Cookies help us deliver our services. By using our services, you agree to our use of cookies.
Privacy notice
I. Personal data controller
1. The administrator of personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) is Krzysztof Kleszyński, conducting business activity under the name Krzysztof Kleszyński, K2Dnn.net, at the address Siekierczyna 58, 34-600 Limanowa, NIP (Tax Identification Number): 6762079753, REGON (National Business Registry Number): 121815429.
2. The data controller's email address: sales@k2action.eu.
3. Pursuant to Article 32(1) of the GDPR, the controller complies with the principle of personal data protection and implements appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure, or unauthorized access to personal data processed in connection with its business activities.
4. The provision of personal data by the customer is voluntary, but necessary in order to conclude a contract with the data controller.
5. The data controller processes personal data, in particular in the form of identification data (name and surname and company name), address data, tax identification number and other registration numbers, contact details (telephone number) and identification data of persons indicated by the customer as contact persons.
II. Purpose and basis for the processing of personal data
The controller processes personal data for the following purposes:
a) preparing a commercial offer in response to the customer's interest, which is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);
b) concluding and performing sales contracts with customers on the basis of a concluded contract (Article 6(1)(b) of the GDPR);
c) providing services electronically via the Online Store, on the basis of a concluded contract (Article 6(1)(b) of the GDPR);
d) handling the complaint process, on the basis of the obligation incumbent on the data controller in connection with applicable law (Article 6(1)(c) of the GDPR);
e) accounting related to the issuance and acceptance of settlement documents, based on tax law provisions, including the Accounting Act of September 29, 1994, and the Goods and Services Tax Act of March 11, 2004 (Article 6(1)(c) of the GDPR);
f) archiving of data for the possible establishment, investigation or defense against claims or the need to prove facts, which is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);
g) contact by telephone or e-mail, in particular in response to inquiries addressed to the data controller, which is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);
h) sending technical information regarding the functioning of the Online Store and the services used by the customer, which is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);
i) marketing the data controller's own products, which is its legitimate interest (Article 6(1)(f) of the GDPR) or is based on prior consent (Article 6(1)(a) of the GDPR).
III. Data recipients. Transfer of data to third countries
1. The recipients of personal data processed by the data controller may be entities cooperating with the data controller when it is necessary for the performance of a contract concluded with the data subject.
2. The recipients of personal data processed by the data controller may also be subcontractors – entities whose services are used by the data controller in the processing of data, e.g., accounting offices, law firms, entities providing IT services (including hosting services).
3. The data controller may be required to disclose personal data on the basis of applicable law, in particular to disclose personal data to authorized state authorities or institutions.
4. Personal data will not be transferred to an entity based outside the European Economic Area.
IV. Period of storage of personal data
1. The data controller stores personal data for the duration of the contract concluded with the data subject and after its termination for purposes related to pursuing claims related to the contract, performing obligations under applicable law, but for no longer than the limitation period in accordance with the provisions of the Civil Code.
2. The data controller shall store personal data contained in accounting documents for the period specified in the provisions of the Goods and Services Tax Act and the Accounting Act.
3. The data controller shall store personal data processed for marketing purposes for a period of 10 years, but no longer than until the consent to data processing is withdrawn or an objection to data processing is raised.
4. The data controller shall store personal data for purposes other than those specified in paragraphs 1-3 for a period of 3 years, unless consent to data processing has been withdrawn earlier and data processing cannot be continued on a basis other than the consent of the data subject.
V. Rights of the data subject
1. Every data subject has the right to:
a) access – obtain confirmation from the controller as to whether their personal data is being processed. If the data subject's data is being processed, they are entitled to access it and obtain the following information: the purposes of the processing, the categories of personal data, information about the recipients or categories of recipients to whom the data have been or will be disclosed, the period for which the data will be stored or the criteria for determining that period, the right to request the rectification, erasure, or restriction of the processing of personal data concerning the data subject, and to object to such processing (Article 15 of the GDPR);
b) to receive a copy of the data – to obtain a copy of the data undergoing processing, with the first copy being free of charge and the controller being able to charge
a reasonable fee based on administrative costs for subsequent copies (Article 15(3) of the GDPR);
c) to rectification – to request the rectification of personal data concerning them that is inaccurate or to complete incomplete data (Article 16 of the GDPR);
d) to erasure – to request the erasure of their personal data if the controller no longer has a legal basis for processing it or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR);
e) to restrict processing – to request the restriction of the processing of personal data (Article 18 of the GDPR) when:
- the data subject contests the accuracy of the personal data – for a period enabling the controller to verify the accuracy of the data,
- the processing is unlawful and the data subject opposes its erasure, requesting instead that its use be restricted,
- the controller no longer needs the data, but it is required by the data subject for the establishment, exercise, or defense of legal claims,
- the data subject has objected to the processing - until it is determined whether the legitimate grounds on the part of the controller override those of the data subject;
f) to data portability – to receive, in a structured, commonly used and machine-readable format, personal data concerning him or her which he or she has provided to the controller, and to request that this data be sent to another controller, if the data is processed on the basis of the consent of the data subject or a contract concluded with them and if the data is processed by automated means (Article 20 of the GDPR);
g) to object – to object to the processing of their personal data for the legitimate purposes of the controller, on grounds relating to their particular situation, including profiling. In such a case, the controller shall assess whether there are compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or grounds for the establishment, exercise, or defense of legal claims. If, according to the assessment, the interests of the data subject override those of the controller, the controller shall cease processing for those purposes (Article 21 of the GDPR).
2. In order to exercise the above rights, the data subject should contact the controller using the contact details provided and inform him of which right he wishes to exercise and to what extent.
3. The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office in Warsaw.
VI. Profiling
Personal data obtained by the data controller will not be processed automatically, including through profiling.
Translated with DeepL.com (free version)