Privacy policy

PRIVACY POLICY AND COOKIE POLICY

Using the Website http://ekostempel.com.pl/ signifies acceptance of the terms of the Privacy Policy and Cookie Policy below.

As a User, please familiarize yourself with its provisions. We inform you in it how we care for User Data, how we process it, to whom we entrust it, and many other important issues related to Personal Data.

§1 GENERAL PROVISIONS

1. This Privacy Policy and Cookie Policy set out the rules for Processing and protection of Personal Data provided by Users and Cookies, as well as other technologies appearing on the Website under the name and link: http://ekostempel.com.pl/
2. The Administrator of the Site and the Personal Data transmitted within it is MAREK BAŁOS, running a business under the name ZAKŁAD STOLARSTWA I TOKARSTWA W DREWNIE, MAREK BAŁOS, located at Grzechynia 424a, 34-220 Grzechynia, NIP: 5520103619, according to the document generated from the Central Registration and Information on Business system.

3. The Administrator processes Personal Data in accordance with currently applicable legal provisions, in particular in accordance with the GDPR and the Act on the Protection of Personal Data.
4. The Administrator takes special care to ensure respect for the privacy of Users and protection of their interests, in particular by ensuring that the Personal Data collected by the Administrator through the Website are processed only for specified purposes and not subjected to further processing inconsistent with these purposes.
5. The Personal Data of Users are collected and processed solely based on appropriate legal bases, and the scope of data is dependent on the type of service provided and as limited as possible.
6. In case of any doubts regarding the provisions of this Privacy Policy and Cookie Policy, please contact the Administrator via email: info@ekostempel.com.pl.
7. The Administrator reserves the right to make changes to the Privacy Policy and Cookie Policy, and every User of the Site is obliged to be familiar with the current Privacy Policy and Cookie Policy. The reasons for changes may be: the development of internet technology, changes in generally applicable law, or the development of the Site, e.g., by using new tools by the Administrator. The date of publication of the current Privacy Policy and Cookie Policy is located at the bottom of the Site. 
8. This Policy also defines the conditions for using the services provided by the Administrator, including the Intermediary Service, regulating the relations between the Administrator, as the provider of the Intermediary Service, and the Recipient of the services referred to in § 10 of this Policy.
9. Other definitions, procedures, obligations, and rights resulting from the Digital Services Act (DSA) have been described in § 10 of this Policy and are an integral part thereof.
10. The terms with capital letters used in this Privacy Policy and Cookie Policy have the meanings given to them in § 2 of the Privacy Policy.

§2 DEFINITIONS

1. Administrator – MAREK BAŁOS, running a business under the name ZAKŁAD STOLARSTWA I TOKARSTWA W DREWNIE, MAREK BAŁOS, located at Grzechynia 424a, 34-220 Grzechynia, NIP: 5520103619, according to the document generated from the Central Registration and Information on Business system.
2. User – any entity staying on the site and using it.
3. Website – the website located at the address http://ekostempel.com.pl/.
4. Personal Data – any information about an identified or identifiable natural person, i.e., name and surname, identification number, location data, an online identifier, or one or more specific factors defining the physical, physiological, genetic, mental, economic, cultural, or social identity of the natural person.
5. Consent – voluntary, specific, informed, and unambiguous expression of will, by which the User, by a statement or clear affirmative action, consents to the processing of Personal Data concerning him or her.
6. Form – areas on the Site that allow the User to enter Personal Data for the purposes indicated therein, e.g., for newsletter dispatch, for placing an order, for contacting the User.
7. GDPR – refers to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
8. DSA – refers to the Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC.
9. Personal Data Protection Act – the act of 10 May 2018 on personal data protection (Journal of Laws 2019, item 1781 with later amendments).
10. Act on Providing Services by Electronic Means – the act of 18 July 2002 on providing services by electronic means (Journal of Laws of 2020, item 344 with later amendments).
11. Telecommunications Law Act – the act of 16 July 2004 Telecommunications Law (Journal of Laws of 2024, item 34 with later amendments).

§3 PERSONAL DATA AND THE PRINCIPLES OF THEIR PROCESSING

WHO IS THE ADMINISTRATOR OF THE USER’S PERSONAL DATA?

The Administrator of the User’s Personal Data is MAREK BAŁOS, running a business under the name ZAKŁAD STOLARSTWA I TOKARSTWA W DREWNIE, MAREK BAŁOS, located at Grzechynia 424a, 34-220 Grzechynia, NIP: 5520103619, according to the document generated from the Central Registration and Information on Business system.

IS THE PROVISION OF DATA VOLUNTARY? WHAT ARE THE CONSEQUENCES OF NOT PROVIDING THEM?

Providing Data is voluntary, however, not providing certain information, generally marked on the Administrator’s pages as mandatory, will result in the inability to perform a given service and achieve a specific goal or take certain actions.

Providing by the User of Data that are not mandatory or an excess of data that the Administrator does not need to process occurs based on the User’s decision and then the processing takes place based on the premise contained in Article 6(1)(a) of the GDPR (consent). The User gives consent for the processing of these data and for the anonymization of data that the Administrator does not require and does not want to process, but which the User has provided to the Administrator nonetheless.

FOR WHAT PURPOSES AND ON WHAT LEGAL BASES DOES THE ADMINISTRATOR PROCESS THE USER’S PERSONAL DATA PROVIDED WHILE USING THE SITE?

User’s personal data on the Administrator’s website may be processed for the following purposes and on the following legal bases:

The provision by the User of Data that are not mandatory or an excess of data that the Administrator does not need to process occurs based on the User’s decision and then the processing takes place based on the premise contained in Article 6(1)(a) GDPR (consent). The User gives consent for the processing of these Data and for the anonymization of Data that the Administrator does not require and does not want to process, but which the User has provided to the Administrator.

HOW ARE DATA COLLECTED?

Only the Data that the User themselves provides are collected and processed (except for – in certain situations – Data automatically collected through cookies and login data, as mentioned below).

During a visit to the site, Data concerning the visit itself, such as the User’s IP address, domain name, browser type, operating system type, etc. (login data), are automatically collected. Automatically collected data may be used to analyze User behaviors on the Website, gather demographic data about Users, or personalize the content of the site to improve it. However, these data are processed solely for administering the Site, ensuring efficient hosting service, or directing marketing content and are not associated with the Data of individual Users. More about cookies can be read in the later part of this Policy.

Data may also be collected for the purpose of filling out forms located on the Site, as mentioned in the later part of the Privacy Policy.

Information society services

The Administrator does not collect Data of children. The User should be at least 16 years old to independently give consent for the processing of personal data for the purpose of providing information society services, including for marketing purposes, or to obtain such consent from a legal guardian (e.g., a parent).

If the User is under 16 years old, they should not use the Site http://ekostempel.com.pl/.

The Administrator is authorized to make reasonable efforts to verify whether the User meets the age requirement mentioned above, or whether a person exercising parental authority or care over a User under 16 has given or approved the Consent.

WHAT ARE THE USER’S RIGHTS?

The User has the following rights at any time, as outlined in Articles 15-21 of the GDPR:

• the right to access the content of their Data,
• the right to data portability,
• the right to rectification of Data,
• the right to correction of Data,
• the right to erasure of Data if there is no basis for their processing,
• the right to restrict processing if it has been carried out improperly or without legal basis,
• the right to object to processing of Data on the basis of the administrator’s legitimate interest,
• the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office, if they believe that the processing of their data is inconsistent with the currently applicable legal provisions regarding Data protection.
• the right to be forgotten if further processing is not provided for by current legal provisions.

The Administrator notes that these rights are not absolute and do not apply to all processing activities of the User’s personal data. This applies, for example, to the right to obtain a copy of the data. This right cannot adversely affect the rights and freedoms of others, such as copyright or professional secrecy. For information on the limitations regarding the User’s rights, please refer to the GDPR.

The User always has the right to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, phone: 22 531-03-00, email: kancelaria@uodo.gov.pl, if they believe that the processing of personal data violates the provisions of the GDPR or other applicable regulations regarding personal data processing.

To exercise their rights, the User may contact the Administrator via email: info@ekostempel.com.pl or in writing to the Administrator’s business address if provided in this Privacy Policy, indicating the scope of their requests. A response will be provided no later than 30 days from the date of receipt of the request and its justification unless an extension of this period is justified in accordance with the GDPR.

CAN THE USER WITHDRAW THEIR CONSENT?

If the User has given consent for a specific action, such consent can be withdrawn at any time. The User can withdraw the given consent by sending a statement to the Administrator’s email address or to the address of the Administrator’s place of business if provided in this Privacy Policy. The withdrawal of consent does not affect the legality of the processing that was carried out on the basis of consent before its withdrawal.

In some cases, the Data may not be completely deleted and will be retained for the purpose of defending against potential claims in accordance with the periods specified in the Civil Code or, for example, to fulfill legal obligations imposed on the Administrator.

The Administrator will always address the User’s request, justifying further actions resulting from legal obligations.

DOES THE ADMINISTRATOR TRANSFER USER DATA TO THIRD COUNTRIES?

User Data may be transferred outside the European Union – to third countries.

Personal data of Users will be transferred only to recipients who guarantee the highest protection and security of Data, including through:

1. cooperation with entities processing personal data in countries for which the European Commission has issued an appropriate decision,
2. using standard contractual clauses issued by the European Commission,
3. using binding corporate rules approved by the competent supervisory authority,

or those for which the User has given consent for the transfer of personal data.

HOW LONG DOES THE ADMINISTRATOR KEEP USER DATA?

The User’s data will be stored by the Administrator for the time of providing individual services/achieving the goals indicated in the table above, and also:

1. for the period of service provision and cooperation, as well as for the period of limitation of claims according to legal provisions – in relation to Data provided by contractors and customers or Users,
2. for the period of conducting conversations and negotiations preceding the conclusion of a contract or the performance of a service – in relation to Data provided in a request for proposal,
3. for the period required by law, including tax law – in relation to personal data related to the fulfillment of obligations arising from applicable regulations,
4. until an effective objection is raised based on Article 21 of the GDPR – in relation to personal data processed on the basis of the legally justified interest of the administrator, including for direct marketing purposes,
5. until the withdrawal of Consent or achievement of the processing purpose, the business goal – in relation to personal data processed on the basis of Consent. After the withdrawal of Consent, Data may still be processed for the purpose of defending against possible claims in accordance with the limitation period of these claims or the period (shorter) indicated to the User,
6. until they become outdated or lose their usefulness – in relation to personal data processed primarily for analytical, statistical purposes, use of cookies, and administration of the Administrator’s Websites.

The data retention periods indicated in years are counted at the end of each year in which the Data processing commenced. This aims to streamline the processing and management of Data.

Detailed periods of personal data processing, concerning specific processing activities, are found in the Administrator’s processing activities register.

DATA SECURITY

The User’s personal data are stored and protected with due diligence, in accordance with the internal procedures implemented by the Administrator. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of generally applicable law, especially the provisions of the Personal Data Protection Act and the GDPR. These measures are primarily aimed at protecting Users’ personal data from unauthorized access.

In particular, only authorized persons who are obliged to keep this Data confidential or entities entrusted with processing personal data based on a separate data entrustment agreement have access to Users’ personal data.

The User should also exercise caution in securing their personal data transmitted over the Internet, especially not disclosing their login data to third parties, using antivirus protection, and updating software.

WHO CAN BE THE RECIPIENTS OF PERSONAL DATA?

The Administrator informs that they use the services of external entities. Entities to which the processing of personal data is entrusted (such as courier companies, electronic payment intermediaries, accounting service providers, newsletter dispatch services) guarantee the application of appropriate protection and security measures for personal data required by law, especially by the GDPR.

The Administrator informs the User that the processing of personal data is entrusted to the following entities, among others:

1. AZ.pl Sp. z o.o. located in Szczecin, ul. Zbożowa 4, 70-653 Szczecin, registered in the District Court Szczecin – Centrum in Szczecin, XIII Economic Department of the National Court Register with a share capital of 75,000 PLN. KRS: 0000360147, NIP: 8561164306, REGON: 810903927 – for storing personal data on the server, domain and email server management,
2. other contractors or subcontractors engaged in technical, administrative support, or providing legal assistance to the Administrator and its clients, e.g., accounting, HR, IT, graphic design, copywriting, debt collection companies, lawyers, etc.

Personal data may also be made available to other recipients, including offices, e.g., the tax office, to fulfill legal and tax obligations related to accounting and settlements.

Entities that process personal data, just like the Administrator, ensure compliance with European standards for the protection of personal data, including standards set by legal acts and decisions of the European Commission, and apply compliance mechanisms also when transferring Data outside the EEA, e.g., in the form of standard contractual clauses adopted by the European Commission decision 2021/915 of June 4, 2021, on standard contractual clauses between controllers and processors under Article 28(7) of Regulation (EU) 2016/679 and Article 29(7) of Regulation (EU) 2018/1725. You can familiarize yourself with the Commission’s implementing decision here.

HAS THE ADMINISTRATOR APPOINTED A DATA PROTECTION OFFICER?

The Personal Data Administrator hereby informs that they have not appointed a Data Protection Officer (DPO) and performs duties related to the processing of personal data independently.

The User acknowledges that their personal data may be transferred to authorized state authorities in connection with the proceedings conducted by them, upon their request and after fulfilling the conditions confirming the necessity of obtaining such Data from the Administrator.

DOES THE ADMINISTRATOR PROFILE USER DATA?

The User’s personal data will not be used for automated decision-making that affects the User’s rights, obligations, or freedoms under the GDPR.

Within the Website and tracking technologies, User Data may be profiled, which helps to better personalize the company’s offer directed to the User (mainly through so-called behavioral advertising). However, this should not have any impact on the User’s legal situation, particularly the terms of contracts they have entered or intend to enter into. It may only assist in better tailoring the content and directed advertisements to the User’s interests. The information used is anonymous and not associated with personal data provided by the User, e.g., during the purchasing process. They are derived from statistical data such as gender, age, interests, approximate location, behavior on the Website.

Every User has the right to object to profiling if it would negatively impact their rights and obligations.

Learn more about behavioral advertising here.

§4 FORMS

The Administrator uses the following types of Forms on the Website:

1. Contact form – allows sending messages to the Administrator and contacting them electronically. Personal data in the form of name, surname, email address, and data provided in the message content are processed by the Administrator in accordance with this Privacy Policy to contact the User.

After contact with the User ends, the Data may be archived, which is a legally justified interest of the Administrator. The Administrator is not able to determine the exact period of archiving and thus deletion of the messages. However, the maximum period will not exceed the terms of limitation of claims arising from legal provisions.

The Administrator may entrust the processing of personal data to third parties without the User’s separate consent (based on a data entrustment agreement). Data obtained from forms cannot be transferred to third parties.

§5 DISCLAIMER AND COPYRIGHT

1. The contents presented on the Website do not constitute specialized advice or guidance (e.g., educational) and do not refer to a specific factual situation. If the User seeks assistance in a specific matter, they should contact a person authorized to provide such advice or the Administrator at the provided contact details. The Administrator is not responsible for the use of the contents contained on the Website or for actions or omissions taken based on them.
2. All content placed on the Website is the subject of copyright belonging to specific individuals and/or the Administrator (e.g., photos, texts, other materials, etc.). The Administrator does not consent to copying these contents in whole or in part without his express, prior consent.
3. The Administrator hereby informs the User that any dissemination of content provided by the Administrator constitutes a violation of the law and may lead to civil or criminal liability. The Administrator may also seek appropriate compensation for material or immaterial losses incurred in accordance with applicable regulations.
4. The Administrator is not responsible for the use of materials available on the website in a manner inconsistent with the law.
5. The contents placed on the Website are up-to-date on the day of their posting unless indicated otherwise.

§6 TECHNOLOGIES

To use the Administrator’s website, the following are necessary:

1. Internet access with a suitable device such as a desktop computer, laptop, other portable device, including also equipment enabling communication and filling in necessary forms within the service, e.g., a functional keyboard,
2. appropriately configured, up-to-date version of an internet browser that supports cookies, e.g., Microsoft Edge, Opera, Mozilla Firefox, Safari, Google Chrome, and allows browsing websites,
3. an active and properly configured email account (the Administrator recommends that the User checks if emails from the Service’s domain do not go to the “spam”, “offers” or other than “main/received” mailbox. The Administrator has no influence on this, and it depends on the User’s email box settings and/or the provider of the used email box),
4. software that allows reading content in the presented formats, e.g., PDF, video, mp3, mp4.

§7 COOKIE POLICY

1. Like most websites, the Administrator’s Website uses tracking technologies, namely cookies, which allows improving the Website according to the needs of the Users visiting it.
2. The Website does not automatically collect any information, except for information contained in cookies.
3. Cookies (“ciasteczka” in Polish) are IT data, small text files that are stored on the end device, e.g., a computer, tablet, smartphone, when the User uses the Website.
4. These can be own cookies (originating directly from the website) and third-party cookies (coming from other websites than the Website).
5. Cookies allow the customization of the website’s content to the individual needs of the User and the needs of other visitors. They also enable the creation of statistics that show how Users use the website and how they navigate through it. This allows the Administrator to improve the website, its content, structure, and appearance.
6. The Administrator applies the following third-party cookies on the Website:
   1. Embedded Google Analytics code – for analyzing the website’s statistics. Google Analytics uses its own cookies to analyze the actions and behaviors of the Website’s Users. These files are used to store information, e.g., from which page the User came to the current webpage. They help improve the Website.
      This tool is used under an agreement with Google Ireland Limited, provided by Google LLC. The actions taken within the use of the Google Analytics code are based on the legally justified interest of the Administrator, consisting of creating and using statistics, which then allows improving the Administrator’s services and optimizing the Website.
      Within the use of Google Analytics, the Administrator does not process any User Data that allows their identification.
      The Administrator recommends familiarizing yourself with the details related to the use of Google Analytics, the possibility of disabling the tracking code, and possibly asking questions to the provider of this tool here or getting acquainted with the privacy policies here.
   2. Google Search Console – to monitor and improve the performance of our website, we use Google Search Console, a tool offered by Google Inc. (“Google”), which provides us with data and analysis regarding the presence of our page in Google search results, allowing us to optimize and enhance the accessibility and visibility of our site on the internet.
      Google Search Console helps us understand how users find our page through Google and what queries direct them to our site. This tool also provides information on any errors on the page, indexing issues, and recommendations for optimizing the page.
      In the use of Google Search Console, the Administrator does not process any User Data that allows their identification.
      We encourage you to familiarize yourself with Google’s privacy policies to learn more about data processing by Google tools.
7. The Administrator again recommends familiarizing yourself with the privacy policy of each of the above service providers to learn about the possibilities of making changes and settings that ensure the protection of the User’s rights.
8. Two types of cookies are used on the Website: session cookies, which are deleted after closing the browser, logging out, or leaving the website, and persistent cookies, which are stored in the User’s end device, allowing the recognition of the browser upon the next entry to the Website, for the time specified in the cookies’ parameters or until they are deleted by the User.
9. In many cases, software used for browsing websites (internet browser) by default allows storing cookies on the User’s end device. Users of the Service can change the settings regarding cookies at any time. These settings can be changed to block the automatic handling of cookies in the browser settings or to inform about their placement in the User’s device each time. Detailed information about the possibilities and ways of handling cookies is available in the software settings (internet browser).
10. The Administrator informs that restrictions on the use of cookies (disabling them, restricting them) may affect some functionalities available on the Website and hinder its operation.
11. More information about cookies is available at http://wszystkoociasteczkach.pl/ or in the “Help” section of the internet browser menu.
12. Within the browser settings, the User can delete cookies originating from the Website or Online Store, or from the Administrator’s providers, by making changes to their browser settings at any time. The method of deleting cookies will vary depending on the browser used by the User. Information on how to delete cookies is available in the “Help” tab of the selected internet browser.
13. Deleting cookies is not equivalent to deleting Personal Data obtained by the Administrator through cookies.

§8 CONSENT TO COOKIES

During the first visit to the Website, the User must express Consent to cookies or take other possible actions indicated in the message to continue using the Website content. Using the Website means expressing Consent. If the User does not want to express such Consent, they should leave the Website. The User can always change their browser settings, disable or delete cookies. Necessary information is available in the “help” tab of the User’s browser.

§9 SERVER LOGS

1. Using the Website is associated with sending queries to the server on which the Website is stored.
2. Each query directed to the server is recorded in the server logs. Logs include the User’s IP address, server date and time, information about the web browser, and the operating system used by the User.
3. Logs are saved and stored on the server.
4. Server logs are used to administer the Website, and their content is not disclosed to anyone except persons and entities authorized to administer the server.
5. The Administrator does not use server logs in any way to identify the User.

§10 DEFINITIONS, PROCEDURES, DUTIES, AND RIGHTS RELATED TO DSA

The Seller does not provide any intermediary services within the meaning of the DSA and therefore is not subject to any obligations related to the DSA.

Privacy Policy publication date: 03.11.2024

Last update date: 03.11.2024