Privacy Policy

PRIVACY POLICY OF THE WEBSITE
WWW.MAZZONI.PL

§1
GENERAL PROVISIONS

1. The controller of personal data collected via the website www.mazzoni.pl is Tomasz Duczmal, conducting business activity under the name MAZZONI Tomasz Duczmal, entered into the Central Register and Information on Economic Activity (CEIDG) kept by the competent minister for the economy, place of business and address for service: ul. Jarosława Stryczyńskiego 2a, 63-750 Sulmierzyce, NIP (Tax ID): 6211242051, REGON: 300016167, e-mail address: [email protected], hereinafter referred to as the “Controller”.

2.Personal data collected by the Controller via the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “GDPR”.

3. In matters related to the processing of personal data, you can contact the Controller via e-mail at: [email protected] or in writing at the address indicated in point 1.

§2
TYPE OF PERSONAL DATA PROCESSED, PURPOSES, LEGAL BASES AND DATA RETENTION PERIODS

1. Data processed in connection with the contact form

  1. The Controller processes the personal data of users of the website www.mazzoni.pl when they use the contact form available on the website.
  2. When using the contact form, the user provides at least the following data:
  • first name and surname,
  • e-mail address,
  • optionally, telephone number (if provided),
  • content of the message and any other personal data voluntarily included in the correspondence

3. Purposes and legal bases of processing:

1. providing a reply to an enquiry, conducting correspondence and handling the matter to which the enquiry relates – the legal basis is Article 6(1)(f) GDPR, i.e. the Controller’s legitimate interest in conducting correspondence with persons interested in its offer, handling enquiries and building business relations;

2. if the correspondence leads to the conclusion of a contract or is related to its performance – the legal basis is Article 6(1)(b) GDPR (processing necessary to take steps at the request of the data subject prior to entering into a contract and to perform a contract).

4. Data retention period:
Personal data processed in connection with the contact form are stored:

1. for the duration of the correspondence and handling of the matter to which the enquiry relates;

2. and subsequently – for the purpose of possible establishment, exercise or defence of legal claims – for the period of limitation of civil-law claims. Pursuant to Article 118 of the Polish Civil Code, the general limitation period is 6 years, and for claims for periodical performance and claims related to the conduct of business activity – 3 years, unless specific provisions provide for other periods.

2. Data related to the use of the website (system logs, navigational data)

5. When using the website, additional information may be collected automatically, in particular:

  • the IP address assigned to the user’s computer or the external IP address of the Internet provider,
  • domain name,
  • type and version of the web browser,
  • access time,
  • type of operating system,
  • data regarding the approximate location of the device.

6. Navigational data may also be collected from users, including information on links and references they choose to click on, as well as other activities undertaken on the website.

7. The legal basis for the processing of the data referred to in points 5–6 is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in particular in:

  • ensuring the proper functioning and security of the website,
  • compiling statistics on the use of the website,
  • facilitating the use of services provided electronically and improving their functionality.

8. Technical and navigational data are stored for the period necessary to achieve the above purposes and may subsequently be archived for the purpose of securing claims, but not longer than until the expiry of the limitation periods for such claims.

3. Cookies and external tools

9. The Controller may use cookies and analytical or marketing tools (e.g. statistical tools, social media plugins) on the website.

10. Detailed information on the use of cookies, the types of cookies used and external tools is provided in a separate Cookies Policy available on the website www.mazzoni.pl

4. Voluntary provision of data

11. Providing personal data by the user is voluntary, however failure to provide such data may prevent:

1. the use of the contact form or receiving a reply to an enquiry,

2. the conclusion and performance of a contract with the Controller (to the extent that the data are necessary for its conclusion/performance).

5. Automated decision-making and profiling

12. The personal data of users are not used to make decisions based solely on automated processing, including profiling, within the meaning of Article 22 GDPR.

§3
DISCLOSURE OF PERSONAL DATA

1. The personal data of users may be transferred to service providers used by the Controller in connection with the operation of the website and the ongoing business activity, in particular to:

1. hosting and IT service providers,

2. providers of e-mail systems and other communication tools,

3. providers of analytical and marketing services (to the extent described in the Cookies Policy),

4. entities providing advisory, legal, accounting or debt collection services – if this is necessary to protect the Controller’s rights

2. The entities referred to in point 1, to which personal data are transferred, depending on contractual arrangements and circumstances:

1. are subject to the Controller’s instructions as to the purposes and methods of processing data (they act as processors on the basis of data processing agreements), or

2. independently determine the purposes and methods of data processing (they act as separate controllers – e.g. courier companies, payment operators, law firms).

3. As a rule, the personal data of users are stored within the territory of the European Economic Area (EEA).

4. If, in connection with the Controller’s use of certain tools or services, personal data are transferred to a third country (outside the EEA), this will take place only in cases and under the conditions provided for in the GDPR, in particular:

1. on the basis of a decision declaring an adequate level of protection, as referred to in Article 45 GDPR, or

2. with the use of standard contractual clauses adopted by the European Commission (Article 46 GDPR) or other appropriate safeguards.

§4
RIGHT TO CONTROL, ACCESS AND RECTIFY PERSONAL DATA

1. The data subject has the right to:

1. access their personal data,

2. rectify (correct) their data,

3. erase their data (“right to be forgotten”),

4. restrict processing,

5. data portability,

6. object to the processing of personal data – in particular where the legal basis for processing is the Controller’s legitimate interest,

7. withdraw consent at any time – to the extent that processing is based on consent – without affecting the lawfulness of processing based on consent before its withdrawal.

2. Legal bases for the user’s requests:

1. right of access – Article 15 GDPR,

2. right to rectification – Article 16 GDPR,

3. right to erasure (right to be forgotten) – Article 17 GDPR,

4. right to restriction of processing – Article 18 GDPR,

5. right to data portability – Article 20 GDPR,

6. right to object – Article 21 GDPR,

7. right to withdraw consent – Article 7(3) GDPR.

3. In order to exercise the rights referred to in point 1, the data subject may send an appropriate e-mail to: [email protected] or use the contact details indicated in §1 point 1.

4. Where the user exercises any of the above rights, the Controller shall comply with the request or refuse to comply with it without undue delay and in any event within one month of receipt of the request. However, if – due to the complex nature of the request or the number of requests – the Controller is unable to comply with the request within one month, it shall comply with it within the next two months, informing the user in advance, within one month of receiving the request, of the intended extension of the deadline and the reasons for it.

5. The data subject has the right to lodge a complaint with the President of the Personal Data Protection Office if they consider that the processing of their personal data infringes the provisions of the GDPR.

§5
FINAL PROVISIONS

1. The Controller applies technical and organisational measures to ensure a level of security appropriate to the risks and categories of data protected, and in particular safeguards data against:

1. access by unauthorised persons,

2. being taken by an unauthorised person,

3. processing in breach of applicable provisions,

4. alteration, loss, damage or destruction.

2. The Controller provides appropriate technical measures to prevent unauthorised persons from obtaining and modifying personal data transmitted electronically.

3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other applicable provisions of Polish law shall apply accordingly.