PRIVACY POLICY

1. Introduction

This Privacy Policy sets out the rules for the processing of personal data by Nowa Tepro Ltd. with its registered office in Gdańsk, 12/2 Sienkiewicza Street, 80-227 Gdańsk (hereinafter referred to as the “Controller”) in connection with the use of the website https://www.nowa-tepro.pl/ (hereinafter referred to as the “Site”). In all matters related to the processing of personal data, you can contact the DPO at e-mail address: rodo@nowa-tepro.pl. Caring for the privacy of users, we are committed to protecting their personal data in accordance with applicable laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 04.05.2016, p. 1), hereinafter “GDPR”.

2. Personal data collected

The Controller collects the following categories of users’ personal data:

1. Identification data provided voluntarily by the user through the contact form available on the Site: name, e-mail address, telephone number,
2. Site usage data: information about interactions with the Site, such as IP address, browser type, time of use of the Site,
3. Cookies that make it possible to recognize the device the user is using and appropriately display the Site tailored to the user’s individual preferences. Cookies are not harmful to the user’s device or its software, in particular its configuration. The user can change his/her browser settings regarding Cookies at any time.

3. Period, purpose and basis for processing personal data

Personal data collected through the contact form or directly to the Controller’s email address will be processed on the basis:

Article 6(1)(f) of the GDPR in order to respond to requests and inquiries – for 1 year from the date of expiration of the deadline for responding to the inquiry;

Article 6(1)(b) of the GDPR for the purpose of negotiating or taking pre-contractual action with the Controller, for the period of negotiation or action, but no longer than 1 year;

1. Personal data collected as part of marketing activities will be processed on the basis of Article 6(1)(f) GDPR for the purpose of sending information about products, promotions and events organized by the Controller, until you object to the processing;
2. Personal data within the framework of analysis and research will be processed on the basis of Article 6(1)(f) GDPR in order to monitor activity on the Site, improve it and customize the Site for users, until such time as you object to the processing;
3. Personal data collected for the purpose of establishing, investigating or defending against claims will be processed on the basis of Article 6 (1) (f ) of the GDPR, until the statute of limitations for such claims, and in the case of pending litigation, until its final conclusion.

4. Source of obtaining personal data

Personal information is obtained directly from users of the Site on a voluntary basis.

5. Profiling

The Controller does not perform profiling. Profiling is a form of automatic use of personal data to evaluate selected characteristics of a person based on information collected about him.

6. Automatic decision-making

The Controller does not make decisions by automated means.

7. Transfer of data to third countries

Personal data obtained through the Site will not be transferred to third countries outside the European Economic Area, unless required for the proper performance of the concluded contract. In that case, the data may be transferred to third countries outside the European Economic Area, ensuring an adequate degree of personal data protection.

8. Recipients of personal data

Recipients of personal data will be processors who process the acquired personal data on behalf of the  Controller on the basis of an agreement concluded with the Controller for the entrustment of personal data processing, e.g. those providing IT services, security services, legal services, HR and accounting services, etc.

9. Security of personal data

The Controller shall take appropriate measures to protect personal data to ensure its security, including pseudonymization or password technology and limiting access to personal data to authorized persons only.

10. Rights of data subjects

With respect to the data processed by the Controller, data subjects are entitled to:

1. Pursuant to Article 7 of the GDPR, the right to withdraw the consent given at any time. The withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal;
2. Under Article 15 of the GDPR, the right of access to personal data;
3. Under Article 16 of the GDPR, the right to rectify personal data;
4. Under Article 17 of the GDPR, the right to erasure of personal data;
5. Pursuant to Article 18 GDPR, the right to request the Controller to restrict processing personal data;
6. The right to portability of personal data referred to in Article 20 of the GDPR;
7. Pursuant to Article 21 GDPR, the right to object to the processing of personal data, to the extent that the basis for the processing of personal data is the premise of the legitimate interest of the Controller;
8. The right to lodge a complaint with the President of the Office for Personal Data Protection when the processing violates the provisions of the GDPR.