PRIVACY POLICY

I. Introduction:

The 925CRAFT website operated at the web address: www.925craft.ro, owned by Silvexcraft Mateusz Wójcik sp.k. is committed to protecting the privacy of its Users when it comes to the provision of personal data to the User Contact Department, being dedicated to protecting the privacy of our Users and taking the responsibility for the security of their data seriously. We will be clear and transparent about what information we collect and what we do with it.

This Privacy Policy sets out the following:

What personal data we collect and process about you in relation to being a User of the 925CRAFT website and in relation to your use of our website and online services;

  • Where we collect the data from;
  • What we do with the data;
  • How we store the data;
  • To whom we transfer/disclose the data;
  • How we implement your right to data protection;
  • How we comply with data protection policies.

All personal data is collected and processed in accordance with the data protection legislation in force in Poland and within the European Union.

II. Definitions:

Controller – personal data controller indicated in pt. III of the Policy.

Personal data – all information about a natural person identified or identifiable by one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity, including the IP of the device, location data, the Internet identifier and information collected through cookies and other similar technology.

Policy – this Privacy Policy.

GDPR– Regulation 2016/679 of the European Parliament and of the EU Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

Website – the website operated by the Administrator at www.925craft.uk.

User – any natural person visiting the Service or using one or more of the services or functionalities described in the Policy.

III. Data of the Personal Data Controller:

We kindly inform you that the controller of your personal data is Silvexcraft Mateusz Wójcik sp.k. with its registered office in Tyczyn, 5 Orkana Street, 36-020 Tyczyn, Tax Number: 5170373027, Polish National Business Registry Number: 363361395, entered in the register of entrepreneurs of the National Court Register by the District Court in Rzeszów, XII Economic Division of the National Court Register under number 0000588340 hereinafter referred to as ‘925CRAFT’. You may contact 925CRAFT regarding data protection at the following e-mail address: [email protected].

IV. Data Protection Officer

925CRAFT has a Data Protection Inspector – currently Mr Maciej Strączkowski, who will be happy to assist you in all matters relating to the protection of personal data, in particular to answer any questions regarding the processing of your personal data. You may contact the Inspector at the e-mail address: [email protected].

V. Purposes and grounds for processing personal data

In order to provide services in accordance with the scope of our activities, 925CRAFT processes your personal data – for various purposes, but always in accordance with the law. Below you will find the specified purposes of processing your personal data, together with the legal bases.

  • Use of the Website:

Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies) is processed by the Controller:

  • in order to provide electronic services in terms of providing Users with access to content collected on the Website, providing contact forms – in which case the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) GDPR);
  • in order to possibly establish and assert or defend against claims – the legal basis of the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR) to protect its rights;
  • for the Controller’s marketing purposes – for a detailed description of the purposes and legal basis, please see marketing and direct marketing.
  • Contact form:

The Controller provides the possibility to contact it using an electronic contact form. Using the form requires providing personal data necessary to contact the User and respond to the enquiry. The provision of data marked as mandatory is required in order to receive and handle the enquiry, and failure to do so will result in the impossibility of service.

Personal data is processed:

  • for the identification of the sender and the handling of his/her query sent via the form provided – the legal basis of the processing is the necessity of the processing for the performance of the service contract (Article 6(1)(b) GDPR);
  • for analytical and statistical purposes – the legal basis of the processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in keeping statistics of the queries submitted by Users via the Website in order to improve its functionality.
  • Marketing:

The Controller processes Users’ personal data in order to carry out marketing activities, which may consist in:

  • sending e-mail notifications of interesting offers or content which in some cases contain commercial information;
  • carrying out other activities related to the direct marketing of goods and services (sending commercial information by e-mail);

In the case of processing operations for the aforementioned marketing purposes, with the exception of those carried out within the framework of a newsletter that operates on the basis of the regulations, the basis for such processing is the fulfilment of the purposes deriving from the legitimate interests pursued by the Controller (Article 6(1)(F) GDPR).

  • Direct marketing:

If the User has consented to receive marketing information by e-mail, text messages and other means of electronic communication, the User’s personal data will be processed for the purpose of sending such information. The basis for processing is the legitimate interest of 925CRAFT to send marketing information within the limits of the consent given by the User (direct marketing). The User has the right to object to the processing of data for direct marketing purposes, including profiling. The data will be stored for this purpose for the duration of 925CRAFT’s legitimate interest, unless the User objects to receiving the information.

  • Telephone contact:

For the purpose of contacting you by telephone on matters related to the provision of the service, we process personal data such as: telephone number.

The legal basis for such processing is Article 6(1)(a) of the GDPR, which allows us to process personal data on the basis of freely given consent;

  • GDPR registers and records:

In order to set up GDPR-related registers and records, including e.g. a register of customers who have objected in accordance with GDPR, we process personal data such as name, email address, because firstly, the GDPR regulations impose certain documentation obligations on us to demonstrate compliance and accountability, and secondly, if you object to the processing of your personal data for marketing purposes, for example, we need to know to whom we do not apply direct marketing because they do not wish us to do so.

The legal basis for such processing is firstly, Article 6(1)(c) of the GDPR, which allows us to process personal data if such processing is necessary for the Data Controller to comply with its obligations under the law; secondly, Article 6(1)(f) of the GDPR, which allows us to process personal data if, by doing so, the Data Controller is pursuing its legitimate interest (in this case, the Company’s interest is to know about individuals who are exercising their rights under the GDPR);

  • Cookies:

In order to use cookies on the website, we process such textual information (cookies will be described in a separate section). The legal basis for such processing is Article 6(1)(a) of the GDPR, which allows us to process personal data on the basis of freely given consent (when you first visit the website, you are asked if you agree to the use of cookies);

  • Administration of the website:

In order to administer the website, we process personal data such as IP address, server date and time, browser information, operating system information – this data is saved automatically in the so-called server logs every time you use a website belonging to the Company. Administration of the website without the use of the server and without this automatic recording would not be possible. The legal basis for such data processing is Article 6(1)(f) of the GDPR, which allows the processing of personal data if by doing so the Personal Data Controller pursues its legitimate interest (in this case the Company’s interest is the administration of the website);

VI. Cookies:

1. 925CRAFT uses so-called ‘cookies’ on its website, as do other entities, i.e. short text information stored on your computer, phone, tablet or other device. They can be read by our system and also by systems belonging to other entities whose services we use (e.g. Facebook, Google).

2. Cookies perform a number of functions on the website, most often useful, which we will try to describe below (if the information is insufficient, please contact us):

  • impact on the processes and efficiency of the use of the website — cookies are used so that the website works efficiently and so that you can use the functions available on it, which is possible, among other things, by remembering your settings between visits to the website. They therefore enable you to navigate the website and its various pages efficiently;
  • session status — cookies often store information about how visitors use the website, e.g. which pages they view most often. They also make it possible to identify errors displayed on certain sub-pages. Cookies used to record the so-called ‘session state’ help to improve services and the browsing experience;
  • statistics — cookies are used to analyse how visitors use the website (how many open the website, how long they stay on the site, which content is of most interest, etc.). This allows us to continuously improve the website and adapt its operation to the preferences of Users. We use Google tools, such as Google Analytics, to track activity and generate statistics; in addition to reporting website usage statistics, the Google Analytics pixel can also be used, together with some of the cookies described above, to help display more relevant content to you on Google’s services (e.g. Google Search) and across the web;

3. your web browser allows the use of cookies on your device by default, so please consent to the use of cookies on your first visit. However, if you do not wish cookies to be used when you browse the website, you can change the settings in your browser – block the automatic handling of cookies completely or request to be notified whenever cookies are placed on your device. You can change your settings at any time.

4. While respecting the autonomy of all persons using the website, we feel obliged to warn you that disabling or restricting the use of cookies may cause quite serious difficulties in the use of the website, e.g. in the form of having to log in to every subpage, longer loading times, limitations in the use of functionalities,

VII. Right to withdraw consent:

1. If the processing of personal data is based on consent, you may withdraw this consent at any time at your discretion.

2. if you would like to withdraw your consent to the processing of personal data, it is sufficient to:

  • send an email directly to 925CRAFT at [email protected] or
  • send an email to the Data Protection Officer at [email protected] or
  • click on the link in the email, included at the end of each message sent.

3. If the processing of your personal data was carried out on the basis of consent, the withdrawal of consent does not make the processing of your personal data unlawful until that point. In other words, we are entitled to process your personal data until you revoke your consent and revoking your consent does not affect the lawfulness of the previous processing.

VIII. Requirement to provide personal data:

The provision of any personal data is voluntary and at your discretion. However, in some cases the provision of certain personal data is necessary in order to meet your expectations in using the services offered by 925CRAFT.

IX. Automated decision-making and profiling:

In order to carry out marketing activities, the Controller in some cases uses profiling, i.e. through the so-called geolocation, obtains knowledge of the country of residence of the User using the 925CRAFT website.

X. Recipients of personal data:

a. In connection with the performance of the services, your personal data will be disclosed to external entities, including, in particular, suppliers responsible for the operation of IT systems, entities providing legal, auditing, consulting services, marketing agencies (for marketing services) and entities related to the Administrator and business partners.

b. If your consent is obtained, your data may also be shared with other entities for their own purposes, including marketing purposes.

c. The Controller reserves the right to disclose selected information related to you to the competent authorities or to third parties who request such information on the appropriate legal basis and in accordance with the provisions of the applicable law. It is extremely difficult for us to predict who may come forward with a request for personal data. Nevertheless, we assure you that we analyse every request for personal data very carefully and very thoroughly, so as not to inadvertently pass on information to an unauthorised person.

XI. Transfers of personal data to third countries:

The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers personal data outside the EEA only when necessary and with an adequate level of protection. The Controller shall always inform of the intention to transfer personal data outside the EEA at the stage of collection. The Controller transfers personal data outside the EEA only if the Customer orders the execution of an order (sending it) outside the EEA.

XII. Period of personal data processing:

1. In accordance with applicable law, we do not process your personal data ‘indefinitely’, but for the period of time that is necessary to achieve the stated purpose. After this period, your personal data will be deleted or destroyed irreversibly.

When we do not need to perform operations on your personal data other than storing it, we additionally protect it by means of pseudonymisation until it is permanently deleted or destroyed. Pseudonymisation involves encrypting personal data or a set of personal data in such a way that it cannot be read without an additional key, so that such information becomes completely useless to an unauthorised person.

3. Regarding the individual processing periods for personal data, we kindly inform you that we process personal data for a period of:

  • 3 years or 10 years + 1 year – with regard to personal data processed for the purpose of establishing, asserting or defending claims (the length of the period depends on whether both parties are companies or not);
  • until you withdraw your consent or the purpose of the processing has been achieved, but for no longer than 5 years – in relation to personal data processed on the basis of consent;
  • until an effective objection is made or the purpose of the processing is achieved but for no longer than 5 years – in relation to personal data processed on the basis of a legitimate interest of the Personal Data Controller or for marketing purposes;
  • until it becomes obsolete or is no longer relevant, but for no longer than 3 years – with regard to personal data processed mainly for analytical purposes, the use of cookies and website administration.

4. We count the periods in years from the end of the year in which we started processing personal data in order to streamline the process of erasure or destruction of personal data. Counting the period separately for each event would involve significant organisational and technical difficulties as well as a significant financial expense, so establishing a single date for the erasure or destruction of personal data allows us to manage the process more efficiently. Of course, in the event that you exercise your right to be forgotten, such situations are dealt with on a case-by-case basis.

5. The additional one year related to the processing of personal data collected for the performance of a contract is due to the fact that hypothetically you may make a claim moments before the expiry of the limitation period, the request may be served with a significant delay or you may incorrectly determine the limitation period for your claim.

XIII. Rights of data subjects:

1. We kindly inform you that you have the right to:

  • access to your personal data;
  • rectify your personal data;
  • erase your personal data;
  • restrict the processing of your personal data;
  • object to the processing of your personal data;
  • transfer your personal data.

2. We respect your rights under data protection legislation and strive to facilitate the implementation of these rights to the greatest extent possible.

3. We point out that the rights listed are not automatic and therefore we may lawfully refuse you in certain situations. However, if we do refuse to comply with a request, this is only after careful consideration and only if it is necessary to refuse the request.

4. With regard to the right to object, we explain that you have the right to object at any time to the processing of personal data on the basis of legitimate interests of the Personal Data Controller (these are listed in section V) in relation to your particular situation. However, you must bear in mind that in accordance with the legislation, we may refuse to take into account an objection if we demonstrate that:

  • there are legitimate grounds for the processing which override your interests, rights and freedoms, or
  • there are grounds for the establishment, assertion or defence of claims.

5. Furthermore, you may object at any time to the processing of your personal data for marketing purposes. In such a situation, upon receipt of your objection, we will cease processing for this purpose.

6. You may exercise your rights by:

  • sending an email directly to 925CRAFT at [email protected] or
  • sending an email to the Data Protection Officer at [email protected] or
  • clicking on the link in the email attached at the end of each message you send.

XIV. Right to make a complaint:

If you believe that your personal data is being processed contrary to applicable law, you may submit a complaint to the President of the Data Protection Authority.

XV. Final provisions:

1. Data protection legislation shall apply to the matters not covered by this Privacy Policy.

2. Any changes to this Privacy Policy shall be made known to you by e-mail.

3. This Privacy Policy shall be reviewed on an ongoing basis and updated as necessary.

4. This Privacy Policy is effective as of 29/03/2022.