you to switch between sub-pages on websites without having to log in again on each sub-page. At the same time, cookies are used to secure websites, e.g. to prevent unauthorised access.
- As part of the cookies technology, the controller may use tracking pixels or clear GIF files in order to collect information about the user’s use of its services and their response to marketing messages sent by email. A pixel is software code that allows an object, usually an image the size of a pixel, to be embedded on a page, which provides the ability to track user behaviour on the web pages where it is located. Once the appropriate consent has been given, the browser automatically establishes a direct connection to the server storing the pixel, and therefore the processing of the data collected by the pixel is carried out under the data protection policy of the partner who administers the aforementioned server.
- The controller may use web log files (which contain technical data such as the user’s IP address) to monitor traffic on its services, troubleshoot technical problems, detect and prevent fraud and enforce the User Agreement.
- The controller indicates that the website does not respond to DNT signals, however, you may disable certain forms of online tracking, including certain analytics and customised advertising, by changing the cookie settings in your browser or through our cookie consent tools (if applicable).
- Detailed information on how to change your cookies settings and how to delete them on your own in the most popular web browsers is available in your browser’s help section and on the following pages (just click on the link):
- For detailed information about managing cookies on your cell phone or other mobile device, please refer to the user manual of your mobile device.