Privacy Policy
Personal data controller
The controller of personal data within the meaning of Article 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons in connection with the
with the processing of personal data and on the free flow of such data and the repeal of Directive 95/46/EC (RODO) is Wiltex Spółka z ograniczoną odpowiedzialnością with its registered office in Wysogotowo at ul. Batorowska 56, 62-081 Wysogotowo, NIP: 7773231969, REGON: 302439890, entered in the Register of Entrepreneurs of the National Court Register under KRS number: 0000982166, registration court: District Court Poznań – Nowe Miasto and Wilda in Poznań, VIII Economic Department of the National Court Register, share capital: PLN 2,500,000.00.
Email address of the data controller: [email protected].
The controller pursuant to Article 32 (1) of the RODO shall observe the principle of personal data protection and shall use appropriate technical and organizational measures to prevent accidental or incompatible
lawful destruction, loss, modification, unauthorized disclosure of or unauthorized access to personal data processed in connection with its operations.
Provision of personal data by the customer is voluntary, but necessary in order to conclude a contract with the data controller.
The data controller processes personal data to the extent necessary to perform a contract or provide services to the data subject.
Scope of personal data processing
Depending on the purpose, the personal data controller processes the following data:
name;
official position;
email address;
phone number;
address of registered office/business;
tax ID number;
bank account number;
information about orders placed;
data included in the correspondence.
Sources for obtaining personal data
The administrator obtains personal data directly from customers through:
customer account registration;
placing an order;
contact the data controller;
subscribe to our newsletter
Purpose and basis of personal data processing
The Administrator processes personal data for the following purposes:
preparation of a commercial offer in response to a customer’s interest, which is a legitimate interest of the data controller (Article 6(1)(f) RODO);
Conclusion and execution of sales contracts with customers, based on the concluded contract (Article 6(1)(b) RODO);
Provision of services electronically through the Online Store, based on the concluded agreement (Article 6(1)(b) RODO);
handling of the complaint process, based on the data controller’s obligation under applicable laws (Article 6(1)(c) of the DPA);
Accounting related to the issuance and acceptance of billing documents, based on the provisions of tax law (Article 6(1)(c) of the DPA);
Archiving data for possible establishment, investigation or defense against claims or the need to prove facts, which is a legitimate interest of the data controller (Article 6(1)(f) RODO);
contact by phone, via email, a form on the website or a message sent via the controller’s social media (Facebook, Instagram), in particular in response to inquiries addressed to the controller, which is a legitimate interest of the controller (Article 6(1)(f) of the DPA);
Sending technical information regarding the operation of the Online Store and services used by the customer, which is a legitimate interest of the data controller (Article 6(1)(f) RODO);
marketing, which is its legitimate interest (Article 6(1)(f) of the RODO) or is based on previously granted consent (Article 6(1)(a) of the RODO);
to conduct social media on the terms specified by the functionalities of the individual social media and their rules and regulations, which is a legitimate interest (Article 6(1)(f) of the RODO).
Recipients of data. Transfer of data to third countries
Recipients of personal data processed by the data controller may be entities cooperating with the data controller, when this is necessary for the performance of a contract concluded with the data subject.
Recipients of personal data processed by the data controller may also be subcontractors – entities whose services are used by the data controller for data processing, e.g. accounting offices, law firms, IT service providers (including hosting services).
The data controller may be obliged to provide access to personal data on the basis of applicable laws, in particular to provide access to personal data to authorized state authorities or institutions.
Personal data in connection with the controller’s use of website analytics and tracking tools may be transferred to an entity based outside the European Economic Area, such as Google LLC or Meta Platforms Inc. As an appropriate data protection measure, the controller has agreed to standard contractual clauses in accordance with Article 46 RODO with the providers of these services. More information is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside- eu_en.
Period of storage of personal data
The data controller shall store personal data for the duration of the contract concluded with the data subject and after its termination for purposes related to the assertion of claims related to the contract, performance of obligations under the
from applicable laws, but for a period of time no longer than the statute of limitations under the Civil Code.
The data controller shall keep the personal data on the billing documents for the period indicated by the provisions of the Value Added Tax Law and the Accounting Law.
The data controller shall keep personal data processed for marketing purposes for a period of 10 years, but no longer than until you withdraw your consent to the processing or object to the processing.
The data controller shall keep personal data for purposes other than those indicated in paragraphs 1-3 for a period of one year, unless consent for data processing has been previously withdrawn, and data processing cannot be continued on any other basis than the consent of the data subject.
Rights of the data subject
Every data subject has the right:
access – to obtain confirmation from the controller as to whether his personal data is being processed. If data about a person is processed, he or she is entitled to access it and obtain the following information: the purposes of the processing, the categories of personal data, information about the recipients or categories of recipients to whom the data have been or will be disclosed, the duration of data storage or the criteria for determining it, the data subject’s right to request rectification, erasure or restriction of the processing of personal data, and to object to such processing (Article 15 of the RODO);
to obtain a copy of the data – to obtain a copy of the data being processed, with the first copy being free of charge, and for subsequent copies the controller may charge a reasonable fee based on administrative costs (Article 15(3) of the RODO);
To rectify – to request the rectification of personal data pertaining to it that is incorrect or the completion of incomplete data (Article 16 RODO);
to erasure – to request the deletion of her personal data if the controller no longer has a legal basis for processing it or the data are no longer necessary for the purposes of processing (Article 17 of the DPA);
to restrict processing – request restriction of processing of personal data (Article 18 RODO), when:
the data subject questions the accuracy of the personal data – for a period that allows the controller to verify the accuracy of the data,
processing is unlawful, and the data subject objects to the erasure of the data by requesting restriction of its use,
the controller no longer needs the data, but it is needed by the data subject to establish, assert or defend a claim,
the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds of the data subject’s objection;
to data portability – to receive in a structured, commonly used, machine-readable format the personal data concerning him or her that he or she has provided to the controller, and to request that the data be sent to another controller if the data are processed on the basis of the data subject’s consent or a contract with him or her, and if the data are processed by automated means (Article 20 RODO);
to object – to object to the processing of his or her personal data for legitimate purposes of the controller, on grounds related to his or her particular situation, including profiling. The controller shall then assess the existence of valid legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the controller will be obliged to cease processing for those purposes (Article 21 of the DPA).
In order to exercise the above-mentioned rights, the data subject should contact, using the contact information provided, the controller and inform him/her of which right and to what extent he/she wishes to exercise it.
The data subject has the right to file a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection in Warsaw.
Profiling
Personal data obtained by the controller may be processed by automated means – including profiling. The profiling of personal data carried out by the controller consists of evaluating selected information about the data subject for the purpose of analyzing and forecasting personal preferences and interests, in particular for the possibility of providing the data subject with a personalized offer.
Automatic data processing performed by the data controller does not produce any legal consequences for the data subject.
The data subject may object to the automated processing of his or her data at any time.
Google Analytics
The administrator uses Google Analytics, a web analytics service provided by Google Inc. based in the USA.
Google Analytics uses cookies to analyze your use of the website. The information produced by the cookie about the use of the website is transmitted to and stored on Google’s server. At the request of the Administrator, Google will use this information to analyze users’ use of the website in order to prepare reports on website activity and to provide other services related to website and Internet use to the requesting entity.
The data will not be used to identify any individual.
Users may prevent the storage of cookies through appropriate browser settings; however, if they do so, they will not be able to use the full functionality of the website. In addition, users can prevent the collection by Google of data created by cookies and relating to their use of the website (including IP address) as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=pl.
At any time, you may object to the collection and processing of data related to your use of the Google website by downloading and installing a plug-in in your browser, which is available at the following address: https://tools.google.com/dlpage/gaoptout?hl=en.
Facebook pixel
The administrator uses Facebook Pixel, an analytics tool that helps measure the effectiveness of ads based on analysis of users’ actions on the site.
The administrator uses the Facebook Pixel tool to target the customer with personalized Facebook ads. This involves the use of Facebook cookies. The legal basis for the Administrator’s use of the Facebook Pixel tool is Article 6(1)(f) RODO.
Using the Crisp tool – live chat
Data controller
We use Crisp Live Chat on our website, provided by Crisp IM SARL (privacy policy), a company based in France. This tool allows us to contact users of our site in real time.
Scope of data processed
The following data may be collected when using the Crisp service:
Information that the user himself provides during the conversation (e.g., name, e-mail address, phone number, message content);
Technical data about the user’s device (e.g. IP address, browser type, operating system);
Data on user activity on the site (e.g. pages viewed, time of visit, clicks).
Purpose of data processing
Data processed as part of the Crisp service is used for:
Enable real-time contact,
Responses to user inquiries,
Improve customer service and statistics analysis.
Legal basis for data processing
Crisp data processing is carried out on the basis of:
Article 6(1)(f) RODO (our legitimate interest in serving users),
Article 6(1)(a) of the RODO, if you consent to the processing of your data.
Data storage
Data is kept by Crisp for the period necessary to fulfill the purpose for which it was collected, or in accordance with applicable laws.
Data sharing
User data may be processed by Crisp as a processor, in accordance with the data processing entrustment agreement.
User rights
The user has the right:
Access to your data;
Rectification, deletion or restriction of data processing;
Object to data processing;
Data transfers;
File a complaint with the supervisory authority.
Cookies and tracking technologies
Crisp may use cookies or similar technologies to provide services. For details on the cookies used, please refer to our [Cookie Policy].
We have opened a new website for everyone from Lithuania