Privacy Policy

Privacy Policy applicable to the website and the Online Store at www.zakladyboleslawiec.com, including personal data and cookies.

1. General information

  1. This Privacy Policy is for information purposes only and contains, in particular, rules regarding the processing of personal data concerning data subjects and information on the use of cookies. The Online Store and the website can be found at the following url: https://zakladyboleslawiec.com
  2. The Controller of the personal data collected through the websites and the Online Store is: Zakłady Ceramiczne “BOLESŁAWIEC” in Bolesławiec Spółka z ograniczoną odpowiedzialnością, ul. Kościuszki 11, 59-700 Bolesławiec.
  3. The terms “Customer” and “User” as used in this document refer to persons and entities using the Controller’s website and Online Store, whose personal data the Controller uses in accordance with this Privacy Policy.
  4. Personal data shall be processed in accordance with the applicable legal provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “GDPR”.
  5. The Controller can be contacted as follows:
    1. by post at the following address: ul. Kościuszki 11, 59-700 Bolesławiec
    2. by e-mail: rodo@ceramicboleslawiec.com.pl
  6. The use of the Online Store and the website is voluntary. Similarly, the related provision of personal data by the person using of the Online Store, the website - with the exception of:
    1. concluding a contract with the Controller - failure to provide personal data within the scope indicated on the website of the Online Store, in the Online Store Terms of Use and in this Privacy Policy to conclude and perform a sales contract shall result in the impossibility of concluding such contract;
    2. statutory obligations of the Controller - providing personal data is a statutory requirement resulting from universally binding legal regulations.
  7. Personal data is used for the following purposes:
    1. Sending newsletters;
    2. Handling enquiries;
    3. Comprehensive handling of product and service orders;
    4. Product portfolio presentation and sending commercial information on products and services provided by ZC “BOLESŁAWIEC” w Bolesławcu Sp. z o.o. (applies to situations where the User has given their consent) 
  8. Information about users and their behaviour is obtained in the following manner:
    1. Through data entered in forms voluntarily;
    2. Through cookie files saved on end devices.

 2. Selected and applied methods of personal data protection

The login and personal data entry points are protected in the transmission layer (SSL certificate). This ensures that the personal and login data entered on the website is encrypted on the User’s computer and can only be read on the target server.

  1. Personal data stored in the database is encrypted in such a manner that only the Operator in possession of the key can read it. This ensures that the data is protected in the event the database is stolen from the server.
  2. An important element of data protection is the regular updating of all software used by the Operator to process personal data, which in particular means regular reviews and updates of programming components.

3. Hosting

  1. The website is hosted (technically maintained) on a server of Home.pl, an external company.

4. Rights and additional information on data use

  1. The Controller may process personal data in the following cases:
    1. account registration to create and manage said account, and place orders for the purpose of contract performance.
      Legal basis: necessary for the performance of the account service contract (Article 6(1)(b) of the GDPR);
    2. subscription to the Newsletter to perform the contract, the subject of which is the service provided electronically.
      Legal basis: consent of the data subject to the performance of the contract necessary for the performance of the Newsletter service contract (Article 6(1)(a) of the GDPR);
    3. use of the contact form service for the performance of a contract service provided electronically.
      Legal basis: necessary for the performance of the contract for the provision of the contact form service (Article 6(1)(b) of the GDPR).
  2. The Customers’ personal data may be transferred to the following recipients or categories of recipients:
    1. hosting companies, on the basis of outsourcing;
    2.  couriers/carriers/forwarders;
    3. postal operators;
    4. banks/payment operators;
    5. authorised employees and associates who use the data to fulfil the purpose of the website;
    6. companies providing marketing services to the Controller.
  3. The Customers’ personal data shall be processed by the Controller no longer than it is necessary to perform the related activities specified in separate regulations. With regard to marketing data, the data shall be processed until the date of withdrawal of consent by the Customer.
  4. The Customer has the right:
    1. to withdraw consent - Article 7(3) of the GDPR;
    2. to object to the processing of their data - Article 21 of the GDPR;
    3. to have their data erased (“right to be forgotten”) - Article 17 of the GDPR;
    4. to restrict data processing - Article 18 of the GDPR;
    5. to gain access to data - Article 15 of the GDPR;
    6. to rectify data - Article 16 of the GDPR;
    7. to data portability - Article 20 of the GDPR.
  5. The Customer shall have the right to object to the processing of personal data for the purposes of the Controller pursuing the legitimate interests, including profiling, whereby the right to object shall not be exercisable where there are valid legitimate grounds for the processing which override the Customer’s interests, rights and freedoms, in particular the establishment, assertion of or defence against claims. The addresses for to send objections are set out in item 1, section 5 of this document.
  6. The Controller’s actions may be complained about to the President of the Personal Data Protection Office.
  7. Actions based on automated decision making, including profiling, may be taken in relation to the Customer to provide services under the concluded contract and in relation to the Customers for whom the Controller has registered an appropriate consent to conduct direct marketing activities.
  8. Personal data may be transferred outside the European Union (EU) or the European Economic Area (EEA) to so-called third countries. In connection with the Controller’s use of Google Analytics and Facebook Pixel, a portion of the anonymised data is transferred to the USA.

5. Information on the forms

  1. Data provided in the form is processed for the purpose resulting from the function of a particular form, e.g. for the purpose of processing a service request or business contact, service registration, etc. Each time the context and description of a form provides clear information on what it is used for.

6. Profiling within the Online Store

  1. The GDPR imposes an obligation on the Controller to inform about automated decision-making, including profiling, as referred to in Article 22(1)(4) of the GDPR.
  2. The Controller may use profiling in the Online Store for direct marketing purposes, however, the decisions made by the Controller on its basis do not concern concluding or refusing to conclude a Sales Contract and the possibility of using Electronic Services in the Online Store.
  3. Profiling consists in automatic analysis or forecast of a given person’s behaviour on the Online Store website, e.g. by adding a particular product to the shopping basket, analysis of the history of purchases made. The condition for such profiling is that the Controller is in possession of the personal data and the consent of the Customer to be able to send, e.g., proposals for the purchase of additional products.

7. Controller logs

  1. Information about user behaviour on the site may be subject to logging. This data is used for website administration purposes.

8. Essential marketing techniques

  1. The Controller uses statistical analysis of the website traffic, via Google Analytics (Google Inc., with its registered office in the USA), does not transmit personal data to the service, but only anonymised information. The service is based on the use of cookies on the Customer’s end device.
  2. The Controller uses marketing techniques which allow it to adjust advertising messages to the Customer’s behaviour on the website.
  3. The Controller uses Facebook Pixel. The Controller does not pass on any additional personal data from itself to Facebook. The service is based on the use of cookies on the User’s end device.
  4. The Controller uses a solution to study User behaviour on the website. This information is anonymised before it is sent to the service provider so that they do not know which individual it relates to.
  5. The Controller uses a solution which automates marketing and promotional activities in relation to Customers, provided that they have agreed to receive commercial messages.

9. Information on cookies

  1. The website uses cookies.
  2. Cookie files are computer data, in particular text files, stored on the User’s end device and intended for using the Controller’s websites. Cookies usually contain the name of the website from which they originate, the duration of their storage on the end device, and a unique number.
  3. The entity which places cookies on the Customer’s end device and has access to them is the Controller.
  4. Cookies are used for the following purposes:
    1. maintaining the User’s session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage;
    2. to achieve the objectives set out above under “Essential marketing methods”;
  5. Two main types of cookies are used: session cookies and persistent cookies. Session cookies are temporary files which are stored on the Customer’s end device until they log out, leave the website, or turn off the software (web browser). Persistent cookies are stored in the Customer’s end device for the time specified in the cookie file parameters or until the Customer deletes them. Cookies placed in the Customer’s end device can also be used by entities cooperating with the Controller.
  6. The cookie mechanism is safe for Customers’ computers.

10. Managing cookies – how to give and withdraw consent in practice?

  1. If the User does not wish for cookie files to be saved on their device, they may change the browser settings. Please note that disabling cookies which are essential for authentication, security and maintaining User preferences can make it difficult, and in extreme cases impossible, to use the websites and the Online Store.

11. Changes to the Privacy Policy

  1. This Privacy Policy is subject to change and Customers shall be notified thereof 7 days in advance.
  2. Previous modification date: 11/04/2022.