Privacy Policy
PRIVACY POLICY
1. This Privacy Policy sets out the rules for the collection, processing and use of personal data obtained by the following websites: planikafires.com, planikafires.pl, planikafires.de, planikafires.fr, planikafires.it, planikafires.es, sklep.planika.com, shop.planika.com, store.planika.com, q-boo.com (hereinafter referred to as the "Websites").
2. The owner of the Website is PLANIKA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Bydgoszcz (85-862), ul. Bydgoskich Przemysłowców 10, NIP: 5542520460, REGON: 093115222, entered in the Register of Entrepreneurs kept by the District Court in Bydgoszcz, 13th Commercial Division of the National Court Register under KRS number 0000151091, with share capital of PLN 50,000; e-mail: planika@planikafires.com, hereinafter referred to as PLANIKA SP. Z O.O. PLANIKA SP. Z O.O. is also the Personal Data Administrator.
3. Personal data collected by PLANIKA SP. Z O.O. through the Services is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as the GDPR.
4. PLANIKA SP. Z O.O. takes special care to respect the privacy of Users visiting the Websites.
Article 1 – Type of data processed, purposes and legal basis
1. PLANIKA SP. Z O.O. collects data of natural persons conducting business or professional activity on their own behalf (hereinafter referred to as Entrepreneurs) and data of natural persons performing legal actions not directly related to their activity, hereinafter referred to as Customers.
2. Customers' personal data is collected for the purpose of:
a) placing an order on the Website operating the online store for the purpose of performing a sales contract. Legal basis: processing is necessary for the performance of a sales contract (Article 6(1)(b) of the GDPR);
b) using the contact form service in order to obtain answers to questions asked. Legal basis: processing is based on the user's consent and for the purpose of conducting business by the Data Controller (Article 6(1)(a) and Article 6(1)(f) of the GDPR ( )).
3. When placing an order on the Website operating the online store, the Customer provides the following data:
a) e-mail address;
b) address details:
a. postcode and place of residence;
b. country;
c. street and house/flat number.
c) first name and surname;
d) telephone number;
4. In the case of Entrepreneurs, the above scope of data is additionally extended to include:
a) company name;
b) tax identification number.
5. When using the contact form service, the Customer provides the following data:
a) e-mail address;
b) first and last name;
c) telephone number;
6. When browsing the Website, additional information may be collected, such as the IP address assigned to the User's computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
7. Navigation data may also be collected from Customers, including information about links and references they click on or other activities they undertake on Websites. Legal basis – legitimate interest (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
8. In order to establish, pursue and enforce claims, personal data provided by the Customer when using the functionality of the Websites may be made available, such as: first name, surname, information about the use of services, if the claims result from the manner in which the Customer uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis – legitimate interest (Article 6(1)(f) of the GDPR) in the form of establishing, investigating and enforcing claims and defending against claims in court proceedings and before other state authorities.
A detailed description of the purposes of personal data processing is provided in the table below:
Purpose |
Personal data |
Legal basis for processing |
Data retention period |
||||||||||
USE OF THE WEBSITES By operating the Websites, ADO enables Users to visit them and view the content posted there. |
|||||||||||||
Provision of electronic services in the scope of making content collected on the Websites available |
IP address |
Article 6(1)(b) of the GDPR, i.e. processing for the purpose of taking action at your request, prior to entering into a contract, as well as processing necessary for the performance of a contract to which you are a party |
until the end of the provision of the service by electronic means |
||||||||||
Conducting analyses and statistics |
information about actions taken on the website (on the Websites), analysis of website traffic |
Article 6(1)(f) of the GDPR, consisting in analysing Users' activity and preferences in order to improve the functionalities used and services provided
|
until an effective objection is raised |
||||||||||
Establishing and pursuing claims or defending against claims |
information about actions taken on the website (in the Services), website traffic analysis |
Article 6(1)(f) of the GDPR, consisting in the protection of its rights and economic interests |
6 years in the case of consumer claims; 3 years in the case of claims by or against businesses |
||||||||||
Marketing activities of the Administrator and other entities |
information about activities undertaken on the website (in the Services), website traffic analysis |
the rules for the processing of personal data for marketing purposes are described in the section Marketing activities |
|
||||||||||
CREATING AND MAINTAINING AN ACCOUNT ON THE WEBSITES To use the full functionality of the Sales Websites, you must register an Account. Creating and using an Account involves the processing of account holders' personal data by the ADO. |
|||||||||||||
Creating and maintaining an account – provision of electronic services
|
first name, surname, e-mail address, telephone number, correspondence address personal data necessary to create and operate an Account |
Article 6(1)(b) of the GDPR, i.e. processing for the purpose of taking action at your request, prior to entering into a contract, as well as processing necessary for the performance of a contract to which you are a party |
until the end of the provision of electronic services |
||||||||||
Handling of complaints submitted by Customers |
first name, surname, e-mail address, telephone number, content of correspondence |
Article 6(1)(c) of the GDPR in conjunction with the provisions of the Consumer Rights Act (concerns the fulfilment of a legal obligation) |
until the end of the complaint process |
||||||||||
Pursuing claims and defending against claims arising from the concluded contract or related to the provision of services (including conducting administrative and court proceedings) |
first name, surname, e-mail address, telephone number, content of correspondence |
Article 6(1)(f) of the GDPR (legitimate interest of the ADO, consisting in the protection of the ADO's rights) |
6 years in the case of consumer claims; 3 years in the case of claims by entrepreneurs or against entrepreneurs |
||||||||||
PROVISION OF BASIC SERVICES – PLACING ORDERS, SALE OF GOODS |
|||||||||||||
Placing orders and performing sales contracts |
name and surname, e-mail address, telephone number, address details (street, building number, flat number, postcode, town, country), VAT number (if an invoice is issued), scope of the order |
Article 6(1)(b) of the GDPR, i.e. processing for the purpose of taking action at your request prior to entering into a contract, as well as processing necessary for the performance of a contract to which you are a party |
until the contract is performed |
||||||||||
Handling of complaints submitted by Customers |
first name, surname, e-mail address, telephone number, country, product name, product serial number, type of fuel used in the product, place of purchase, content of correspondence, |
Article 6(1)(c) of the GDPR in conjunction with the provisions of the Consumer Rights Act (concerns the fulfilment of a legal obligation)
|
until the complaint process is completed |
||||||||||
Pursuing claims and defending against claims arising from the concluded contract or related to the provision of services (including conducting court proceedings) |
first name, surname, delivery address, e-mail address, content of correspondence, IP number, bank account number, payment card number, scope of the order |
Article 6(1)(f) of the GDPR (legitimate interest of the ADO, consisting in the protection of the ADO's rights) |
6 years in the case of consumer claims; 3 years in the case of claims by or against entrepreneurs |
||||||||||
Fulfilment of statutory obligations under tax and accounting regulations |
scope of data specified by applicable regulations |
Article 6(1)(c) of the GDPR in connection with tax regulations concerning personal income tax (relates to the fulfilment of a legal obligation) |
5 years from the beginning of the year following the financial year in which the service was performed |
||||||||||
ADDITIONAL SERVICES AND SUPPORT IN SERVICES PROVIDED BY THIRD PARTIES We enable the use of additional services or services offered by third parties (related to the financing of the purchase of goods). |
|||||||||||||
Support for credit services provided by Shoppay, Paypal, GPay, przelewy24.pl, PayPro |
first name, surname, email address, scope of the order placed |
Article 6(1)(f) of the GDPR (legitimate interest of the ADO consisting in expanding the availability of ADO services) |
until the end of the use of ADO services or the effective objection to the processing of personal data |
||||||||||
Provision of services – servicing of devices (fireplaces) using the functionality of the Planika Control Application |
name, surname, email address, postal address, country, telephone number, |
Article 6(1)(a) of the GDPR (processing based on your consent to the processing of your personal data)
|
until you withdraw your consent to the processing of your personal data |
||||||||||
Provision of services – device (fireplace) maintenance service using the Planika BEV Application functionality |
email address, first name, fireplace model, IP address |
Article 6(1)(a) of the GDPR (processing based on your consent to the processing of your personal data)
|
until you withdraw your consent to the processing of your personal data |
||||||||||
Pursuing claims and defending against claims related to the provision of additional services (including conducting court proceedings) |
first name, surname, email address, telephone number, content of correspondence |
Article 6(1)(f) of the GDPR (legitimate interest of the ADO, consisting in the protection of the ADO's rights) |
6 years in the case of consumer claims; 3 years in the case of claims by or against entrepreneurs |
||||||||||
NEWSLETTER DISTRIBUTION The newsletter is one of the tools used to communicate with customers. The ADO uses it to present and promote its commercial activities. The processing of personal data is based on the agreement concluded with us regarding the newsletter and consent to receive commercial content in accordance with the Electronic Communications Law (PKE) – which can be withdrawn at any time. |
|||||||||||||
Sending the newsletter – promotion of the ADO brand and products |
email address, first name |
Article 6(1)(b) of the GDPR, i.e. processing for the purpose of taking action at your request, prior to entering into a contract, as well as processing necessary for the performance of a contract to which you are a party in connection with the provisions of the Electronic Communications Law |
until the end of the provision of the service by electronic means |
||||||||||
USE OF THE FORM FOR DESIGN CONSULTATIONS WITH CUSTOMERS The form is one of the tools used to contact customers. ADO presents and promotes its commercial activities in this way. |
|||||||||||||
Contact with potential customers – promotion of the ADO brand and products |
email address, name, industry, subject of the conversation, message content, |
Article 6(1)(a) of the GDPR (processing based on your consent to the processing of your personal data) |
until you withdraw your consent to the processing of your personal data |
||||||||||
Prevention of violations in communication – ensuring compliance with the removal or moderation of illegal content |
email address, name, industry, subject of the conversation, content of the message, |
processing is necessary for compliance with a legal obligation (Article 6(1)(c) of the GDPR in conjunction with Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on the Digital Single Market and amending Directive 2000/31/EC (Digital Services Act)
|
3 years from the end of the year in which the infringement occurred
|
||||||||||
SENDING THE LOOKBOOK ORDERED BY THE CUSTOMER |
|||||||||||||
Contact with a potential customer – promotion of the ADO brand and goods |
email address, name, industry, |
Article 6(1)(a) of the GDPR (processing of personal data based on your consent to the processing of your personal data) |
until you withdraw your consent to the processing of personal data |
||||||||||
USE OF THE CONTACT FORM Using this functionality allows the ADO to contact you in matters related to its business activities. |
|||||||||||||
Contacting customers for purposes related to the provision of services, promotion of the ADO brand and goods through available communication channels, including electronic correspondence, telephone, chat, social media (Facebook, Instagram, YouTube, LinkedIn, Pinterest, TikTok) |
name, e-mail address, industry, subject of correspondence, content of correspondence
with regard to social media contact forms: profile photo, information about education and professional experience, location information, comments and content that you post on our social media profiles |
Article 6(1)(a) of the GDPR (processing based on your consent to the processing of your personal data) |
until you withdraw your consent to the processing of your personal data |
||||||||||
Prevention of violations in communication - ensuring compliance with the removal or moderation of illegal content |
name, e-mail address, telephone number, content of correspondence
with regard to contact forms on social media: profile photo, information about education and professional experience, location information, comments and content that you post on our social media profiles |
processing is necessary for compliance with a legal obligation (Article 6(1)(c) of the GDPR in conjunction with Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on the Digital Single Market and amending Directive 2000/31/EC (Digital Services Act)
|
3 years from the end of the year in which the infringement occurred
|
||||||||||
Pursuing claims and defending against claims arising from a concluded contract or related to the provision of services (including conducting court proceedings) |
name, e-mail address, telephone number, content of correspondence |
Article 6(1)(f) of the GDPR (legitimate interest of the ADO, consisting in the protection of the ADO's rights) |
6 years in the case of consumer claims; 3 years in the case of claims by or against businesses |
||||||||||
USE OF CHAT The use of this functionality provides the ADO with the opportunity to contact you in matters related to its business activities. |
|||||||||||||
Contacting customers for purposes related to the provision of services, promotion of the ADO brand and goods |
name, email address, content of the conversation |
Article 6(1)(a) of the GDPR (processing based on your consent to the processing of your personal data) |
until you withdraw your consent to the processing of your personal data |
||||||||||
Preventing violations in communication - ensuring compliance in the removal or moderation of illegal content |
name, email address, content of the conversation |
processing is necessary for compliance with a legal obligation (Article 6(1)(c) of the GDPR in conjunction with Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on the Digital Single Market and amending Directive 2000/31/EC (Digital Services Act)
|
3 years from the end of the year in which the infringement occurred
|
||||||||||
Pursuing claims and defending against claims arising from the concluded contract or related to the provision of services (including conducting court proceedings) |
name, e-mail address, content of the conversation |
Article 6(1)(f) of the GDPR (legitimate interest of the ADO, consisting in the protection of the ADO's rights) |
6 years in the case of consumer claims; 3 years in the case of claims by entrepreneurs or against entrepreneurs |
||||||||||
CONDUCTING ANALYSES AND STATISTICS ADO uses personal data for analytical and statistical purposes. It analyses purchasing preferences and improves the quality and scope of services. Personal data is processed using cookies and similar technology, after consent has been given to store such information on the end device. |
|||||||||||||
Analysis of traffic on the Websites
|
IP address, time of visit, device and browser information, as well as information about the use of the Website
|
Article 6(1)(a) of the GDPR, i.e. processing based on your consent to the processing of your personal data |
until you withdraw your consent to the processing of personal data |
||||||||||
MARKETING ACTIVITIES ADO may also use personal data for the purpose of marketing goods offered by ADO. Marketing activities may consist of: 1. displaying marketing content on the website that is not tailored to your preferences – in this case, the processing of personal data is based on the legitimate interest of ADO in promoting its business activities; 2. displaying marketing content on the website that is tailored to your preferences (based on profiling). Personal data is processed for marketing purposes on the basis of your consent, which you may withdraw at any time. This type of personal data processing also applies to situations where data collected through cookies is processed. |
|||||||||||||
Direct marketing of own goods and services, including remarketing |
name, IP address, email address, browser data |
Article 6(1)(f) of the GDPR, i.e. processing for the purpose of our legitimate interest in direct marketing of our own services, including remarketing |
until you object to the processing of your personal data |
||||||||||
Displaying advertisements based on previously viewed content (based on profiling) |
name, IP address, email address, browser data, purchasing preferences |
Article 6(1)(a) of the GDPR processing based on your consent to the processing of your personal data |
until you withdraw your consent to the processing of your personal data |
||||||||||
Sending commercial information by electronic means using various forms of communication |
telephone number or e-mail address |
Article 6(1)(a) of the GDPR in conjunction with the provisions of the Electronic Communications Law |
until you withdraw your consent to the processing of your personal data |
||||||||||
PROFILES ON SOCIAL NETWORKING SITES ADO has public profiles on the social media platforms Facebook, Instagram, LinkedIn, Pinterest, YouTube, Pinterest and Tik Tok. We process data left by visitors to these profiles (comments, likes). |
|||||||||||||
Effective management of profiles by providing portal users with information about the ADO's activity |
behaviour on the profile, likes, comments, opinions |
Article 6(1)(f) of the GDPR (legitimate interest of ADO in promoting its own brand and improving the quality of its services |
until an objection to the processing of personal data is lodged |
||||||||||
Statistics and analysis of traffic on profiles |
|
Article 6(1)(f) of the GDPR (legitimate interest of the ADO, consisting in promoting its own brand and improving the quality of services provided |
until an objection to the processing of personal data is lodged |
||||||||||
Pursuing claims and defending against claims |
data disclosed in connection with a given claim |
Article 6(1)(f) of the GDPR (legitimate interest of the ADO, consisting in promoting its own brand and improving the quality of services provided |
until an objection to the processing of personal data is lodged |
||||||||||
Prevention of violations in communication - ensuring compliance with regard to the removal or moderation of illegal content |
name, email address, content of the post |
processing is necessary for compliance with a legal obligation (Article 6(1)(c) of the GDPR in conjunction with Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on the Digital Single Market and amending Directive 2000/31/EC (Digital Services Act)
|
3 years from the end of the year in which the infringement occurred
|
||||||||||
PREVENTING ABUSE AND ENSURING THE SECURITY OF THE SERVICE In order to ensure the proper functioning of the Website, ADO monitors the actions of users to ensure that they do not take actions that hinder other customers from making purchases. This analysis is based on the transaction history of users, without automated data processing. |
|||||||||||||
Preventing abuse |
scope of activity on the Websites, purchase history, first and last name |
Article 6(1)(f) of the GDPR (legitimate interest of the ADO, consisting in the protection of the ADO's rights and its business activities |
until an effective objection is lodged |
||||||||||
Pursuing claims and defending against claims (including conducting court proceedings) |
scope of activity on the Websites, purchase history, first and last name |
Article 6(1)(f) of the GDPR (legitimate interest of the ADO, consisting in the protection of the ADO's rights and its business activities |
until an effective objection is raised |
||||||||||
Ensuring the security of the Services (services provided electronically), including enforcing compliance with the rules contained in the Terms and Conditions, in particular preventing violations of applicable laws, removing and moderating illegal content |
data concerning the use of the Service activity history on the Websites |
Article 6(1)(b) of the GDPR (necessity for the conclusion and performance of the Agreement) and Article 6(1)(c) of the GDPR in conjunction with Regulation (EU) (EU) 2022/2065 of 19 October 2022 on the Digital Single Market and amending Directive 2000/31/EC (Digital Services Act)
|
3 years from the end of the year in which the infringement occurred
|
||||||||||
Enabling the proper performance of the contract |
first name, surname, name and address of the organisation, position held |
Article 6(1)(f) of the GDPR – for the purpose of pursuing the legitimate interests of the ADO |
for the period necessary to pursue interests and perform obligations |
||||||||||
VERIFICATION OF PERSONS ON SANCTION LISTS The ADO is obliged to verify whether it cooperates directly or indirectly with entities included on the list of entities maintained by the Minister of Internal Affairs and Administration of the Republic of Poland, on the basis of: 1. the Act on special measures to counteract support for aggression against Ukraine and to protect national security of 13 April 2022; 2. Council Regulation (EC) No 765/2006 of 18 May 2006 concerning restrictive measures in view of the situation in Belarus and Belarus's involvement in Russia's aggression against Ukraine; 3. Council Regulation (EU) No 269/2014 of 17 March 2014 concerning restrictive measures in respect of actions undermining or threatening the territorial integrity, sovereignty and independence of Ukraine. |
|||||||||||||
Fulfilment of obligations imposed by applicable legal provisions |
first name, surname, inclusion on the sanctions list, country, types of sanctions |
Article 6(1)(c) of the GDPR in conjunction with the Act on special measures to counteract and support aggression against Ukraine and to protect national security of 13 April 2022 and the above-mentioned regulations |
for the duration of the ADO's legal obligation, taking into account the period of cooperation with the contractor, which is subject to verification |
||||||||||
NETWORKING ADO participates in business events and meetings. Establishing business relationships is one of the purposes of such meetings – therefore, we process personal data. |
|||||||||||||
Building and utilising lasting mutual business contacts (networking) during business meetings, at industry events or through the exchange of business cards – for purposes related to initiating and maintaining business contacts |
first name, surname, position, name and address of the organisation, telephone number, email address |
Article 6(1)(f) of the GDPR – legitimate interest – creating a network of contacts in connection with business activities |
until an effective objection is lodged |
||||||||||
TELEPHONE CONTACT Customers may contact the ADO by telephone, both in matters related and unrelated to the concluded contract or services provided. Telephone contact is also possible via a dedicated hotline. |
|||||||||||||
Customer and client service |
first name, surname, content of the conversation |
Article 6(1)(f) of the GDPR – legitimate interest of the ADO – processing necessary for the provision of services |
until an effective objection is lodged |
||||||||||
VIDEO MONITORING Due to the need to ensure the safety of persons and property, the Controller uses video surveillance. Access to facilities and areas managed by the ADO is subject to control. The area covered by the Controller's surveillance is marked with appropriate graphic signs.
|
|||||||||||||
Ensuring the safety of persons and property and maintaining order on the premises |
image of persons staying on the premises belonging to ADO |
Article 6(1)(f) of the GDPR Legitimate interest of ADO – ensuring the safety of persons and property on the premises managed by the Administrator |
until an effective objection is lodged |
||||||||||
Pursuing claims and defending against claims |
image |
Article 6(1)(f) of the GDPR Legitimate interest of the ADO – protection of the Administrator's rights |
until an effective objection is lodged |
||||||||||
INFORMATION ON DANGEROUS PRODUCTS In accordance with applicable product safety regulations, the ADO maintains an internal register of complaints regarding product safety. |
|||||||||||||
Maintaining an internal register of complaints regarding product safety |
email address, name and surname of the person reporting, content of the report on the dangerous product |
Article 6(1)(c) of the GDPR in conjunction with Regulation (EU) 2023/988 of the European Parliament and of the Council of 10 May 2023 on general product safety |
5 years from the date of entry of personal data into the complaints register |
||||||||||
Pursuing claims and defending against claims (including conducting court proceedings) |
email address, name and surname of the reporting person, content of the report on a dangerous product |
Article 6(1)(f) of the GDPR (legitimate interest of the ADO, consisting in the protection of the ADO's rights and its business activities |
until an effective objection is lodged |
||||||||||
RECRUITMENT The ADO conducts employee recruitment in accordance with the applicable rules on personal data protection. |
|||||||||||||
Conducting the recruitment process for specific positions |
first name, surname, contact details, education, qualifications professional experience, employment history, image, email address, telephone number |
Article 6(1)(a) of the GDPR in conjunction with Article 221 § 1 and 2 of the Labour Code, and Article 221 § 4 of the Labour Code, Article 6(1)(b) and Article 6(1)(f) of the GDPR |
the period necessary to complete the recruitment process, no later than 6 months from the date of commencement of the recruitment process |
||||||||||
PROCESSING OF PERSONAL DATA OF CONTRACTORS' STAFF MEMBERS |
|||||||||||||
Conclusion and performance of contracts concluded in the course of business activities |
first name, surname, position, e-mail address, |
Article 6(1)(b) of the GDPR, i.e. processing for the purpose of taking steps prior to entering into a contract and processing necessary for the performance of a contract |
until the contract is terminated or expires |
||||||||||
PERFORMANCE OF OTHER CONTRACTS |
|||||||||||||
Performance of contracts concluded in the course of business activities |
first name, surname, position, e-mail address, telephone number, tax identification number, bank account number, information related to the performance of the contract, order history |
Article 6(1)(b) of the GDPR, i.e. processing for the purpose of taking steps prior to entering into a contract and processing necessary for the performance of a contract Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the controller in performing the contract |
until the contract is terminated or expires |
||||||||||
Fulfilment of statutory obligations under tax and accounting regulations |
scope of data specified by applicable regulations |
Article 6(1)(c) of the GDPR in connection with tax regulations concerning personal income tax (relates to the fulfilment of a legal obligation) |
5 years from the beginning of the year following the financial year in which the service was performed |
||||||||||
Pursuing claims and defending against claims (including conducting court proceedings) |
first name, surname, position, e-mail address, telephone number, tax identification number, bank account number, information related to the performance of the contract, order history |
Article 6(1)(f) of the GDPR (legitimate interest of the ADO, consisting in the protection of the ADO's rights and its business activities |
until an effective objection is lodged |
||||||||||
PROCESSING OF WHISTLEBLOWERS' PERSONAL DATA |
|||||||||||||
Receiving, verifying and investigating reports submitted by whistleblowers in connection with violations of the law committed by the ADO |
first name, surname, telephone number, email address, function/position, data appearing in the content of the report, including special category data and data concerning convictions or violations of the law |
Article 6(1)(c) of the GDPR in conjunction with the Whistleblower Protection Act of 14 June 2024. Article 6(1)(f) of the GDPR – legitimate interest of the ADO, i.e. receiving, verifying and investigating reports of violations of the law, and investigating and defending against claims |
3 years from the end of the year in which the proceedings were concluded excess data will be deleted immediately, within 14 days of determining that it is irrelevant to the case |
||||||||||
Pursuing claims and defending against claims (including conducting court proceedings) |
first name, surname, telephone number, email address, function/position, data appearing in the content of the notification, including special category data and data concerning convictions or violations of the law |
Article 6(1)(c) of the GDPR in conjunction with the Whistleblower Protection Act of 14 June 2024. Article 6(1)(f) of the GDPR – legitimate interest of the ADO, i.e. receiving, verifying and investigating reports of violations of the law, and pursuing and defending against claims |
for the period of limitation of claims available to the ADO in connection with a given event and the periods of limitation of criminal liability for acts that are the subject of internal proceedings |
||||||||||
Ensuring the security of Services (services provided electronically), including enforcing compliance with the rules contained in the Terms and Conditions, in particular counteracting violations of applicable regulations, removing and moderating illegal content |
|
Article 6(1)(c) of the GDPR in connection with the Whistleblower Protection Act of 14 June 2024 Article 6(1)(f) of the GDPR – legitimate interest of the ADO, i.e. ensuring compliance - in terms of removing or moderating illegal content
Article 6(1)(c) of the GDPR in conjunction with Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on the Digital Single Market and amending Directive 2000/31/EC (Digital Services Act)
|
|
||||||||||
|
|
|
|
||||||||||
9. Personal data is provided to PLANIKA SP. Z O.O. voluntarily.
Article 2 – To whom is the data disclosed or transferred and how long is it stored?
1. The Customer's personal data is transferred to service providers used by PLANIKA SP. Z O.O. in the operation of the Services, depending on contractual arrangements and circumstances, or is subject to the instructions of PLANIKA SP. Z O.O. instructions regarding the manner and methods of data processing (processors) or independently determine the purposes and means of processing (controllers).
a) Processors. PLANIKA SP. Z O.O. uses the services of providers who process data on behalf of PLANIKA SP. Z O.O.. These include, among others, hosting service providers, accounting service providers, marketing system providers, website traffic analysis system providers, and marketing campaign effectiveness analysis system providers.
b) Controllers. PLANIKA SP. Z O.O. uses providers who do not act solely on its instructions and who themselves determine the purposes and means of using Customers' personal data. They provide electronic payment and banking services.
2. Location. Service providers are mainly based in Poland and other countries of the European Economic Area (EEA).
3. Customers' personal data is stored:
a) If the Customer's personal data is processed on the basis of consent, it will be processed by PLANIKA SP. Z O.O. until the consent is revoked, and after the consent is revoked, for a period corresponding to the limitation period for claims that may be raised by PLANIKA SP. Z O.O.. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activities – three years;
b) If the basis for the processing of personal data is the performance of a contract, then the Customer's personal data shall be processed by PLANIKA SP. Z O.O. for as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period for claims. Unless otherwise provided by a specific provision, the limitation period is six years, and for claims for periodic benefits and claims related to business activities – three years.
4. In the case of a purchase made on the Website operating an online store, personal data may be transferred to a courier company for the purpose of delivering the ordered goods.
5. If the Customer chooses to pay via the przelewy24.pl system, their personal data is transferred to PayPro S.A. with its registered office in Poznań (60-198 Poznań, ul. Pastelowa 8, 60-198), entered in the register of entrepreneurs kept by the District Court Poznań – Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register, under KRS number 0000347935, NIP 7792369887, Regon 301345068.
6. If the Customer chooses to pay via the PayPro system, their personal data will be transferred to PayPro S.A. with its registered office in Poznań (60-327 Poznań, ul. Kanclerska 15), entered in the Register of Entrepreneurs kept by the District Court Poznań – Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number: 0000347935.
7. Navigation Data may be used to provide Users with better service, conduct statistical data analysis, adapt the Website to Users' preferences, and administer the Website.
8. Upon receipt of a relevant request, PLANIKA SP. Z O.O. shall disclose personal data to authorised state authorities, in particular to organisational units of the public prosecutor's office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.
Article 3 – Cookies, IP address
1. The Website uses small files called cookies. They are saved by PLANIKA SP. Z O.O. on the computer of the person visiting the Website, if the web browser allows it. A cookie file usually contains the name of the domain from which it originates, the expiry time and an individual random number identifying the file. The information collected using these types of files allows PLANIKA SP. Z O.O. to tailor its offer to the individual preferences and actual needs of visitors to the Website. It also allows for the compilation of general statistics on visits to the Website.
2. PLANIKA SP. Z O.O. uses two types of cookies:
a) Session cookies: the information stored is deleted from the device's memory after the end of the browser session or when the computer is turned off. The session cookie mechanism does not allow the collection of any personal data or any confidential information from the User's computer.
b) Persistent cookies: these are stored on the hard drive of the User's computer until they are deleted. The persistent cookie mechanism does not allow any personal data or confidential information to be downloaded from the User's computer.
3. PLANIKA SP. Z O.O. uses its own cookies for the following purposes:
a) analyses, research and audience audits, in particular to create anonymous statistics that help understand how Website Users use websites, which allows for improving their structure and content.
4. PLANIKA SP. Z O.O. uses external cookies for the following purposes:
a) promoting the website via the social networking site Facebook.com (external cookie administrator: Facebook Inc based in the USA or Facebook Ireland based in Ireland);
b) presenting multimedia content on the Websites, which is downloaded from the external website www.youtube.com (external cookie administrator: Google Inc. based in the USA);
c) collecting general and anonymous statistical data via the Google Analytics analytical tool (external cookie administrator: Google Inc. based in the USA);
d) presenting the Trusted Terms and Conditions Certificate via the rzetelnyregulamin.pl Website (external cookie administrator: Rzetelna Grupa Sp. z o.o. based in Warsaw, Poland).
5. The cookie mechanism is safe for the computers of Website Users. In particular, it is not possible for viruses or other unwanted software or malware to enter Users' computers in this way. However, Users have the option of restricting or disabling access to cookies on their computers in their web browsers. If this option is used, it will still be possible to use the Website, except for functions that by their nature require cookies.
6. Below is a description of how to change your web browser settings regarding the use of cookies:
a) Chrome;
b) Browser in the Facebook application;
c) Internet Explorer;
d) Microsoft EDGE;
e) Mozilla Firefox;
f) Opera;
g) Safari;
h) Samsung Browser.
7. PLANIKA SP. Z O.O. may collect your IP address. An IP address is a number assigned to a visitor's computer by their internet service provider. The IP number enables access to the Internet. In most cases, it is assigned dynamically, i.e. it changes with each connection to the Internet and is therefore generally considered to be information that does not allow a person to be identified. The IP address is used by PLANIKA SP. Z O.O. to diagnose technical problems with the server, creating statistical analyses (e.g. determining which regions generate the most visits), as information useful for administering and improving the Website, as well as for security purposes and the possible identification of unwanted automatic programmes for browsing the Website's content that overload the server.
8. The websites contain links and hyperlinks to other websites. PLANIKA SP. Z O.O. is not responsible for the privacy policies applicable to them.
9. Files used cookies :
Cookie name |
Cookie type |
Expiry time |
|
Functional (Cloudflare, HubSpot) |
Session – 30 minutes |
|
Analytics / Functional (HubSpot) |
Session – 13 months |
|
Analytics (Microsoft Clarity) |
1 day – 1 year |
|
Analytics (Google Analytics) |
24 hours – 13 months |
|
Marketing / Security (Google) |
Up to 2 years |
|
Functional (Language preference) |
1 year |
Article 4 – Rights of data subjects
1. Right to withdraw consent – legal basis: Article 7(3) of the GDPR. 3 of the GDPR.
a) The customer has the right to withdraw the consent given to PLANIKA SP. Z O.O..
b) The withdrawal of consent is effective from the moment of its withdrawal.
c) Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
d) Withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of services or functionalities which, in accordance with the law, PLANIKA SP. Z O.O. provides only with the Customer's consent.
2. Right to object to the processing of personal data – legal basis: Article 21 of the GDPR.
a) The Customer has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, including profiling, if PLANIKA SP. Z O.O. processes their data on the basis of a legitimate interest, such as, for example, marketing of PLANIKA SP. Z O.O. products, keeping statistics on the use of individual functionalities of the Websites and facilitating the use of the Websites, as well as conducting customer satisfaction surveys;
b) Opting out electronically from marketing communications concerning products or services will mean that the Customer objects to the processing of their personal data, including profiling for these purposes;
c) If the Customer's objection is justified and PLANIKA SP. Z O.O. has no other legal basis for processing personal data, the Customer's personal data, to the processing of which the Customer has objected, will be deleted.
3. Right to erasure ("right to be forgotten") – legal basis: Article 17 of the GDPR.
a) The Customer has the right to request the erasure of all or some personal data;
b) The Customer has the right to request the deletion of some personal data if:
a. the personal data is no longer necessary for the purposes for which it was collected or processed;
b. the Customer has withdrawn their consent to the extent that the personal data was processed on the basis of consent;
c. the Customer has objected to the use of their data for marketing purposes;
d. the personal data is being processed unlawfully;
e. the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which PLANIKA SP. Z O.O is subject;
f. the personal data has been collected in relation to the offering of information society services.
c) Despite a request to delete personal data in connection with an objection or withdrawal of consent, PLANIKA SP. Z O.O. may retain certain personal data to the extent that processing is necessary for the establishment, pursuing or defending legal claims, as well as to comply with a legal obligation requiring processing under Union law or the law of the Member State to which PLANIKA SP. Z O.O. is subject. This applies in particular to: first name, surname, e-mail address, which data is stored for the purpose of handling complaints and claims related to the use of PLANIKA SP. Z O.O. services, or additionally the address of residence/correspondence, order number, which data is stored for the purpose of handling complaints and claims related to concluded sales contracts or the provision of services.
4. Right to restrict processing – legal basis: Article 18 of the GDPR.
a) The customer has the right to request the controller to restrict the processing of their personal data. Until such a request is considered, it prevents the use of certain functionalities or services, the use of which would involve the processing of personal data covered by such a request. Furthermore, PLANIKA SP. Z O.O. will not send any messages, including marketing communications.
b) The customer has the right to request the restriction of the processing of their personal data in the following cases:
a. When they question the accuracy of their personal data; in such a case, PLANIKA SP. Z O.O. will restrict its use for a period allowing the accuracy of the personal data to be verified, but for no longer than 7 days;
b. When the processing of data is unlawful and the Customer requests the restriction of its use instead of its deletion;
c. When the personal data is no longer necessary for the purposes for which it was collected or used, but is needed by the Customer to establish, pursue or defend claims;
d. when the Customer has objected to the processing of their data – in this case, the restriction shall apply for the time necessary to consider whether, due to the specific situation, the protection of the Customer's interests, rights and freedoms outweighs the interests pursued by the Controller in processing the Customer's personal data.
5. Right of access to data – legal basis: Article 15 of the GDPR.
a) The Customer has the right to obtain confirmation from the Controller as to whether personal data is being processed and, if so, the Customer has the right to
a. access their personal data;
b. obtain information about the purposes of processing, the categories of personal data being processed, the recipients or categories of recipients of such data, the planned period of storage of personal data or the criteria for determining that period (if it is not possible to specify the planned period of data processing), the Customer's rights under the GDPR and the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of the data outside the European Union;
c. obtain a copy of their personal data.
6. Right to rectification – legal basis: Article 16 of the GDPR
a) The Customer has the right to request the Controller to immediately rectify any personal data concerning them that is incorrect. Taking into account the purposes of the processing, the Customer has the right to request the completion of incomplete personal data, including by submitting an additional statement, by sending their request to the e-mail address indicated in the Privacy Policy.
7. Right to data portability – legal basis: Article 20 of the GDPR.
a) The Customer has the right to receive their personal data that they have provided to the Controller and then send it to another data controller of their choice. The Customer has the right to request that personal data be sent by us directly to another controller, if technically possible. In this case, the Controller will send the Customer's personal data in a csv file, which is a commonly used machine-readable format that allows the processed data to be sent to another data controller.
8. If the Customer wishes to exercise any of the above rights, PLANIKA SP. Z O.O. shall comply with the request or refuse to comply with it immediately, but no later than within one month of receiving it. However, if, due to the complex nature of the request or the number of requests, PLANIKA SP. Z O.O. is unable to comply with the request within one month, it shall comply with it within the next two months, informing the Customer in advance, within one month of receiving the request, of the intended extension of the deadline and of its own actions.
9. The Customer may submit complaints, questions or requests regarding the processing of their personal data and the exercise of this right.
10. The Customer has the right to request PLANIKA SP. Z O.O. to provide a copy of the standard contractual clauses by submitting a request in the manner specified in the Privacy Policy.
11. The customer has the right to lodge a complaint with the President of the Personal Data Protection Office regarding the violation of their rights relating to the processing of personal data or other rights granted under the GDPR.
Article 5 – Changes to the Privacy Policy
1. The Privacy Policy is subject to change, of which PLANIKA SP. Z O.O. will give 7 days' notice.
2. Any additional questions regarding the Privacy Policy should be directed to: planika@planikafires.com.
3. Date of last change : 13.10.2025.