Privacy policy
- This Privacy Policy of the website is for information purposes only, which means that it does not consitute any obligation for the Users or Customers of the website. The Privacy Policy contains mainly rules on personal data processing by the Administrator in the website, including the basis, purposes and scope of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools in the website.
- The administrator of the personal data collected through this website is CJ BLOK Sp. z o.o. FABRYKA ELEMENTÓW BUDOWLANYCH, ul. Pod Borem 25, 360-060 Głogów Młp., entered in the Register of Entrepreneurs of the National Court Register by the District Court in Rzeszów, XII Commercial Division of the National Court Register under no. KRS 0000100381, NIP 5170004790, REGON 691576220, e-mail address: [email protected], contact phone no: 17 851 82 20 - hereinafter referred to as the "Administrator" and being at the same time the Service Provider of the website and the Seller.
- Personal data on the website are processed by the Administrator in accordance with the applicable legal provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation". Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
- The use of the website, including making purchases, is voluntary. Similarly, the related provision of personal data by the user of the website or the customer is voluntary, subject to two exeptions: (1) conclusion of agreements with the Administrator - failure to provide, in the cases and to the extent indicated on the website and in the Terms and Conditions of the website and this Privacy Policy, personal data necessary for the conclusion and perfomance of a Sales Agreement or an agreement for the provision of Electronic Services with the Administrator, results on the impossibility of concluding that agreement. Providing personal data in such a case is a contractual requirement and if the data subject wants to conclude a given contract with the Administrator, he/she is obliged to provide the required data. Each time, the scope of data required to conclude a contract is indicated beforehand on the website and in the Terms of Service of the website; (2) the Administrartor's statutory obligations - providing personal data is a statutory requirement resulting from universally applicable laws imposing an obligation to process personal data on the Administrator (e.g. processing of data for the purpose of keeping tax or accounting books), and failing to provide such data will prevent the Administrator from fulfilling those obligations.
- The Administrator shall take particular care to protect the interests of persons to whom the personal data processed by him/her relate, and in particular he/she shall be responsible and ensure that the data collected by him/her are (1) processed lawfully; (2) collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes; (3) substantively correct and adequate in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of processing; and (5) processed in a manner which ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures.
- Having regard to the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying degrees of probability and seriousness, the Administrator shall implement appropriate technical and organisational measures to ensure that processing is carried out in accordance with this Regulation and to be able to demonstrate it. These measures shall be reviewed and updated as necessary. The Administrator shall apply technical measures to prevent unauthorised persons from acquiring and modifying personal data transmitted electronically.
- Any words, phrases and acronyms appearing in this Privacy Policy and beginning with a capital letter (e.g. Seller, website, Electronic Service) shall be understood in accordance with their definition contained in the Terms and Conditions of the website.
- The Administrator shall be entitled to process personal data in cases where, and to the extent that, one or more of the following conditions are met: (1) the data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overriden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
- The processing of personal data by the Administrator requires in each case the existence of at least one of the grounds indicated in point 2.1 of the Privacy Policy. Specific grounds for processing personal data of the website's Users and Clients by the Adminstrator are indicated in the next point of the Privacy Policy - with reference to a given purpose of personal data processing by the Administrator.
- Each time, the purpose, ground, duration and scope and recipients of the personal data processed by the Admnistrator result from the actions taken by a given Customer or Client on the website. For example, if the customer decides to make purchases on the website and chooses personal collection of the purchased Product instead of courier delivery, his or her personal data will be processed for the purpose of executing the Sales Contract concluded, but will no longer be shared with the carrier making the deliveries on behalf of the Administrator.
- The Administrator may process personal data on the website for the following purposes, on the following grounds, in the following periods and in the following scope:
Purpose of data processing | Legal basis for processing and duration of storage | Scope of data processing |
---|---|---|
Performance of the Sales Agreement and sending personalized commercial information as part of direct marketing. Performance of the contract for the provision of an Electronic Service. Taking actions at the request of the data subject before concluding the above-mentioned contracts. |
Article 6 (1)(b) and (f) of the GDPR Regulations (Performance of the contract and the legitimate interest of the Administrator). The data shall be stored for the period necessary for the performance, termination or otherwise expiry of the contract concluded. The data shall be stored for the period of existence of a legitimate interest pursued by the Administrator, however, not longer than the period of limitation of claims towards the data subject resulting from the Administrator's business activities. The period of limitation shall be determined by the provisions of law, in particular of the Civil Code (the basic limitation period for claims related to business activities is three years, and for a sales contract - two years). |
Maximum scope: first and last name; e-mail address; contact telphone number; delivery address (street, house number, apartment number, postal code, city), residential/business/office address (if different from delivery address) and tax identification number (NIP) of the Customer or Client. |
Marketing. | Article 6 (1)(a) of the GDPR Regulation (consent). The data shall be stored until the data subject withdraws his or her consent to further processing for this purpose. |
E-mail address. |
The Customer's opinion on the concluded Sales Agreement. | Article 6 (1)(a) of the GDPR Regulation. The data shall be stored until the data subject withdraws his or her consent to further processing for this purpose. |
E-mail address. |
Keeping tax or accounting books. | Article 6 (1)(c) of the GDPR Regulation in conjunction with Article 74(2) of the Accounting Act of 30 January 2018. (Journal of Laws of 2018, item 395). The data shall be stored for the period required by law prescribing the Administrator to keep tax books (until the expiry of the tax liability limitation period, unless tax acts provide otherwise) or accounting books (5 years, counting from the beginning of the year following the financial year to which the data refers). |
First name and last name; address of residence/business/seat (if different from the delivery address), company name and tax identification number (NIP) of the Customer or Client. |
Determining, investigating or defending claims which the Administrator may raise or which may be raised against the Administrator. | Article 6(1)(f) of the GDPR Regulation. The data shall be stored for the period of existence of a legitimate interest pursued by the Administrator, however, not longer than the period of limitation of claims towards the data subject resulting from the Administrator's business activities. The period of limitation shall be determined by the provisions of law, in particular of the Civil Code (the basic limitation period for claims related to business activities is three years, and for a sales contract - two years). |
First and last name; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city), address of residence/business/seat (if different from the delivery address) and the tax identification number (NIP) of the Customer or Client. |
DATA RECIPIENTS On the website
- For the proper functioning of the website, including the performance of Sales Agreements concluded, it is necessary for the Administrator to use the services of external entities (such as e.g. software provider, courier, or payment processor). The Administrator shall only use such processors who provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects. Transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the Privacy Policy - the Administrator provides data only if it is necessary for the realization of a given purpose of personal data processing and only to the extent necessary for its realization. For example, if the Customer uses personal collection, his/her data will not be transferred to the carrier cooperating with the Administrator.
- Personal data of the Customers and Clients of the website may be transferred to the following recipients or categories of recipients:
- carriers/forwarders/courier brokers - in the case of a Customer who uses the method of delivery of the Product by post or courier on the website, the Admnistrator shall make the collected personal data of the Customer availabe to the selected carrier, forwarder or broker executing the shipment on the order of the Admnistrator to the extent necessary to realize the delivery of the Product to the Customer.
- entities processing electronic or credit card payments - in the case of a Customer who uses the electronic or credit card payment method in a website, the Administrator shall make the collected personal data of the Customer available to a selected entity processing the aforementioned payments in the website at the request of the Administrator to the extent necessary to handle the payment made by the Customer.
- opinion poll system providers - in the case of a Customer who agreed to express an opinion on a Sales Agreement concluded, the Administrator makes the collected personal data of the Customer available to a selected entity providing a system of opinion polls on Sales Agreements concluded on the website at the request of the Administrator to the extent necessary to express an opinion by the Customer with the use of the opinion poll system.
- service providers supplying the Administrator with technical, IT and organisational solutions enabling the Administrator to run its business, including the website and the Electronic Services provided through it (in particular, computer software providers for managing the website, e-mail and hosting providers as well as providers of business management software and technical assistance to the Administrator) - the Administrator shall make the collected personal data of the Customer available to the chosen provider acting on its behalf only in the case and to the extent necessary for the realization of the given purpose of data processing in accordance with this Privacy Policy.
- providers of accounting, legal and advisory services who provide the Administrator with accounting, legal or advisory support (in particular an accounting office, a law firm or a debt collection agency) - the Administrator shall make the collected personal data of the Customer available to the selected provider acting on its behalf only in the case and to the extent necessary to carry out the given purpose of data processing in accrodance with this Privacy Policy.
- The GDPR Regulation imposes an obligation on the Administrator to provide information on automated decision-making, including profiling as referred to in Article 22(1) and (4) of the GDPR Regulation, and at least in these cases, relevant information on the modalities of such decision-making, as well as on the significance and the envisaged consequences of such processing for the data subject. With this in mind, the Administrator provides information on possible profiling in this section of the Privacy Policy.
- The Administrator may use profiling on the website for direct marketing purposes, but the decisions made on its basis by the Administrator do not concern concluding or refusing to conclude a Sales Agreement, or the possibility of using Electronic Services on the website. The effect of using profiling on a website may be, for example, reminding about unfinished shopping, indicating a Product proposal, which may correspond to the interests or preferences of a given person. Despite the profiling, a person is free to decide whether to use the Product offer received.
- The data subject shall have the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects or significantly affects the person in a similar way.
- The right to access, rectify, limit, delete or transfer - the data subject has the right to request the Administrator to access his/her personal data, rectify it, delete ("the right to be forgotten") or limit processing and has the right to object to processing, and also has the right to transfer their data. Detailed conditions for the exercise of the above-mentioned rights are set out in Art. 15-21 of the GDPR Regulation.
- The right to withdrawn consent at any time - a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to art.6(1)(a) or art. 9(2)(a) of the GDPR Regulation) has the right to withdraw consent at any time without affecting the legality of the processing carried out on the basis of the consent before its withdrawal.
- The right to lodge a complaint to the supervisory body - the person whose data is processed by the Administrator has the right to lodge a complaint to the supervisory body in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland is the President of the Office for Personal Data Protection.
- Right to object - the data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the Administrator), including profiling under these provisions. The Administrator shall in that case no longer be permitted to process those personal data unless the Administrator demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defense of claims.
- Right to object to direct marketing - where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of his or her personal data for such marketing purposes, including profiling, insofar as the processing is related to such direct marketing.
- In order to exercise the rights referred to in this section of the Privacy Policy, please contact the Administrator by sending a relevant message in writing or by e-mail to the Administrator's address indicated at the beginning of the Privacy Policy or by using the contact form available on the website.
- Cookies are small information in the form of text files which are sent by a server and stored on the side of a website visitor (e.g. on the hard drive of a computer, laptop or smartphone memory card - depending on the device used by the visitor to our website). Detailed information on cookies, as well as the history of their creation can be found, among others, here: http://pl.wikipedia.org/wiki/Ciasteczko.
- The Administrator may process the data contained in Cookies when visitors use the website for the following purposes:
- identifying the Customers as logged in to the website and showing that they are logged in;
- adapting the content of the website to the Customer's individual preferences (e.g. as regards colours, font size, page layout) and optimising the use of the website.
- keeping anonymous statistics on how the website is used;
- remarketing, i.e. studying the behaviour of website visitors through anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisments tailored to their expected interests, also when they visit other websites on the advertising network of Google Inc. and Facebook Ireland Ltd.
- The majority of web browsers available on the market accept Cookies by default. Users can determine the conditions for the use of Cookies by means of the settings of their web browser. This means that it is possible, for example, to partially restrict (e.g. temporarily) or completely disable the storage of Cookies - in the latter case, however, it may affect some functionalities of the website (for example, it may not be possible to follow the path of the Order through the Order Form due to not remembering the Products in the shopping cart during the consecutive steps of placing the Order).
- Your browser's cookie settings are important to your consent to the use of cookies on your website - according to the law, you can also give your consent via your browser settings. If you have not given your consent, you must change your browser's cookie settings accordingly.
- Detailed information on how to change the settings for cookies and how to delete them yourself in the most popular web browsers is available in the help section of your web browser.
- The Administrator may use the services Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). These services help the Administrator to analyse traffic on the website. The collected data is processed as part of the above services in an anonymised manner (this is the so-called exploitation data, which prevent identification of the person) to generate statistics that help administer the website. The data are collective and anonymous, i.e. they do not contain identifying characteristics (personal data) of persons visiting the website. When using the above services in a website, the administrator collects such data as the source and medium of obtaining the visitors to the website and their behaviour on the website, information about the devices and browsers from which they visit the website, IP and domain, geographical data and demographic data (age, gender) and interests.
- It is possible for a given person to easily block sharing information with Google Analytics about their activity on the website - for this purpose, you can install a browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl
The website may contain links to other websites. The Administrator encourages the users to familiarise themselves with the Privacy Policy of other websites. This Privacy Policy applies only to the Admnistrator's website.