I. Personal data
We are publishing this document in order to clarify the reasons for collecting and processing personal data within the scope of our operations:
- What are personal data?
These are all the information that allows one to easily distinguish one person from others. Personal data may refer directly (like name and surname, ID number, and sometimes even an e-mail address or internet account) or indirectly to a given person. Examples of the latter include health condition, beliefs, address, addictions, race or religion.
- What personal data are we talking about in our case?
We process data provided to us by customers, business partners and staff in conjunction with using our services, cooperation or employment.
- What is data processing?
Processing means all the operations which we can perform on personal data – associated both with their active use such as collecting, downloading, saving, combining, modifying or making available as well as passive use such storing, limiting, deleting or destroying.
- Who is the Data Controller (that is who affects its processing and security)?,
Your Data Controller is: Fabryka Mebli Biurowych MDD Sp. z o.o. in Sępólno Krajeńskie, at ul. Koronowska 22, 89 – 400 Sępólno Krajeńskie, NIP 5611437378, REGON 092911632, represented by the Company Management Board, Tel. No.: +48 (52) 389 44 00, correspondence address: firstname.lastname@example.org
- Pursuant to what legal basis and why do we process your data?
An appropriate legal basis in accordance with the regulations as in force at present has to be behind every processing of your data. This basis may constitute your consent to data processing or other legal provisions allowing for such actions set forth in the Personal Data Protection Act of 29 August 1997 or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (referred to as GDPR).
We may process your data for a number of purposes, such as:
- you can make your data available to us be sending an e-mail or using the form on our website. Then we process your data on the basis of your consent which you automatically grant when sending your data (e.g. your e-mail address) to us. Your consent is voluntary – you may retract it at any time. In such case we shall delete all the information you provided, as long as you have note become our customer.
- is you are a customer of ours or interested in our services, then we process your data pursuant to an agreement you signed with us or within the scope of preparations for concluding such an agreement. This always takes place with your knowledge and according to your intention. In expressing an intention to conclude an agreement, you know what personal data will be required to sign it, and once signed you know what data you handed over or shall hand over at a later date.
- if you become a user of services, a newsletter recipient for example, we will process your data on the basis of your consent. To grant your consent check the appropriate boxes on an online form which we have prepared. Your consent is voluntary – you may retract it at any time. In such case we shall cease providing our services and delete all the information you handed over immediately.
- We may also process your data in conjunction with the need to ensure the security of our information network. This might come to pass when you use or connect to our IT infrastructure for example by browsing our website or sending messages to us. This comprises our legitimate interest.
- If you are interested in working for us, your data is processed in the form of an application or CV which you sent. This always takes place with your knowledge and pursuant to a written consent, which you may retract at any time. In such case we shall not consider your application and delete all the information you handed over immediately. Whereas the moment you become employed with us, further data processing principals and the obligatory scope for their provision and further processing are governed by the provisions of law.
- Who do we transfer your data to?
According to the law we can transfer your data to subcontracted processors such as: the post operator, accounting firm or those service subcontractors specified in your agreement. We are also obliged to make your data available to entities authorised pursuant to other provisions of law, such as the courts or enforcement bodies. The data will only be made available if such entities submit a request on the matter, indicating the legal basis pursuant to which such a request is justified.
foresee transferring your data to third countries or international organisations, that is outside of the European Union economic area. Pursuant to GDPR, in the European Union all member states provide the same level of protection for your data.
How long will we process your data for?
We make every effort to limit the scope of collected data to the necessary minimum, and this includes the processing period. To that end we perform systematic reviews of our documents, both paper and in electronic versions and delete surplus data. Remember that the processing time of your data, depending on the grounds pursuant to which we obtained it, may be governed by separate, independent provisions of law subject to which we may be obliged to store your data regardless of your will or intent. Here the labour law, social insurance law or accounting regulations are just some examples.
We may also obtain your data in conjunction with a training seminar, in which case we may only process it for a short period of time, for purposes associated with financial settlements with the entity which contracted us to perform the training seminar or to issue you with a certificate confirming training participation. After these actions we will delete your data immediately and we will certainly not use them other purposes – such as advertising our services, unless you explicitly and expressly consent to such.
If you were the end recipient of our services and we concluded an agreement on the matter, pursuant to accounting regulations, your data will be held as part of relevant drafted financial and accounting documentation and processed for 5 subsequent calendar years starting from the purchase/agreement date.
If the data we hold are going to be used for any purpose other than that for which they were obtained, we will always inform you and you will have an opportunity to object.
- What are your rights in relation to your data?
If we are processing your personal data, you always have the right to:
- request access to data,
- rectify data,
- request an erasure,
- or limit data processing,
- object to data processing,
- data portability and to obtain copies of it.
All these rights are set forth in detail in Article 15 to 21 of GDPR.
You can also withdraw your consent to data processing at any time. In such an event we will immediately erase your data unless we are otherwise legally obliged to continue processing. As an example, if you request for your account to be closed in conjunction with cancelling our newsletter, we will erase your data from the mailing database immediately.
If you consider that we have breached your rights in any way – we certainly wish this does not happen – or have failed to ensure the security of your data, then you have the right to lodge a complaint with a supervisory authority, currently the Inspector General for the Protection of Personal Data.
- Automated decision-making and profiling information
We will not make any automated decisions on the basis of your data, that is ones of automated nature, made without human intervention. Also, we do not engage in any activities for the purpose of profiling you.
- How do we protect your data?
We use the legally required technical and organizational measures to safeguard your data. At our site we have installed the required physical safeguards to prevent unauthorized data access. Our staff hold the required certificates and may process data in a limited manner, that is only within the scope required to perform their professional duties.
The bit security protocol we use in the most up to date version 1.2, ensures the safety of your data sent electronically. A green padlock in your web browser by our web address may show this. As the site was encrypted before it was sent, you can be sure that you are entering our site which has not been modified in any way en-route to you via the Internet.
- Protecting the privacy of minors
Our site does not monitor or verify information pertaining to the age of users, senders and recipients of messages or persons interested in receiving our news and updates, including in the form of a newsletter. Contact details for visitors (such as users’ telephone numbers and e-mail addresses) are used to perform orders, send company and marketing information.
Minors should not send any information and should not subscribe to the services rendered by our company, without the consent of their parents or legal guardians. We will require such a consent in each case where we discover that a user is a minor (“child”) in the meaning of national personal data protection regulations.
- Contact details for the person responsible for personal data protection.
Biuro Doradczo-Usługowe „OIN” in Bydgoszcz, whose representative, Sławomir is our Data Protection Officer, shall represent us in all personal data protection issues. His contact details are as follows: e-mail: email@example.com and mobile telephone number: +48 602-734-255.
II. Cookie files
- What are cookie files and what are they used for?
Cookies are text files, saved on your device and used by the server to remember your device when it connects again. Cookies are downloaded every time you “enter” and “exit” a site. Cookies are not used to identify users, but only your device, in order to, amongst others, once the type of browser you are using has been identified, display an image best suited for the performance capabilities (e.g. resolution) or type ( desktop or mobile version) of your hardware.
Cookies are most often used for counters, surveys, Internet shops, pages which require a log-in, adverts and to monitor the activity of visitors. Cookies also make it possible to remember your interests and adjust the site content and adverts displayed accordingly.
- What do cookies do?
In general, cookies function as follows:
- they identify the details of the computer and browser used to browse websites – this can be used to find out if a given computer has opened a given site before,
- data obtained from cookies are not associated with the users’ personal data obtained during registration for example,
- they are not harmful to you or your computers or smart phones – they do not impact performance,
- they do not change the configuration of end devices or in the software installed on those devices,
- by default, cookies’ parameters allow them only to be opened by the server which created them,
- they provide the server with information based on your activity on websites which you browse, which is then used to display a site better adjusted to your individual preferences.
- What types of cookies are there?
There are three types of cookies:
- “Session cookies” – are temporary files, stored in the memory of the browser until the session ends (or when the browser is closed). These files are required by some applications or functions to work properly. Once the browser is closed, they should be automatically removed from the device used to browse the site,
- “Persistent cookies” – make it easier to use sites which are visited often (e.g. they remember the colour layout of the site or the menu layout on your favourite sites). These files are stored in an appropriate folder for longer periods which you can adjust using your browser settings. Every time you visit a given page, information from these files is sent to the server. This type of cookies is sometimes referred to as tracking cookies.
- “Third party cookies” – are files usually from advertising servers, search servers, etc., which cooperate with the owner of a given site. They are used to display adverts adjusted to your preferences and habits, which is often the reason elements of a given web service are free. They are also used to record “click rates” for adverts, user preferences, etc.
Remember, you can manage cookie settings independently. You can do that in your browser settings (usually by default the mechanism is enabled). The most popular browsers allow you to:
- enable cookie files to take advantage of all the functions of given websites,
- manage cookies on the level of particular websites which you select,
- configure settings for different types of cookies, for example to accept persistent cookies as session cookies, etc.,
- block or delete cookies.
For information on enabling and disabling cookies in the most popular browsers follow these links:
If you do not change the settings of your browser, cookies will remain enabled. If you block cookies or disable some types of cookies, you may be prevented from using all functions of a given site or interfere in its proper functioning.
Our website uses both session cookies as well as persistent cookies. We use them for the following purposes:
- statistics, facilitating improvement to site content and structure,
- keeping the user’s session open.
In order to function correctly, websites collect the following information: name and version of the browser, language settings, date and time of the server request, IP from which was sent, the requested URL. The data are collected to ensure the website functions correctly.
Google collects data on its servers obtained from cookies it placed on devices and uses this information in order to assess website usage by a user, create reports on website traffic for website operators and to provide other services associated with website traffic and Internet use. Google may also provide this information to third parties if it is obliged to do pursuant to the provision of law or if those entities process such information on behalf of Google.
The data collected by our website are not disclosed or made available to third parties with the exception of enforcement bodies authorised to conduct criminal proceedings instigated in conjunction with a request we submitted. This will only take place if you engage in unlawful activity or activity to our detriment.