1. General provisions
1.1. This Privacy and Cookies Policy (the “Policy”) provides information about the processing of personal data of natural persons (the “Users”) who use the website located at www.profim.pl (the “Website”).
2. Data controller
The controller of personal data, i.e. the entity responsible for their processing in accordance with the law is the company under the business name: Flokk sp. z o.o. with its registered office in Turek, address: ul. Górnicza 8, 62-700 Turek, entered into the National Court Register under KRS number 0000132487, holding NIP [tax identification number]: 6680000366, phone: +48 63 278 51 81, e-mail: firstname.lastname@example.org, which owns the Website (hereinafter referred to as the “Controller” or “Flokk”).
3. data protection officer
We have appointed a data protection officer. It is a person you can contact in all matters relating to the processing of personal data.
You can contact the officer in the following manner:
- in writing to the address: ul. Górnicza 8, 62-700 Turek, with a note “Data Protection Officer”,
- via e-mail to the following address: email@example.com ,
- by phone at: +48 63 278 51 81.
4. Scope of personal data processing
4.1. The Controller processes personal data of the Users for the following purposes:
- in order to respond to a message sent via the contact form:
e-mail address, name, and content of such a message,
- in order to respond to message sent via e-mail or by phone:
contact details and the content of such a message,
- in order to send commercial information as part of the Newsletter service ordered by the User:
e-mail address, name, IP address and information about the time of subscription.
4.2. In order to use the services provided electronically, the Controller also processes Internet identifiers: Users' IP addresses and cookie identifiers, as well as User’s device and geolocation data. IP addresses are logged in the so-called server log files. At the end of each visit, the IP address contained in these data is immediately anonymised as soon as the recording for the purpose of maintaining the functionality of the particular website is no longer necessary.
5. Purposes and grounds for personal data processing
5.1. The Controller processes Users' personal data for the purposes related to the functioning of the Website, depending on the services which you use as its User:
- User service
We process data in order to respond to a message sent via the contact form, received by e-mail or by phone - in this regard, the legal basis for processing of personal data is our legitimate interest. Providing personal data is voluntary, although necessary to respond to the received message.
- Newsletter service subscription
We process data in order to send commercial information as part of the Newsletter service ordered by the User, including information about promotions and changes to the offer, as well as other marketing information regarding our goods and services - the basis for processing of your personal data is the consent granted by you, as well as our legitimate interest - within the scope of direct marketing of our goods and services. Providing your personal data is voluntary, although necessary to send you, at your request, information regarding promotions and changes to our offer as well as other marketing information regarding our goods and services.
- notification regarding personal data protection
We process data in order to handle your notification regarding personal data protection - in this regard, the legal basis for processing of your personal data is the performance of our legal obligation to handle your notification regarding personal data protection. Providing personal data is voluntary, although necessary to handle the notification.
6. Transfer of personal data
- technical service providers,
- suppliers and service providers of IT tools,
- hosting companies,
- advisers, law firms,
- in the case of sending marketing information - also to entities providing us with tools to send marketing information and to advertising agencies and other entities cooperating in conducting advertising campaigns.
In other respects, we do not transfer any of your personal data to third parties, except if we are obliged to transfer the data at the authorized request of the authorities on the basis and in the manner prescribed by generally applicable law.
7. Cookies and other technologies
7.2. Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by our ICT system (first-party cookies) or by third party ICT system (third-party cookies). We use first-party cookies to ensure that the website works properly.
7.3. There are two types of cookies:
- session cookies which are deleted when the User closes the browser,
- persistent cookies which are stored for an extended period of time or permanently. These cookies allow us to tailor our Website to preferences of the User.
7.4. As part of our services, we use three categories of cookies:
- essential (functional) cookies: these cookies are necessary to ensure optimal navigation and operation of the Website (e.g. faster loading of the Website), to save User data and settings so that they do not need to be re-entered, and to adapt the Website to individual User preferences. Without the essential cookies, the use of the Website is impossible or possible only to a limited extent.
- statistics cookies:these cookies are necessary to analyse the use of the Website by the Users (e.g. to determine which areas of the Website are used in which way, as well as how quickly the Website content is loaded and whether any errors occur). These cookies contain only anonymous or pseudonymous information and are only used to optimise the Website, collect data on User preferences and measure the effectiveness of advertising. Statistics cookies can be blocked, which does not result in any disruption of the navigation and use of the Website.
- marketing cookies:these cookies are necessary to adapt personalized advertising to the User preferences (retargeting), to repeat advertising messages to the Users who have visited the Website (remarketing) and to study the preferences of groups or individual Users. Marketing cookies can be blocked, which does not result in disruption of the navigation and use of the Website. However, personalization of advertisements will not be available.
7.5. The Website stores http requests directed to the Controller's server. The viewed resources are identified by url addresses. A detailed list of data stored in web server log files includes:
- public IP address of the computer from which the request was received (e.g. User's computer),
- client station name - identification via http protocol, if possible,
- username provided in the authorisation process,
- time of receiving the request,
- first line of the http request,
- http response code,
- number of bytes sent by the server,
- url of a website previously visited by the User (the so-called referer link) - if the Website was visited via a link,
- information about the User’s browser,
- information about errors which occurred during the execution of http transactions.
7.6. The data mentioned above in point 7.5. are not used to identify specific persons, with the exception of the Users to the extent to which they use the functionalities of the Website.
7.7. Log files are stored by Flokk for the time necessary to administer the Website. Flokk also uses log files for statistical purposes, whereas the generated statistics do not contain any identifying characteristics of the person visiting the Website and may be stored for a period of 26 months.
- Google Analytics: We use the Google Analytics tool. We perform activities in this area based on our legitimate interest, consisting of the creation of statistics and their analysis in order to optimize the operation of the Website. Google Analytics automatically collects information about your use of the Website. The information collected in this way is usually transferred to a Google server in the United States and stored there. Google Analytics uses “cookie” technology to evaluate the use of the Website, to enable the Website to analyse the sources of traffic and how visitors use the Website. Google collects on its servers the data generated by the placement of cookies on the devices and uses this information to create reports and provide other services related to the traffic and use of the Internet. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. However, according to Flokk's instructions, the User's IP address is anonymised (masked). The IP address anonymization feature available in Analytics inserts zeros in place of the last octet of the User's IP address using IPv4 and in place of the last 80 bits of IPv6 addresses shortly after those addresses are sent to Google Analytics. These data are never combined with data provided via the use of contact forms available on the Website. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and anonymised there. The User can prevent the Website from logging data via Google Analytics if the plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en is downloaded and installed. If you are interested in the details related to the processing of data within Google Analytics, read the explanation prepared by Google at: https://support.google.com/analytics/answer/6004245.
8. Duration of storage of personal data
8.1. We will store your personal data for as long as necessary for the purposes set out in this Policy, in particular to fulfil our contractual and statutory obligations. We may keep them for other purposes insofar as the law permits us to do so, including for the purpose of defending our rights or asserting claims, however maximum up to the expiry of the statute of limitations period.
8.2. With respect to data obtained in connection with the use of the contact form in the Contact tab or through other forms of contact available on the Website or this Policy, we will store personal data for the period necessary to respond or carry our correspondence, but no longer than for a period of 12 months.
8.3. With regard to data obtained through the Newsletter, we store these data until you cancel this service.
8.4. We also store personal data for the period necessary to perform and demonstrate our compliance with legal obligations in order to allow public authorities to verify their fulfilment.
9. Safety of personal data processing
9.1. Flokk's aim is to ensure the protection of personal data of Users who use the Website.
9.2. Flokk ensures that personal data of Users are secure by applying appropriate technical and organisational measures aimed at preventing accidental or unlawful destruction, loss, modification, unauthorised disclosure or unauthorised access to personal data transmitted, stored or otherwise processed.
9.3. The Website uses encrypted data transmission (SSL).
10. Processing personal data of children
The Website is addressed to persons who are at least 16 years old. Accordingly, Flokk does not knowingly process personal data of children under the age of 16.
11. Rights connected with processing of your personal data
11.1. You have the right to access your personal data at any time. In addition, you can request rectification, erasure, as well as restriction of processing of your personal data.
11.2. In the case of data you have provided to us based on your consent and which we will process using IT systems, you have the right to receive them from us in a structured, machine-readable format or request us to send them directly to another controller.
11.3. If you have given your consent to the processing of personal data, you may revoke it at any time. Revocation of consent will not affect the lawfulness of the processing which was carried out on the basis of your consent prior to its revocation.
11.4. You also have the right to lodge a complaint with the President of the Office for Personal Data Protection if you believe that the processing of your personal data violates the law.
12. Objection to processing of your personal data
12.1. If we process your personal data on the basis of our legitimate interest, you have the right to object to the processing of your personal data - on grounds relating to your specific situation.
12.2. Furthermore, where we process your data for direct marketing purposes, you also have the right to object at any time to such processing, including profiling if it is related to such direct marketing.
13. Automated decision making and profiling
Users' personal data may be processed by automated means - we may use profiling to assess certain information about Users, including to analyse or forecast preferences relating to use of the Website, but this will not have any legal effect or similarly will not materially affect Users.
14. Transfer of personal data to third countries or international organizations
We will not transfer your personal data to countries outside the European Economic Area (third countries) or to international organisations.
15. Final provisions
15.1. The rules set out in the Policy have been drawn up in accordance with and are compliant with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC and the Act of 10 May 2018 on personal data protection (hereinafter referred to as the GDPR).
15.3. In case of any questions or doubts related to the processing of personal data, feel free to contact us. We also ask you to e-mail us if you wish to exercise your right to information or data erasure or other data protection rights under Articles 15-22 of the GDPR, including revoking your consent to the use of your data for marketing purposes, unsubscribing from the Newsletter, etc.