Privacy policy
Privacy policy
Privacy policy
PRIVACY POLICY
Our goal is to provide you with a sense of security on our website, which is why your privacy and the protection of your personal data are very important to us. We ensure that your data will be processed in a transparent and fair manner and that we will do our best to treat it with care and responsibility.
The following Privacy Policy is intended to inform you about how we use your personal data, in respect of which we meet all the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as: “GDPR”).
Personal Data Administrator:
The administrator of your personal data is Stavero Spółka z ograniczoną odpowiedzialnością spółka komandytowa with its registered office in Białystok, at St. Rocha 8, 15-879 Białystok, entered into the Register of Entrepreneurs of the National Court Register by the District Court in Białystok, XII Commercial Division of the National Court Register under KRS:0000390981, NIP:7010308849, REGON:143429880, represented by Stavero Spółka z ograniczoną odpowiedzialnością with its registered office in Białystok, at St. Rocha 8, 15-879 Białystok, entered into the Register of Entrepreneurs of the National Court Register by the District Court in Białystok, XII Commercial Division of the National Court Register under KRS No.: 0000715784, NIP: 5423295330, REGON: 36933605600000, having a share capital of PLN 25. 000,00, paid in full.
Contact for personal data:
If you have any questions regarding your personal data or exercising your privacy rights, please contact the Data Protection Officer via email rodo@stavero.pl or at St. Rocha 8. 15-879 Bialystok
Data processing as part of the core business of our company:
We process your personal data provided to us within the framework of existing contractual and pre-contractual relationships between us. The scope, nature, purpose and necessity of processing depend on the respective basic contractual relationship. For this purpose, we store and process your data on the computer systems we use. The data we process includes all data provided by you in order to use the contractual or pre-contractual services required to process your request or a contract concluded between us.
In particular, the following data may be relevant:
• Name, surname, surname and address
• Email address and phone number
• Order details
• Data for payment transactions
The processing is limited to the data necessary and useful to respond to requests and / or for the performance of the contract. The transfer of personal data to third parties takes place only if this is necessary for the purpose of providing the service or in the context of the organisation of our business for the purposes of financial accounting and compliance with legal obligations. In this case, only the data that is necessary and appropriate for the performance of the contract or financial accounting, as well as for compliance with legal obligations will be passed on to external service providers only. The processing by us takes place in accordance with your instructions or statutory provisions. Legal basis: The processing of personal data as well as their transfer to third parties takes place in accordance with Art. 6 para. 1 lit. b) GDPR and serves the performance of the contract between you and us. Otherwise, we only pass on the data to third parties if there is a legal obligation, Art. 6 para. 1 lit. c) GDPR or if there is a legitimate interest, Art. 6 para. point (f) of paragraph 1. RODO. This is the case, for example, if it is necessary to pursue our claims. Deletion: the deletion of the data takes place as soon as the data is no longer required for the fulfilment of contractual or legal obligations of care, as well as for the fulfilment of any warranties and comparable obligations. This does not affect the statutory obligations of detention.
We use the services to provide our online presence of the Internet service provider on whose server the website is stored (hosting) and which makes our website available on the Internet. Here, the internet service provider processes contact data, content data, contract data, usage data, inventory data as well as meta and communication data on our behalf. Legal basis: the Internet service provider processes the aforementioned data on our behalf, Art. 28 GDPR. Data processing takes place on the basis of our legitimate interest in the efficient and secure provision of our website, Art. 6 para. 1 lit. f) GDPR.
If you use our website for informational purposes only, our internet service provider will only collect the personal data that the browser you are using transmits to its server. These are the following data:
• IP address
• date and time of access to our website
• time zone difference to Greenwich Mean Time (GMT)
• access status (HTTP status)
• the amount of data transferred
• Internet service provider of access system
• type of browser used and its version
• operating system used
• the website from which you may have reached our website
• the pages or sub-pages you visit on our website.
This data is not stored together with other personal data:
The above data is stored as log files on the servers of our web hosting provider. This is necessary in order to be able to display the website on the device you are using, as well as to ensure stability and security. For the above purposes, we have a legitimate interest in data processing. Legal basis: Data processing is based on our legitimate interest in the efficient and secure provision of our website, Art. 6 para. 1 lit. f) GDPR. Duration: The above data relating to the provision of our website will be stored until you withdraw your consent to the processing.
Data transmission to third countries:
The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data will therefore be processed mainly by companies requested by the GDPR. If the processing is carried out through the services of third parties outside the European Union or the European Economic Area, they must comply with the special requirements set out in Article 44 et seq. RODO. This means that the processing is carried out on the basis of specific safeguards, such as an officially recognised level of data protection in the EU or compliance with officially recognised special contractual obligations, so-called "standard contractual terms".
Message validity/cancellation:
We delete or block your personal data as soon as the storage purpose has been achieved or is waived, unless further storage is required for evidentiary purposes or is contrary to legal storage requirements. Any further storage will only take place if required by national or European legislation. Blocking or erasure of the data in this case if the storage period provided for by the relevant legislation has expired, unless we need your data for the performance of a contract concluded between us or if this is necessary for the assertion or defence of legal claims.
Contact via contact form / e-mail / mail:
If you contact us via the contact form, post or e-mail, your data will be processed in order to process your contact request:
Legal basis: If you have submitted a request via our contact form, the legal basis for processing your data is Art. 6 para. 1 lit. a GDPR. If you submit a request in the context of a contractual or pre-contractual relationship, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. If your request does not fall into any of the above categories, our legitimate interest in the processing of your data is to respond appropriately to your request, in your favour, in accordance with Art. 6 para. 1 lit. f GDPR.
We may store your data and contact requests in our customer relationship management system (“CRM System”) or a comparable system.
Deletion: The data will be deleted as soon as it is no longer needed for the purpose of its collection. For personal data from the input form of the contact form and data sent by e-mail, this takes place after the end of the conversation with you. The conversation ends when it can be inferred from the circumstances that the matter has been finally clarified. In the case of a legal archiving obligation, the deletion takes place after its expiry.
Withdrawal: You have the possibility to withdraw your consent to the processing of personal data at any time in accordance with Art. 6 GDPR. If you contact us via email, you can object to the storage of your personal data at any time.
Existence of automated decision-making:
We do not use automated decision-making or profiling.
Your rights under the GDPR:
Under the GDPR, you have the following rights, which you can exercise at any time with the Data Controller. Your rights under this privacy policy:
Right to information: in accordance with Art. 15 GDPR, you may request confirmation of whether and what personal data we process from you. In addition, you can provide us free of charge with information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been disclosed or the planned storage period, the right to rectification, erasure, restriction of processing or objection, the existence of the right to object and the origin of their data if they have not been collected from us. You also have the right to know whether your personal data has been transferred to a third country or an international organisation. If so, you have the right to be informed of the appropriate safeguards associated with the transfer.
Right to rectification: in accordance with Art. 16 GDPR, you may request the rectification of incorrect or complete incomplete personal data stored by us and your personal data.
Right to object: In accordance with Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless we need to process it for the following purposes: to comply with a legal obligation, to exercise or defend legal claims, to exercise the right to freedom of expression and information; or for the purposes of public interest referred to in Art. 17 para. 3 lit. c) id) GDPR.
Right to restriction: in accordance with Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you for a period which allows us to verify the accuracy of your personal data, the processing of your data is unlawful, but you oppose its erasure and instead request the restriction of its use. We no longer need your personal data for processing purposes, but you need this information to assert, exercise or defend your rights.
You have objected to the processing of your data pursuant to Art. 21 GDPR, but it is not yet certain whether the legitimate grounds you have justified despite your objection to further processing outweigh your rights.
Right to information: if you have requested the right to rectification, erasure or restriction of processing, we are obliged to all recipients to whom personal data have been disclosed to correct or erase the data for which they have requested a Processing Notice, unless this proves to be impossible or disproportionate. You have the right to be informed by us about these recipients.
Right to data portability: In accordance with Art. 20 GDPR, you may request to receive the personal data you have provided to us in a structured, standard, machine-readable format or request that it be transmitted to another responsible person.
Right of revocation: In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. To do so, you may contact the supervisory authority of your usual place of residence, place of work or headquarters of our company.
Withdrawal of consent/Withdrawal of consent:
Pursuant to Art. 7 section 3 GDPR, you have the right to withdraw your consent to the processing of your data at any time. The revocation you have declared does not change the legality of the processing of your personal data until the revocation.
Right to object:
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of a balance of interests (Article 6(1)(f) of the GDPR). This is particularly important when data processing is not required to perform the contract. If you exercise your right to object, please explain the reasons. We will no longer process your personal data unless we can prove that compelling legitimate grounds for processing the data outweigh your interests and rights.
Notwithstanding the foregoing, you have the right to object to the processing of your personal data for advertising and data analysis purposes at any time.
Please direct your objection to the above-mentioned contact address of the responsible person indicated on our website.
Social media presence:
We use social media profiles or fan pages to communicate with users who are connected and registered there and to provide you with information about our products, offers and services. When you use and access our profile on a relevant network, the respective privacy policies and terms of use of that network apply.
We process your information that you send to us through these networks in order to communicate with you and respond to those messages.
The legal basis for the processing of personal data is our legitimate interest in communicating with you and our external presentation for advertising purposes pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. If you have given your consent to the controller of the social network for the processing of your personal data, the legal basis is Art. 6 para. 1 sentence 1 lit. a) and Art. 7 GDPR.
The privacy policy, information options and opt-out options of the respective networks can be found here:
• Facebook (Facebook Ireland Ltd. , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) Privacy Policy: https://www. facebook. com/about/privacy/, Opt-out: https://www. facebook. com/settings?tab=ads
• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – Privacy Policy: https://www. linkedin. com/legal/privacy-policy, Cookie Policy and Opt-Out: https: //www. linkedin . com / legal / cookie-policy,
• Instagram (Facebook Ireland Ltd. , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: help. instagram. com/519522125107875
• Microsoft Teams and Outlook – (https://privacy. microsoft. com/pl-pl/privacystatement
• Google Analytics – An important group of automatically collected cookies are data about page views collected by Google Analytics – a widely known and used on the market internet system for analyzing website visit statistics provided by Google, Inc. The Google Analytics system can be used to create user profiles under a pseudonym. Google uses the information collected to evaluate your use of the website, to compile reports on website traffic for website operators and to provide other services related to website traffic and Internet use.
Social media plugins:
We use social media plug-ins on our website. We use the so-called “double click solution” – the c’t action. When you download our website, no personal data will be transmitted to the plug-in providers. Next to the logo or brand of the social network there is a slider that allows you to activate the plugin with one click. After activation, the provider of the social networks receives information that you have accessed our website, and your personal data is transmitted to the provider of the plug-in and stored there. These are so-called third-party cookies. For some providers, such as Facebook and XING, their IP addresses will be anonymised immediately after retrieval.
The collected user data stores the plug-in provider as usage profiles. They are used for advertising, market research and/or website customization. This assessment is carried out in particular (even for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you should ask the respective plug-in provider to exercise this right.
The legal basis for the use of the plug-ins is our legitimate interest in improving and optimising our website by increasing our awareness via social networks and the ability to interact with you and users via social networks in accordance with Art. 6 para. 1 point 1 lit. f) GDPR.
We have no influence on the data collected and data processing operations. We are also unaware of the scope of data collection, the purpose of processing and storage periods. We also do not have any information to delete the data collected by the plugin provider.
We refer to the respective privacy policies of the social networks regarding the purpose and scope of data collection and processing. In addition, you will also find information about your rights and options for protecting your personal data.
Security measures:
We also use state-of-the-art technical and organisational security measures to ensure compliance with data protection regulations and to protect data against accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties.
Updating and amending this privacy policy:
This Privacy Policy is effective as of August 2023. Due to changes in legal or regulatory requirements, it may be necessary to amend this Privacy Policy. We will post any changes or updates to our policy on our website.
PRIVACY POLICY
Our goal is to provide you with a sense of security on our website, which is why your privacy and the protection of your personal data are very important to us. We ensure that your data will be processed in a transparent and fair manner and that we will do our best to treat it with care and responsibility.
The following Privacy Policy is intended to inform you about how we use your personal data, in respect of which we meet all the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as: “GDPR”).
Personal Data Administrator:
The administrator of your personal data is Stavero Spółka z ograniczoną odpowiedzialnością spółka komandytowa with its registered office in Białystok, at St. Rocha 8, 15-879 Białystok, entered into the Register of Entrepreneurs of the National Court Register by the District Court in Białystok, XII Commercial Division of the National Court Register under KRS:0000390981, NIP:7010308849, REGON:143429880, represented by Stavero Spółka z ograniczoną odpowiedzialnością with its registered office in Białystok, at St. Rocha 8, 15-879 Białystok, entered into the Register of Entrepreneurs of the National Court Register by the District Court in Białystok, XII Commercial Division of the National Court Register under KRS No.: 0000715784, NIP: 5423295330, REGON: 36933605600000, having a share capital of PLN 25. 000,00, paid in full.
Contact for personal data:
If you have any questions regarding your personal data or exercising your privacy rights, please contact the Data Protection Officer via email rodo@stavero.pl or at St. Rocha 8. 15-879 Bialystok
Data processing as part of the core business of our company:
We process your personal data provided to us within the framework of existing contractual and pre-contractual relationships between us. The scope, nature, purpose and necessity of processing depend on the respective basic contractual relationship. For this purpose, we store and process your data on the computer systems we use. The data we process includes all data provided by you in order to use the contractual or pre-contractual services required to process your request or a contract concluded between us.
In particular, the following data may be relevant:
• Name, surname, surname and address
• Email address and phone number
• Order details
• Data for payment transactions
The processing is limited to the data necessary and useful to respond to requests and / or for the performance of the contract. The transfer of personal data to third parties takes place only if this is necessary for the purpose of providing the service or in the context of the organisation of our business for the purposes of financial accounting and compliance with legal obligations. In this case, only the data that is necessary and appropriate for the performance of the contract or financial accounting, as well as for compliance with legal obligations will be passed on to external service providers only. The processing by us takes place in accordance with your instructions or statutory provisions. Legal basis: The processing of personal data as well as their transfer to third parties takes place in accordance with Art. 6 para. 1 lit. b) GDPR and serves the performance of the contract between you and us. Otherwise, we only pass on the data to third parties if there is a legal obligation, Art. 6 para. 1 lit. c) GDPR or if there is a legitimate interest, Art. 6 para. point (f) of paragraph 1. RODO. This is the case, for example, if it is necessary to pursue our claims. Deletion: the deletion of the data takes place as soon as the data is no longer required for the fulfilment of contractual or legal obligations of care, as well as for the fulfilment of any warranties and comparable obligations. This does not affect the statutory obligations of detention.
We use the services to provide our online presence of the Internet service provider on whose server the website is stored (hosting) and which makes our website available on the Internet. Here, the internet service provider processes contact data, content data, contract data, usage data, inventory data as well as meta and communication data on our behalf. Legal basis: the Internet service provider processes the aforementioned data on our behalf, Art. 28 GDPR. Data processing takes place on the basis of our legitimate interest in the efficient and secure provision of our website, Art. 6 para. 1 lit. f) GDPR.
If you use our website for informational purposes only, our internet service provider will only collect the personal data that the browser you are using transmits to its server. These are the following data:
• IP address
• date and time of access to our website
• time zone difference to Greenwich Mean Time (GMT)
• access status (HTTP status)
• the amount of data transferred
• Internet service provider of access system
• type of browser used and its version
• operating system used
• the website from which you may have reached our website
• the pages or sub-pages you visit on our website.
This data is not stored together with other personal data:
The above data is stored as log files on the servers of our web hosting provider. This is necessary in order to be able to display the website on the device you are using, as well as to ensure stability and security. For the above purposes, we have a legitimate interest in data processing. Legal basis: Data processing is based on our legitimate interest in the efficient and secure provision of our website, Art. 6 para. 1 lit. f) GDPR. Duration: The above data relating to the provision of our website will be stored until you withdraw your consent to the processing.
Data transmission to third countries:
The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data will therefore be processed mainly by companies requested by the GDPR. If the processing is carried out through the services of third parties outside the European Union or the European Economic Area, they must comply with the special requirements set out in Article 44 et seq. RODO. This means that the processing is carried out on the basis of specific safeguards, such as an officially recognised level of data protection in the EU or compliance with officially recognised special contractual obligations, so-called "standard contractual terms".
Message validity/cancellation:
We delete or block your personal data as soon as the storage purpose has been achieved or is waived, unless further storage is required for evidentiary purposes or is contrary to legal storage requirements. Any further storage will only take place if required by national or European legislation. Blocking or erasure of the data in this case if the storage period provided for by the relevant legislation has expired, unless we need your data for the performance of a contract concluded between us or if this is necessary for the assertion or defence of legal claims.
Contact via contact form / e-mail / mail:
If you contact us via the contact form, post or e-mail, your data will be processed in order to process your contact request:
Legal basis: If you have submitted a request via our contact form, the legal basis for processing your data is Art. 6 para. 1 lit. a GDPR. If you submit a request in the context of a contractual or pre-contractual relationship, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. If your request does not fall into any of the above categories, our legitimate interest in the processing of your data is to respond appropriately to your request, in your favour, in accordance with Art. 6 para. 1 lit. f GDPR.
We may store your data and contact requests in our customer relationship management system (“CRM System”) or a comparable system.
Deletion: The data will be deleted as soon as it is no longer needed for the purpose of its collection. For personal data from the input form of the contact form and data sent by e-mail, this takes place after the end of the conversation with you. The conversation ends when it can be inferred from the circumstances that the matter has been finally clarified. In the case of a legal archiving obligation, the deletion takes place after its expiry.
Withdrawal: You have the possibility to withdraw your consent to the processing of personal data at any time in accordance with Art. 6 GDPR. If you contact us via email, you can object to the storage of your personal data at any time.
Existence of automated decision-making:
We do not use automated decision-making or profiling.
Your rights under the GDPR:
Under the GDPR, you have the following rights, which you can exercise at any time with the Data Controller. Your rights under this privacy policy:
Right to information: in accordance with Art. 15 GDPR, you may request confirmation of whether and what personal data we process from you. In addition, you can provide us free of charge with information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been disclosed or the planned storage period, the right to rectification, erasure, restriction of processing or objection, the existence of the right to object and the origin of their data if they have not been collected from us. You also have the right to know whether your personal data has been transferred to a third country or an international organisation. If so, you have the right to be informed of the appropriate safeguards associated with the transfer.
Right to rectification: in accordance with Art. 16 GDPR, you may request the rectification of incorrect or complete incomplete personal data stored by us and your personal data.
Right to object: In accordance with Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless we need to process it for the following purposes: to comply with a legal obligation, to exercise or defend legal claims, to exercise the right to freedom of expression and information; or for the purposes of public interest referred to in Art. 17 para. 3 lit. c) id) GDPR.
Right to restriction: in accordance with Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you for a period which allows us to verify the accuracy of your personal data, the processing of your data is unlawful, but you oppose its erasure and instead request the restriction of its use. We no longer need your personal data for processing purposes, but you need this information to assert, exercise or defend your rights.
You have objected to the processing of your data pursuant to Art. 21 GDPR, but it is not yet certain whether the legitimate grounds you have justified despite your objection to further processing outweigh your rights.
Right to information: if you have requested the right to rectification, erasure or restriction of processing, we are obliged to all recipients to whom personal data have been disclosed to correct or erase the data for which they have requested a Processing Notice, unless this proves to be impossible or disproportionate. You have the right to be informed by us about these recipients.
Right to data portability: In accordance with Art. 20 GDPR, you may request to receive the personal data you have provided to us in a structured, standard, machine-readable format or request that it be transmitted to another responsible person.
Right of revocation: In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. To do so, you may contact the supervisory authority of your usual place of residence, place of work or headquarters of our company.
Withdrawal of consent/Withdrawal of consent:
Pursuant to Art. 7 section 3 GDPR, you have the right to withdraw your consent to the processing of your data at any time. The revocation you have declared does not change the legality of the processing of your personal data until the revocation.
Right to object:
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of a balance of interests (Article 6(1)(f) of the GDPR). This is particularly important when data processing is not required to perform the contract. If you exercise your right to object, please explain the reasons. We will no longer process your personal data unless we can prove that compelling legitimate grounds for processing the data outweigh your interests and rights.
Notwithstanding the foregoing, you have the right to object to the processing of your personal data for advertising and data analysis purposes at any time.
Please direct your objection to the above-mentioned contact address of the responsible person indicated on our website.
Social media presence:
We use social media profiles or fan pages to communicate with users who are connected and registered there and to provide you with information about our products, offers and services. When you use and access our profile on a relevant network, the respective privacy policies and terms of use of that network apply.
We process your information that you send to us through these networks in order to communicate with you and respond to those messages.
The legal basis for the processing of personal data is our legitimate interest in communicating with you and our external presentation for advertising purposes pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. If you have given your consent to the controller of the social network for the processing of your personal data, the legal basis is Art. 6 para. 1 sentence 1 lit. a) and Art. 7 GDPR.
The privacy policy, information options and opt-out options of the respective networks can be found here:
• Facebook (Facebook Ireland Ltd. , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) Privacy Policy: https://www. facebook. com/about/privacy/, Opt-out: https://www. facebook. com/settings?tab=ads
• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – Privacy Policy: https://www. linkedin. com/legal/privacy-policy, Cookie Policy and Opt-Out: https: //www. linkedin . com / legal / cookie-policy,
• Instagram (Facebook Ireland Ltd. , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: help. instagram. com/519522125107875
• Microsoft Teams and Outlook – (https://privacy. microsoft. com/pl-pl/privacystatement
• Google Analytics – An important group of automatically collected cookies are data about page views collected by Google Analytics – a widely known and used on the market internet system for analyzing website visit statistics provided by Google, Inc. The Google Analytics system can be used to create user profiles under a pseudonym. Google uses the information collected to evaluate your use of the website, to compile reports on website traffic for website operators and to provide other services related to website traffic and Internet use.
Social media plugins:
We use social media plug-ins on our website. We use the so-called “double click solution” – the c’t action. When you download our website, no personal data will be transmitted to the plug-in providers. Next to the logo or brand of the social network there is a slider that allows you to activate the plugin with one click. After activation, the provider of the social networks receives information that you have accessed our website, and your personal data is transmitted to the provider of the plug-in and stored there. These are so-called third-party cookies. For some providers, such as Facebook and XING, their IP addresses will be anonymised immediately after retrieval.
The collected user data stores the plug-in provider as usage profiles. They are used for advertising, market research and/or website customization. This assessment is carried out in particular (even for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you should ask the respective plug-in provider to exercise this right.
The legal basis for the use of the plug-ins is our legitimate interest in improving and optimising our website by increasing our awareness via social networks and the ability to interact with you and users via social networks in accordance with Art. 6 para. 1 point 1 lit. f) GDPR.
We have no influence on the data collected and data processing operations. We are also unaware of the scope of data collection, the purpose of processing and storage periods. We also do not have any information to delete the data collected by the plugin provider.
We refer to the respective privacy policies of the social networks regarding the purpose and scope of data collection and processing. In addition, you will also find information about your rights and options for protecting your personal data.
Security measures:
We also use state-of-the-art technical and organisational security measures to ensure compliance with data protection regulations and to protect data against accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties.
Updating and amending this privacy policy:
This Privacy Policy is effective as of August 2023. Due to changes in legal or regulatory requirements, it may be necessary to amend this Privacy Policy. We will post any changes or updates to our policy on our website.
PRIVACY POLICY
Our goal is to provide you with a sense of security on our website, which is why your privacy and the protection of your personal data are very important to us. We ensure that your data will be processed in a transparent and fair manner and that we will do our best to treat it with care and responsibility.
The following Privacy Policy is intended to inform you about how we use your personal data, in respect of which we meet all the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as: “GDPR”).
Personal Data Administrator:
The administrator of your personal data is Stavero Spółka z ograniczoną odpowiedzialnością spółka komandytowa with its registered office in Białystok, at St. Rocha 8, 15-879 Białystok, entered into the Register of Entrepreneurs of the National Court Register by the District Court in Białystok, XII Commercial Division of the National Court Register under KRS:0000390981, NIP:7010308849, REGON:143429880, represented by Stavero Spółka z ograniczoną odpowiedzialnością with its registered office in Białystok, at St. Rocha 8, 15-879 Białystok, entered into the Register of Entrepreneurs of the National Court Register by the District Court in Białystok, XII Commercial Division of the National Court Register under KRS No.: 0000715784, NIP: 5423295330, REGON: 36933605600000, having a share capital of PLN 25. 000,00, paid in full.
Contact for personal data:
If you have any questions regarding your personal data or exercising your privacy rights, please contact the Data Protection Officer via email rodo@stavero.pl or at St. Rocha 8. 15-879 Bialystok
Data processing as part of the core business of our company:
We process your personal data provided to us within the framework of existing contractual and pre-contractual relationships between us. The scope, nature, purpose and necessity of processing depend on the respective basic contractual relationship. For this purpose, we store and process your data on the computer systems we use. The data we process includes all data provided by you in order to use the contractual or pre-contractual services required to process your request or a contract concluded between us.
In particular, the following data may be relevant:
• Name, surname, surname and address
• Email address and phone number
• Order details
• Data for payment transactions
The processing is limited to the data necessary and useful to respond to requests and / or for the performance of the contract. The transfer of personal data to third parties takes place only if this is necessary for the purpose of providing the service or in the context of the organisation of our business for the purposes of financial accounting and compliance with legal obligations. In this case, only the data that is necessary and appropriate for the performance of the contract or financial accounting, as well as for compliance with legal obligations will be passed on to external service providers only. The processing by us takes place in accordance with your instructions or statutory provisions. Legal basis: The processing of personal data as well as their transfer to third parties takes place in accordance with Art. 6 para. 1 lit. b) GDPR and serves the performance of the contract between you and us. Otherwise, we only pass on the data to third parties if there is a legal obligation, Art. 6 para. 1 lit. c) GDPR or if there is a legitimate interest, Art. 6 para. point (f) of paragraph 1. RODO. This is the case, for example, if it is necessary to pursue our claims. Deletion: the deletion of the data takes place as soon as the data is no longer required for the fulfilment of contractual or legal obligations of care, as well as for the fulfilment of any warranties and comparable obligations. This does not affect the statutory obligations of detention.
We use the services to provide our online presence of the Internet service provider on whose server the website is stored (hosting) and which makes our website available on the Internet. Here, the internet service provider processes contact data, content data, contract data, usage data, inventory data as well as meta and communication data on our behalf. Legal basis: the Internet service provider processes the aforementioned data on our behalf, Art. 28 GDPR. Data processing takes place on the basis of our legitimate interest in the efficient and secure provision of our website, Art. 6 para. 1 lit. f) GDPR.
If you use our website for informational purposes only, our internet service provider will only collect the personal data that the browser you are using transmits to its server. These are the following data:
• IP address
• date and time of access to our website
• time zone difference to Greenwich Mean Time (GMT)
• access status (HTTP status)
• the amount of data transferred
• Internet service provider of access system
• type of browser used and its version
• operating system used
• the website from which you may have reached our website
• the pages or sub-pages you visit on our website.
This data is not stored together with other personal data:
The above data is stored as log files on the servers of our web hosting provider. This is necessary in order to be able to display the website on the device you are using, as well as to ensure stability and security. For the above purposes, we have a legitimate interest in data processing. Legal basis: Data processing is based on our legitimate interest in the efficient and secure provision of our website, Art. 6 para. 1 lit. f) GDPR. Duration: The above data relating to the provision of our website will be stored until you withdraw your consent to the processing.
Data transmission to third countries:
The adoption of the European General Data Protection Regulation (GDPR) has created a uniform basis for data protection in Europe. Your data will therefore be processed mainly by companies requested by the GDPR. If the processing is carried out through the services of third parties outside the European Union or the European Economic Area, they must comply with the special requirements set out in Article 44 et seq. RODO. This means that the processing is carried out on the basis of specific safeguards, such as an officially recognised level of data protection in the EU or compliance with officially recognised special contractual obligations, so-called "standard contractual terms".
Message validity/cancellation:
We delete or block your personal data as soon as the storage purpose has been achieved or is waived, unless further storage is required for evidentiary purposes or is contrary to legal storage requirements. Any further storage will only take place if required by national or European legislation. Blocking or erasure of the data in this case if the storage period provided for by the relevant legislation has expired, unless we need your data for the performance of a contract concluded between us or if this is necessary for the assertion or defence of legal claims.
Contact via contact form / e-mail / mail:
If you contact us via the contact form, post or e-mail, your data will be processed in order to process your contact request:
Legal basis: If you have submitted a request via our contact form, the legal basis for processing your data is Art. 6 para. 1 lit. a GDPR. If you submit a request in the context of a contractual or pre-contractual relationship, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. If your request does not fall into any of the above categories, our legitimate interest in the processing of your data is to respond appropriately to your request, in your favour, in accordance with Art. 6 para. 1 lit. f GDPR.
We may store your data and contact requests in our customer relationship management system (“CRM System”) or a comparable system.
Deletion: The data will be deleted as soon as it is no longer needed for the purpose of its collection. For personal data from the input form of the contact form and data sent by e-mail, this takes place after the end of the conversation with you. The conversation ends when it can be inferred from the circumstances that the matter has been finally clarified. In the case of a legal archiving obligation, the deletion takes place after its expiry.
Withdrawal: You have the possibility to withdraw your consent to the processing of personal data at any time in accordance with Art. 6 GDPR. If you contact us via email, you can object to the storage of your personal data at any time.
Existence of automated decision-making:
We do not use automated decision-making or profiling.
Your rights under the GDPR:
Under the GDPR, you have the following rights, which you can exercise at any time with the Data Controller. Your rights under this privacy policy:
Right to information: in accordance with Art. 15 GDPR, you may request confirmation of whether and what personal data we process from you. In addition, you can provide us free of charge with information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data has been disclosed or the planned storage period, the right to rectification, erasure, restriction of processing or objection, the existence of the right to object and the origin of their data if they have not been collected from us. You also have the right to know whether your personal data has been transferred to a third country or an international organisation. If so, you have the right to be informed of the appropriate safeguards associated with the transfer.
Right to rectification: in accordance with Art. 16 GDPR, you may request the rectification of incorrect or complete incomplete personal data stored by us and your personal data.
Right to object: In accordance with Art. 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless we need to process it for the following purposes: to comply with a legal obligation, to exercise or defend legal claims, to exercise the right to freedom of expression and information; or for the purposes of public interest referred to in Art. 17 para. 3 lit. c) id) GDPR.
Right to restriction: in accordance with Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you for a period which allows us to verify the accuracy of your personal data, the processing of your data is unlawful, but you oppose its erasure and instead request the restriction of its use. We no longer need your personal data for processing purposes, but you need this information to assert, exercise or defend your rights.
You have objected to the processing of your data pursuant to Art. 21 GDPR, but it is not yet certain whether the legitimate grounds you have justified despite your objection to further processing outweigh your rights.
Right to information: if you have requested the right to rectification, erasure or restriction of processing, we are obliged to all recipients to whom personal data have been disclosed to correct or erase the data for which they have requested a Processing Notice, unless this proves to be impossible or disproportionate. You have the right to be informed by us about these recipients.
Right to data portability: In accordance with Art. 20 GDPR, you may request to receive the personal data you have provided to us in a structured, standard, machine-readable format or request that it be transmitted to another responsible person.
Right of revocation: In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. To do so, you may contact the supervisory authority of your usual place of residence, place of work or headquarters of our company.
Withdrawal of consent/Withdrawal of consent:
Pursuant to Art. 7 section 3 GDPR, you have the right to withdraw your consent to the processing of your data at any time. The revocation you have declared does not change the legality of the processing of your personal data until the revocation.
Right to object:
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of a balance of interests (Article 6(1)(f) of the GDPR). This is particularly important when data processing is not required to perform the contract. If you exercise your right to object, please explain the reasons. We will no longer process your personal data unless we can prove that compelling legitimate grounds for processing the data outweigh your interests and rights.
Notwithstanding the foregoing, you have the right to object to the processing of your personal data for advertising and data analysis purposes at any time.
Please direct your objection to the above-mentioned contact address of the responsible person indicated on our website.
Social media presence:
We use social media profiles or fan pages to communicate with users who are connected and registered there and to provide you with information about our products, offers and services. When you use and access our profile on a relevant network, the respective privacy policies and terms of use of that network apply.
We process your information that you send to us through these networks in order to communicate with you and respond to those messages.
The legal basis for the processing of personal data is our legitimate interest in communicating with you and our external presentation for advertising purposes pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. If you have given your consent to the controller of the social network for the processing of your personal data, the legal basis is Art. 6 para. 1 sentence 1 lit. a) and Art. 7 GDPR.
The privacy policy, information options and opt-out options of the respective networks can be found here:
• Facebook (Facebook Ireland Ltd. , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) Privacy Policy: https://www. facebook. com/about/privacy/, Opt-out: https://www. facebook. com/settings?tab=ads
• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – Privacy Policy: https://www. linkedin. com/legal/privacy-policy, Cookie Policy and Opt-Out: https: //www. linkedin . com / legal / cookie-policy,
• Instagram (Facebook Ireland Ltd. , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: help. instagram. com/519522125107875
• Microsoft Teams and Outlook – (https://privacy. microsoft. com/pl-pl/privacystatement
• Google Analytics – An important group of automatically collected cookies are data about page views collected by Google Analytics – a widely known and used on the market internet system for analyzing website visit statistics provided by Google, Inc. The Google Analytics system can be used to create user profiles under a pseudonym. Google uses the information collected to evaluate your use of the website, to compile reports on website traffic for website operators and to provide other services related to website traffic and Internet use.
Social media plugins:
We use social media plug-ins on our website. We use the so-called “double click solution” – the c’t action. When you download our website, no personal data will be transmitted to the plug-in providers. Next to the logo or brand of the social network there is a slider that allows you to activate the plugin with one click. After activation, the provider of the social networks receives information that you have accessed our website, and your personal data is transmitted to the provider of the plug-in and stored there. These are so-called third-party cookies. For some providers, such as Facebook and XING, their IP addresses will be anonymised immediately after retrieval.
The collected user data stores the plug-in provider as usage profiles. They are used for advertising, market research and/or website customization. This assessment is carried out in particular (even for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you should ask the respective plug-in provider to exercise this right.
The legal basis for the use of the plug-ins is our legitimate interest in improving and optimising our website by increasing our awareness via social networks and the ability to interact with you and users via social networks in accordance with Art. 6 para. 1 point 1 lit. f) GDPR.
We have no influence on the data collected and data processing operations. We are also unaware of the scope of data collection, the purpose of processing and storage periods. We also do not have any information to delete the data collected by the plugin provider.
We refer to the respective privacy policies of the social networks regarding the purpose and scope of data collection and processing. In addition, you will also find information about your rights and options for protecting your personal data.
Security measures:
We also use state-of-the-art technical and organisational security measures to ensure compliance with data protection regulations and to protect data against accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties.
Updating and amending this privacy policy:
This Privacy Policy is effective as of August 2023. Due to changes in legal or regulatory requirements, it may be necessary to amend this Privacy Policy. We will post any changes or updates to our policy on our website.