- The Controller of personal data is SUNEWMED+ spółka z ograniczoną odpowiedzialnością spółka komandytowa with its registered office in Żerniki (62-023), ul. Przemysłowa 16, entered into the National Court Register by the District Court in Poznań, 8th Commercial Division under KRS [company registration number] 0000810137, NIP [tax identification number]: 7773354896 (hereinafter referred to as the „Controller”).
- The Controller can be contacted in writing at the address indicated in the paragraph above or by email at email@example.com.
- The Controller, due to its business activity, collects and processes personal data in accordance with the relevant provisions, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (hereinafter referred to as the “GDPR”).
- The Controller collects only the personal data that Customers voluntarily provide when placing their orders, by contacting, inter alia, via the contact form, email or telephone.
- The Controller attaches great importance to the protection of privacy and confidentiality of personal data entered or provided by the Customers and with due diligence selects and applies appropriate technical and organizational measures to protect the personal data being processed. Only persons duly authorized by the Controller have full access to the databases. The Controller protects personal data against disclosure to unauthorized persons, as well as against its processing in breach of applicable law.
- The Customers can browse websites in services run by the Controller without providing personal data.
§ 2. Basis for personal data processing
- Personal data is processed by the Controller in accordance with the law, including in particular GDPR in order to:
- establish business relations, including answer questions asked by the Customers (pursuant to Article 6 (1) (f) of RODO as to implement the legitimate interest of the Controller);
- conclude and perform the agreement for the provision of services by the Controller, including to implement orders placed by the Customers in the online store with sunew.pl domain under the conditions set out in the Online Store Regulations or to implement the newsletter service order under the conditions set out in the Newsletter Service Regulations (pursuant to Article 6 (1) (b) of GDPR);
- implement the legally justified interests of the Controller, i.e. marketing of own products or services, pursuing or securing claims (pursuant to Article 6 (1) (f) of GDPR);
- fulfill the legal obligations incumbent on the Controller regarding tax and accounting obligations (pursuant to Article 6 (1) (c) of GDPR in connection with tax and accounting regulations);
- run social profiles and inform customers through them about the Controller’s activity, promoting and advertising organized events, promoting the brand, products and services, building and maintaining a community related to the Controller, and for communication via the available functionalities (pursuant to Article 6 (1) (f) of GDPR as the implementation of the legitimate interest of the Controller).
- Providing data is voluntary, however, the consequence of not providing data will be the inability to establish a commercial relationship or conclude a product sales agreement in the Online Store with sunew.pl domain.
§ 3. Basic rules for the processing of personal data
- The Controller shall process personal data only to the minimum extent necessary to achieve the purposes for which it is collected. The purposes of collecting Customers’ personal data are clearly defined, and they are based on legal regulations. The Controller shall not process personal data in a manner inconsistent with these purposes.
- The Controller shall implement the Customers’ rights regarding their personal data in accordance with the law, including it shall take care of the correctness of the Customers’ personal data and promptly respond to any requests for rectification or updating of data.
- The Controller shall limit the storage of personal data in accordance with the law, only to the period necessary to achieve the purposes for which it is collected, unless there are reasons enabling the extension of the period of data storage.
- If personal data is shared with other entities, it must be done in a safe, contractually secured or otherwise compliant with applicable law manner.
§ 4. Rights related to the processing of personal data
- Each Customer whose personal data is processed by the Controller shall have the right to:
- access his/her data,
- rectify data,
- request the deletion of data,
- limit data processing,
- transfer data,
- object, for reasons related to its particular situation, to the processing of data on the basis of the legitimate interest of the Controller,
- object to processing for direct marketing purposes,
- withdraw consent, if the processing is based on consent (withdrawal of consent shall not affect the lawfulness of the processing which was conducted on the basis of consent before its withdrawal).
- The exercise of the rights may be implemented in any way, including by sending an appropriate request to the Controller’s email address, providing the first and last name and email address (email) of the Customer. The application should, if possible, precisely indicate what the request relates to, that is in particular: (1) what right does the person submitting the application want to use; (2) what processing the request concerns (e.g. use of a specific service). If the Controller is unable to determine the content of the request or identify the person submitting the application based on the submitted application, it will ask the applicant for additional information.
- The Customer shall also have the right to lodge a complaint with the supervisory body if it considers that the processing of personal data by the Controller breaches the provisions of applicable law.
- Customer data may be transferred to entities authorized to receive it under applicable law, including the competent judicial authorities.
- Personal data may also be transferred to trusted service providers, such as: entities providing delivery services, entity providing payment services, entity providing accounting services, partners providing technical services (developing and maintaining IT systems and websites), debt collection companies.
§ 6. Personal data processing period
- Personal data shall be kept only for the period necessary to achieve a specific purpose.
- Personal data processed in order to perform the agreement will be stored for the duration of the agreement concluded with the Controller, and after its expiry for the period necessary to secure or pursue possible claims or fulfill the Controller’s legal obligation (resulting from tax or accounting regulations), also for the time needed to maintain compliance with the law.
- If personal data is processed on the basis of a separate consent, it shall be kept until its withdrawal. Withdrawal of consent shall not affect the lawfulness of the processing which was performed on the basis of consent before its withdrawal.
- Personal data processed for the purposes of marketing own products or services or on the basis of a legitimate legal interest, shall be stored until the data subject submits an objection.
- After the expiry of the processing period, the data is irreversibly deleted or anonymized.
§ 7. Other provisions
- The Controller uses IP addresses collected during internet connections only for technical purposes related to server administration. In addition, IP addresses are used to collect general, statistical demographic information (e.g. about the region from which the connection is made).
- The Controller may process personal data in an automated manner, including in the form of profiling, however, the automated processing shall not lead to a decision having legal effects or similarly significantly affect the Customer. This processing may affect the selection of displayed advertisements or the selection of products and services offered. The Customer can receive special offers via personalized email or Internet advertising.
§ 8. Cookies
- As a rule, the Controller uses two types of cookies – “session” and “permanent” cookies. Session cookies are temporary files that remain on the user’s device until leaving the website or turning off the software (web browser). Permanent cookies are files that remain on the user’s device for the time specified in the cookie parameters or until they are manually deleted by the user.
- As part of the Controller’s websites, the following types of cookies are used to provide services:
- necessary cookies, enabling the use of services available within the websites run by the Controller, in particular authentication cookies used for services that require authentication;
- functional cookies, allowing the Controller to analyze how the Customer uses websites, including enabling “remembering” the settings selected by the Customer and personalizing the interface;
- advertising/business cookies, allowing the Controller to better assess the effectiveness of advertising and marketing activities. These cookies come from partners whose services are used by the Controller to analyze and track website visits and the effectiveness of the advertisements used. Such external processing shall be subject to the privacy policies of the partners.
- The web browsing software (web browser) usually allows cookies to be stored on the end device by default. The Customer browsing the Controller’s websites may independently and at any time change the cookie settings, specifying the conditions for their storage and access to its device via cookies. Changes to the settings referred to in the previous sentence can be made by the Customer using the web browser settings. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform about them each time cookies are posted on the Customer’s device. Detailed information on the possibilities and methods of handling cookies is available in the software (web browser) settings.
- Using the websites run by the Controller, without changing the cookie settings, consent to the storage of cookies. The Customer can always withdraw consent by changing the cookie settings.
- Information on how to configure cookie settings in exemplary web browsers can be found:
- in the Internet Explorer browser
- in the Chrome browser
- in the Opera browser
- in the Mozilla Firefox browser
- in the Safari browser