- Korff Isolmatic Spółka z ograniczoną odpowiedzialnością with registered office at ul. Lotnicza 12, Wojnarowice, 55-050 Sobótka, entered into the National Court Register (KRS) by the District Court for Wrocław-Fabryczna, 6th Commercial Division of the KRS, under KRS no.: 0000077092, NIP: 8990202326, REGON: 00597980400000.
- Respecting your rights as a personal data subjects (data subjects) and respecting applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, RODO, the Personal Data Protection Act (hereinafter referred to as the Act) and other relevant provisions on the protection of personal data, we undertake to maintain the security and confidentiality of personal data collected from you. All employees have been properly trained in the processing of personal data, and our company as a Data Controller has implemented appropriate security measures and technical and organizational measures to ensure the highest level of protection of personal data. We have implemented procedures and policies to protect your personal data in accordance with the GDPR, through which we ensure the lawfulness and fairness of the processes of data processing, and the enforceability of any rights you may have as data subjects. Additionally, where necessary, we cooperate with a supervisory authority in the Republic of Poland, that is the President of the Office for Personal Data Protection (hereinafter referred to as the POPDP).
- Any inquiries, requests or complaints regarding the processing of personal data by our company (Data Controller), hereinafter referred to as the Submissions, should be sent to the following e-mail address: email@example.com or in writing to the address of the Data Controller, that is Korff Isolmatic Sp. z o.o. In the content of the Submission, please clearly indicate:
a) data of the person or persons covered by the Submission,
b) event giving rise to the Submission,
c) present the requests and their legal basis,
d) indicate the expected way of dealing with the matter.
- We may collect the following personal information on our websites:
a) name and surname – for contact purposes, after submitting an inquiry through the contact form,
b) Telephone number – for contact purposes, after submitting an inquiry through the contact form,
c) e-mail address – for contact purposes, after submitting an inquiry through the contact form,
d) IP address of the device – information resulting from general rules of Internet connections such as IP address (and other information contained in system logs) is used by the Administrator of the website for technical purposes. IP addresses may be used for statistical purposes, in particular to collect general demographic information (e.g. on the region from which the connection is made).
- The provision of an e-mail address is necessary in order to receive response to the request made by the contact form, the provision of other contact details is optional and depends on your will.
- Your personal information is processed by our company as the Data Controller, in order to contact you and respond to your inquiry. In accordance with the principle of minimisation, we process only those categories of personal data which are necessary to achieve the purposes referred to in the preceding sentence.
- Personal data is processed for the period necessary to achieve the purposes listed in the preceding section. Personal data may be processed for a period longer than the period indicated in the preceding sentence, if such a right or obligation imposed on the Data Controller results from special provisions of law or if the service we provide is of a continuous nature.
- The source of Personal Data processed by the Data Controller are the data subjects.
- Your personal data is not transferred to third countries, under the GDPR.
- We do not share any personal data with third parties without the express consent of the data subject. Personal data without the consent of the data subject may be made available only to public law entities, that is authorities and administration bodies (e.g. tax authorities, law enforcement authorities and other entities authorised by generally applicable provisions of law).
- Personal data may be entrusted for processing to entities processing such data on behalf of our company as the Data Controller. In such a situation, we, as the Data Controller, enter into an agreement with the processor entrusting the processing of personal data. The processor processes the entrusted personal data, but only within the scope and for the purposes indicated in the data processing agreement referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to carry out our activities on the website. As the Data Controller, we entrust personal data for processing to entities:
a) providing hosting services for our website,
b) providing other services to us as the Data Controller, necessary for the current operation of the website.
- Personal data is not used for profiling by the Data Controller.
- According to the GDPR, any person, whose personal data is processed by us as the Data Controller, has right to:
a) be informed on the processing of personal data, referred to in Art. 12 of the GDPR – the data controllers are obliged to provide the persons whose data will be processed with the information specified in the GDPR (including their data, contact data of the Inspector of Personal Data Protection, purposes and legal grounds for the processing of personal data, recipients or categories of recipients of personal data, if any, or the period during which the data will be processed or the criteria for determining that period). This obligation should already be fulfilled at the time of data collection (e.g. while placing an order by the customer using an on-line shop) or, if the data are not obtained from the data subject, but from another source, within a reasonable period of time, depending on the circumstances. The controller may refrain from providing such information if the data subject has already obtained it,
b) access the personal data, referred to in Art. 15 of the GDPR – by providing us with personal data, you have the right to access and inspect them; however, this does not mean that you have the right to access all documents on which your data appear, because they may contain confidential information; However, you have the right to information which of your data and for what purpose is processed and the right to obtain a copy of your personal data, the first copy of which is issued free of charge, and for each subsequent copy in accordance with the GDPR is charged an appropriate administrative fee corresponding to the costs of making copies,
c) correct, supplement, update, correct personal data, referred to in Art. 16 of the GDPR – if your personal data has changed, please inform us, as the Data Controller, of this fact so that the data we have in our possession is accurate and up to date; also if there has been no change in your personal data, but for any reason the data is incorrect or has been saved in an incorrect manner (e.g. due to a typographical error), please inform us so that the data can be corrected or rectified,
d) data erasure (right to be forgotten), referred to in Art. 17 of the GDPR – in other words, you have the right to “delete” any data we, as the Data Controller, hold, and the right to request that we, as the Data Controller, inform other controllers to which we have transferred your data of the necessity to delete such data. You may request the deletion of your personal data in the first place if:
- the purposes for which the personal data was collected has been achieved, e.g. we have fully implemented the sales agreement concluded with you;
- the processing of your personal data was based solely on your consent, which was subsequently revoked and there are no other legal grounds for further processing of your personal data;
- you have objected pursuant to Art. 21 of the GDPR and you believe that we do not have any prevailing legal grounds for further processing of your personal data;
- your personal data has been processed illegally, i.e. for illegal purposes or without any basis for processing your personal data – please note that in such a case you must have a reason to request it;
- the need to erase your personal data results from the provisions of law,
- personal data relate to a minor and have been collected in connection with the provision of information society services,
e) processing restrictions, referred to in Art. 18 of the GDPR – you can apply to our company for limiting the processing of your personal data (which would consist in the fact that, until the matter is clarified, our company would first of all only store the data), if:
- you dispute the adequacy of your personal data;
- you believe that we process your data without a legal basis, but at the same time you do not want us to delete your personal data (i.e. you do not exercise the right referred to in the preceding item);
- you have submitted an objection under item (f) of this section;
- your personal data is needed to establish, pursue or defend claims, e.g. before court;
f) data transfer, referred to in Art. 20 of the GDPR – you have the right to obtain your data in a format that allows you to read it on your computer, and the right to send it in this format to another data controller; you only have this right if you have consented to the processing of your data, or if the data has been processed automatically,
g) lodge an objection to the processing of personal data, referred to in Art. 21 of the GDPR – you have the right to object if you do not agree for us to process your personal data that we have processed until then, for legitimate purposes, in accordance with the provisions of law,
h) not being subject to profiling, referred to in Art. 22 in connection with Art. 4 section 4 of the GDPR – you will not be subject to automated decision making or profiling within the meaning of the GDPR unless you express your consent for it; additionally, we will always keep you informed about profiling, should it take place,
i) filing a complaint with the supervisory authority (i.e. the President of the Office for Personal Data Protection) referred to in Art. 77 of the GDPR – if you believe that we process your personal data illegally or in any way violates the rights arising from the generally applicable provisions of the law on personal data protection.
- With regard to the right to delete data (the right to be forgotten), we would like to point out that according to the provisions of the GDPR, you do not have the right to exercise this right in the following situations:
a) the processing of your personal data is necessary for exercising your right to freedom of expression and information, e.g. if you have posted your data on a blog, in comments, etc.,
b) the processing of personal data is necessary in order for us to fulfil our legal obligations under the provisions of law – we cannot delete your data for the period necessary to fulfil our obligations (e.g. tax obligations), which are imposed on us by the provisions of law,
c) your data will be processed for the purpose of pursuing, determining or defending your claims.
- If you wish to exercise the rights referred to in the previous section, please send an e-mail to the following e-mail address: firstname.lastname@example.org
- Each detected security breach shall be documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, the data subjects and, if applicable, the POPDP (President of the Office for Personal Data Protection) shall be informed of such a breach.