Personal data protection policy
In this Personal Data Protection Policy, we inform you what personal data are collected by the Administrator (see the next point), for what purposes and how the Administrator uses them and what rights the persons whose personal data the Administrator have.
This document is the instruction referred to in Art. 13 section 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general of the Data Protection Regulation), hereinafter referred to as "GDPR".
Personal data administrator
The administrator of personal data is Betafence Sp. z o. o. with its registered office in Kotlarnia, ul. Dębowa 4 , registered in the Register of Entrepreneurs of the National Court Register kept by the District Court in Opole, 8th Commercial Division of the National Court Register under KRS number 0000241242, NIP number 7491989655, REGON number 160041472, share capital (fully paid up): PLN 7,070,000.00 (hereinafter referred to as the "Administrator").
Contact details to the Administrator:
- by post, to the address: Betafence Sp. z o. o., ul. Dębowa 4, 46-246 Boiler room,
- electronically, to the e-mail address: firstname.lastname@example.org
Personal data inspector
The administrator has appointed the Inspector of Personal Data Protection, to whom you can address any inquiries or requests regarding personal data:
- by post, to the following address: Bożena Krawczuk, Personal Data Protection Inspector, Betafence Sp. z o. o., ul. Dębowa 4, 46-246 Boiler room,
electronically, to the e-mail address: email@example.com
Purpose of personal data processing
Personal data provided to the Administrator when concluding a sales contract and during its performance are used for the following purposes:
- conclusion and performance of a sales contract (legal basis: Article 6(1)(b) of the GDPR):
- identification of the parties to the sales contract concluded in the Betafence Sp. z o. o.,
- supply of goods,
- complaints service,
- handling correspondence addressed to the Betafence Sp. z o. o. (e.g. via the contact form);
- fulfillment of the legal obligation incumbent on the Administrator (legal basis: Article 6(1)(c) of the GDPR), e.g. by providing personal data to the competent public administration authorities, including at the request of the court, police, etc.;
- implementation of the Administrator's legitimate interests (legal basis: Article 6(1)(f) of the GDPR), e.g.:
- providing support for payment services offered in the Betafence Sp. z o. o.,
- handling correspondence addressed to the Betafence Sp. z o. o. (e.g. via the contact form),
- participation in court, arbitration and mediation proceedings (e.g. for debt collection),
- storing personal data for archival purposes,
- investigating and detecting violations of the law, abuses and preventing them;
- achievement of goals based on the consent of the person who provided the Administrator with their personal data (legal basis: Article 6(1)(a) of the GDPR), e.g.:
- using the Betafence Sp. z o. o.,
- transfer by Betafence Sp. z o. o. information on products and services and promotions,
- transfer by Betafence Sp. z o. o. information on events or actions of various nature (e.g. promotional, social, charity campaigns), which can be done electronically (e-mail, newsletter), by phone (call, SMS) or by post (traditional mail).
Is providing personal data mandatory?
- Providing personal information is voluntary.
- However, providing personal data necessary to conclude and perform a sales contract is necessary to conclude a sales contract in the online store.
- Whenever the provisions of applicable law (e.g. regarding tax obligations) require the Administrator to provide a different scope of personal data of the online store customer, the Administrator will ask for such data, and their provision will be necessary in order to conclude and perform the sales contract (or another sales contracts).
- Providing personal data for direct marketing purposes is voluntary. Providing this data is not necessary in order to conclude a sales contract.
Transfer of personal data
The administrator may transfer personal data to the following entities (in each case, the scope of transfer of personal data will be minimally necessary to achieve the following purposes):
- employees and associates who must have access to data to be able to perform obligations under the sales contract;
- entities processing data on behalf of the Administrator , participating in:
- sale of goods and services of Betafence Sp. z o. o. or organization of marketing campaigns,
- use of ICT systems or tools,
- performing certain activities related to the implementation of the sales contract (e.g. supplier, entity verifying submitted complaints),
- providing the Administrator with advisory, audit and legal services;
- other data controllers processing data on their own behalf:
- entities cooperating in the organization of marketing campaigns or customer service,
- entities conducting payment activities (banks, entities servicing electronic payments),
- entities providing advisory, audit and legal services to the Administrator, to the extent that they become the data administrator.
- state authorities , e.g. courts, prosecutor's office, tax authorities, police.
Transfer of personal data outside the European Economic Area
Currently, the Administrator does not and does not intend to transfer personal data outside the European Economic Area.
Personal data retention period
- If the use of personal data results from the consent of the entity to which they relate, the use lasts until the consent is withdrawn.
- With regard to the data provided in connection with the concluded sales contract, the data retention period includes the time during which it is possible to pursue claims in connection with the performance of the contract, up to a maximum of 6 years from the sales contract, and in the event of a court dispute, up to 6 years from the date of validation issued on the judgment ending the dispute.
- All data will also be stored for the periods specified in the regulations (e.g. tax regulations), if they are longer than those indicated above. The same applies to situations where the need to store data for a longer period of time will result from the protection against negative legal consequences of failure to do so.
Automatic decision making
- Profiling of personal data consists in their data processing (also in an automated manner), by using data to evaluate certain information, including the analysis or forecast of personal preferences and interests of the data owner.
- For this purpose, the data will be used only on the basis of the consent of the data owner . However, decision-making will not be automated and will not have any legal effect on the data owner or similarly significantly affect his situation.
Rights of the owner of personal data
- The owner of personal data has the following rights:
- the right to access personal data,
- the right to information about personal data,
- the right to obtain a copy of personal data,
- the right to rectify personal data if they are incorrect
- the right to supplement personal data if they are incomplete,
- the right to request the deletion of personal data,
- the right to limit the processing of personal data,
- the right to transfer personal data,
- the right to lodge a complaint with the personal data protection authority in the event of unlawful processing of your personal data (protection authority: President of the Personal Data Protection Office, address: ul. Stawki 2, 00-193 Warsaw),
- the right to withdraw consent to the processing of personal data at any time without giving any reason,
- the right to object to the processing of personal data for marketing purposes, including the so-called profiling;
- the right to object to the processing of personal data for the purposes resulting from the so-called legitimate interests (see: Purpose of personal data processing, point 3) for reasons related to a particular situation;
- With any request indicated in point 1, the owner of personal data may apply to the Administrator at any time by sending them to the Inspector for Personal Data Protection (to the address indicated in the introduction).
- After receiving such a request, the Administrator of the Mom will immediately provide information about the actions taken in connection with the submitted request, no later than within the period of receipt of the request. For justified reasons, due to the complicated nature of the request or the number of requests, the deadline referred to above may be extended by 2 months, of which the owner of the personal data will be informed.
- In the event of justified doubts as to the identity of the person making the request, the Administrator may ask for additional information necessary to confirm the identity of the person making the request.
- Within the time limit specified in point 3 The administrator will inform about the reasons for not taking action in accordance with the request and about the possibility of lodging a complaint by the requesting party to the President of the Office for Personal Data Protection and the use of legal protection measures before the competent common court.
- The applicant will receive the information referred to in point 3-5, in one of the ways selected by the Administrator:
- in writing, by registered mail, to the postal address indicated by the applicant
- electronically, to the e-mail address indicated by the requesting party,
- the applicant submits the request electronically and does not request information in a different form - then the information referred to in point 3-5, the requesting party will receive to the indicated e-mail address;
- the applicant requested the information orally, provided that his identity is confirmed, in which case the information will also be provided orally.
- As a rule, all requests and actions of the Administrator are free of charge for the data owner. However, if the requests are obviously unjustified or excessive (e.g. due to their continuous nature), the Administrator will be able to:
- charge a fee, taking into account the administrative costs of providing the information, responding or taking the requested action, or
- refuse to act on the request.
- If the request to rectify, supplement, delete or limit the processing of personal data is justified, the Administrator will take appropriate action in this regard and will inform each entity to whom the personal data has been transferred (data recipient) about the execution of the request. Informing such entities will not take place if it is not impossible (e.g. the given entity does not exist) or it will require a disproportionately large effort (e.g. due to the lack of ordinary contact with the recipient of the data).
- At the request of the data owner, the Administrator will provide him with information about the recipients of the data to whom the information indicated in point. 8 and about recipients who could not be contacted (point 8 sentence 2).