Privacy Policy CENTRUM DYSTRYBUCJI TECHNICZNEJ FUTURE BRANDS SP. Z O.O.
Version effective from 22 February 2023.
I. GENERAL PROVISIONS
- This privacy policy sets out the principles and scope of the processing of the User’s personal data, his/her rights as well as the obligations of the controller of such data, and also informs about the use of cookies.
- The controller of the personal data is Centrum Dystrybucji Technicznej Future Brands Sp. z o.o. with its registered office at the following address: 32-086 Węgrzce, ul. Forteczna 8, entered in the Register of Entrepreneurs kept by the District Court for Kraków – Śródmieście in Kraków, XII Commercial Division, under KRS number 0001020801, NIP: 5130284122 (hereinafter: “Controller“).
- A user is a natural person, a legal person or an organisational unit without legal personality, to which legal capacity is granted by law, who uses the electronic services available on the cdtech.pl website, and who makes contact with the Controller by means of the Controller’s e-mail address or telephone number disclosed on this website.
- The Controller uses state-of-the-art technical measures and organisational solutions to ensure a high level of protection of the personal data processed and to safeguard against unauthorised access.
II. PURPOSE OF PROCESSING PERSONAL DATA
The Controller processes the User’s personal data in order to contact the User in connection with the User’s interest in the services provided by the Controller, including responding to e-mails sent to the Controller.
III. TYPE OF DATA AND METHOD OF STORAGE
- The Controller processes the personal data required to contact the User, namely: given name, surname, e-mail address and/or telephone number, as well as the content of the message addressed to the User.
- Personal data may be processed:
a) in the traditional way – in files, lists and other record collections;
b) in information systems. - The Controller may store the content of recorded telephone conversations after notifying the User prior to the call taking place.
IV. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
- Personal data shall be processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), OJ.EU.L.2016.119.1, hereinafter: the “GDPR Regulation“.
- The basis for the processing of personal data is Article 6(1)(a, b, c, f) of the GDPR Regulation.
- The Controller processes personal data after obtaining the User’s prior consent. By making contact by telephone or e-mail, the User consents to the processing – under the terms of this Privacy Policy – of his or her personal data for the purpose of contact on his or her part.
- Giving consent to the processing of personal data is entirely voluntary. However, failure to consent to the processing of personal data may prevent the purpose of the User’s contact with the Controller .
- The User’s personal data shall be processed in accordance with the provisions of the Personal Data Protection Act of 10 May 2018 (Journal of Laws 2019.1781 t.j. as amended ).
VI. RECIPIENTS OF PERSONAL DATA
- The User’s personal data may be shared by the Controller with the following:
a) persons working for the Controller on a basis other than a contract of employment,
b) entities providing accounting, payment services to the Controller,
c) postal or courier operators,
d) other entities with the help of which the Controller performs its contractual obligations, provides electronic services and performs its rights and obligations arising from these contracts, and thus, establishes contact with the User. - The Controller may be obliged to provide access to the User’s personal data to entities authorised to request such access under generally applicable laws, in particular law enforcement agencies.
VI. USER RIGHTS
- The user may at any time request information from the Controller about the extent of the processing of personal data.
- The user may request the correction or rectification of their personal data at any time.
- The User may withdraw his or her consent to the processing of personal data at any time, without stating a reason. The withdrawal of consent will result in the User’s data being deleted. The withdrawal of consent does not affect the activities already carried out.
- The user may at any time request, without stating a reason, that the Controller delete their data. The request for deletion of data does not affect the activities already carried out.
- The User may object at any time to the processing of personal data, both with regard to all the User’s personal data processed by the Controller, as well as to a limited extent. The objection does not affect the activities carried out so far.
- The User may request the restriction of the processing of personal data, either for a specific period of time or without a time limitation but within a specific scope, which the Controller will be obliged to comply with. This request does not affect the activities already carried out.
- The user may request the transfer of his/her personal data.
- The user has the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.
- The Controller shall inform the User of the action taken, before one month has elapsed from the receipt of one of the requests mentioned in the previous paragraphs.
VII. RETENTION PERIOD OF PERSONAL DATA
- As a general rule, personal data is stored for as long as necessary to fulfil the contractual or statutory obligations for which it was collected. The data will be deleted immediately when storage is no longer necessary, for evidential purposes or in connection with a statutory retention obligation.
- Information relating to the concluded contract is stored for evidential purposes, for a period of up to six months after the expiry of the limitation period for User claims (usually 3 or 6 years calculated from the end of the year in which the contract was fulfilled) or the expiry of the limitation period for public law obligations (e.g. taxes, usually 5 years from the end of the year in which the contract was fulfilled) relating to the fulfilment of the purpose of the User’s contact with the Controller. Deletion of the data will take place after the expiry of this period.
VIII. COOKIES
- The cdtech.co.uk website uses cookies, i.e. small files stored on the computer or other device (tablet, phone, etc.) used by the user to visit the website.
- The website uses:
a) session cookies, i.e. files that are permanently deleted from the memory and the device on which they were stored when the browser window is closed;
b) permanent cookies, i.e. cookies that remain on the device until they are manually deleted. - Cookies collect the following data: IP address, type of browser and operating system, language, internet service provider, time, date and location information.
IX. FINAL PROVISIONS
- Apart from the purposes indicated in this Privacy Policy, Users’ personal data shall not be shared with third parties or transferred to other entities.
- Personal data of website users is not transferred outside the European Union.
- Personal data is not processed by automated means and is not profiled.
- This Privacy Policy complies with the provisions arising from Article 13(1) and (2) of the GDPR Regulation.
- The Controller may amend this Privacy Policy at any time by posting a new version on the cdtech.pl website. Amendments to the Privacy Policy will not apply to data collected prior to the amendment, unless the User re-establishes contact with the Controller in accordance with Article I, paragraph 3.