Privacy Policy
Privacy Policy
I. OPTIX Abadowski & Partners Limited Partnership, based in Choroszcz, at 42 Warszawska Street, registered by the District Court in Białystok, 12th Commercial Division of the National Court Register under KRS number: 0000651286, REGON: 366033480, NIP: 9662107977, as the Administrator of your personal data, hereinafter referred to as the "Data Controller" (ADO), takes care of your privacy. Therefore, based on the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1) – hereinafter GDPR, we provide you with the most important information about the principles of processing your personal data by the ADO, including cookies used by our online platform.
II. The Data Controller collects and processes personal data in accordance with applicable regulations, including in particular the GDPR, and the data processing principles provided therein. We strive to ensure transparency in data processing, and in particular, we always inform you about the processing of data at the time of its collection, including the purpose and legal basis for processing. The Data Controller ensures that data is collected only to the extent necessary for the specified purpose and processed only for as long as necessary.
III. During the processing of personal data, we ensure their security and confidentiality, as well as access to information about this processing for the individuals whose data is concerned. In the event that, despite the security measures applied, a personal data breach occurs (e.g., data 'leak' or loss), we apply the provisions of the GDPR and inform the supervisory authority and the individuals whose data is concerned in a manner compliant with the GDPR.
PERSONAL DATA ADMINISTRATOR ("Administrator")
1. The administrator of your personal data, including in connection with using our offer, including using the website www.optix-24.pl, hereinafter referred to as the “Service,” is OPTIX Abadowski i wspólnicy Spółka Komandytowa, based in Choroszcz, ul. Warszawska 42, registered by the District Court in Białystok, 12th Commercial Division of the National Court Register under KRS number: 0000651286, REGON: 366033480, NIP: 9662107977.
2. For matters related to the processing of personal data by the Data Administrator, information can be obtained by contacting the Data Administrator in the following ways:
• by phone: +48 730 800 189
• by sending information to the email address: optix@optix-24.pl
• by mail or in person at the address of the Data Administrator's headquarters: OPTIX Abadowski i wspólnicy Spółka Komandytowa, ul. Warszawska 42, 16-070 Choroszcz
DATA PROTECTION OFFICER
The administrator has appointed a Data Protection Officer - Mr. Zbigniew Majewski, who can be contacted at the e-mail address: iodo@optix-24.pl
FOR WHAT PURPOSE AND ON WHAT BASIS DO WE PROCESS PERSONAL DATA
1. ADO may process the following personal data of Clients: first and last name; email address; contact phone number; delivery address (street, house number, apartment number, postal code, city, country), residential/business/headquarters address (if different from the delivery address). In the case of Users or Clients who are not consumers, the Administrator may also process the company name and the tax identification number (NIP) of the Service Recipient or Client. Providing the personal data mentioned above may be necessary to conclude and perform the Sales Agreement.
2. Your data voluntarily provided by you, for the following purposes:
| PURPOSE | LEGAL BASIS |
|---|---|
| Displaying web pages | Our legitimate interest (Art. 6(1)(f) GDPR) consists in providing the service and the need to protect against abuse. |
| Order fulfillment to process the placed order (including any possible complaints) |
- podstawą prawną przetwarzania jest niezbędność przetwarzania do wykonania umowy (art. 6 ust. 1 lit. b) RODO); w zakresie<br>danych podanych fakultatywnie, podstawą prawną przetwarzania jest zgoda (art. 6 ust. 1 lit. a) RODO) ;<br>- podstawą prawną przetwarzania jest obowiązek prawny (art. 6 ust. 1 lit. c) RODO) w celu realizacji obowiązków ustawowych<br>ciążących na administratorze, wynikających w szczególności z przepisów podatkowych i przepisów o rachunkowości |
| Determination, investigation, and enforcement of claims | – podstawą prawną przetwarzania jest uzasadniony interes administratora (art. 6 ust. 1 lit. f) RODO), polegający na ustaleniu, dochodzeniu i egzekucji roszczeń oraz na obronie przed roszczeniami w postępowaniu przed sądami i innymi organami państwowymi. |
| Handling complaints and requests, responding to questions | Legal basis. Our legitimate interest (Art. 6(1)(f) GDPR), consisting of improving the functionality of services provided electronically and building positive relationships with Users and non-logged-in Users, based on reliability and loyalty. |
| Providing an answer to the inquiry | – the legal basis for processing is the legitimate interest of the data controller (Art. 6(1)(f) GDPR), consisting in responding to an inquiry sent, for example, via email |
| consideration of complaints, requests, and appeals, based on Article 6(1)(b-c) and (f) of the GDPR, | consideration of complaints, requests, and appeals, based on Article 6(1)(b-c) and (f) of the GDPR, ... |
HOW LONG WE KEEP PERSONAL DATA
1. The data processing period depends on the type of service provided and the purpose of the processing. The processing period may also result from regulations, if they constitute the basis for processing.
2. If the basis for processing is the necessity to conclude and perform a contract, the data will be processed for the duration of the service or order fulfillment until the contract is completed.
3. If processing is based on consent, the data is processed until the consent is withdrawn or an effective objection or request for data deletion is made.
4. In the case of data processing based on the legitimate interest of the data controller, the data is processed for a period that allows its realization or until an effective objection to the processing of the data is made.
5. The data processing period may be extended if the processing is necessary for establishing, pursuing, or defending against potential claims, and after that period, only if and to the extent required by law. We will process your data only for the period during which we have a legal basis to do so, that is, until:
a) the legal obligation requiring us to process your data ceases to apply to us;
b) the possibility of pursuing claims related to a contract concluded by either party expires;
c) you withdraw your consent to data processing, if that was the basis for processing;
– depending on which applies in a given case and what occurs last.
After the processing period ends, the data is irreversibly deleted or anonymized.
CATEGORIES OF PERSONAL DATA RECIPIENTS
1. In connection with the provision of services by the Data Controller, your personal data may be disclosed to external entities, including in particular IT service providers, including those responsible for managing IT systems used to provide online services, entities such as banks and payment operators, entities providing accounting services, companies providing courier and parcel services, marketing agencies (for marketing services), entities providing legal or accounting services, couriers, and marketing agencies.
2. If you give such consent, your data may also be shared with other entities for their own purposes, including marketing purposes.
3. Your data may be disclosed to the appropriate authorities or third parties who request such information, based on a relevant legal basis that imposes a legal obligation to provide the information and in accordance with applicable law – we provide your personal data if requested by authorized state authorities, in particular organizational units of the prosecutor's office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.
4. The Data Controller is aware that the level of personal data protection outside the European Economic Area (EEA) differs from that provided under European law. The entities with which the Data Controller cooperates are primarily based in Poland and other countries within the European Economic Area (EEA). The Data Controller transfers personal data outside the EEA only when necessary and with an appropriate level of protection, primarily through: cooperation with entities processing personal data in countries for which a relevant European Commission decision has been issued; the use of standard contractual clauses issued by the European Commission; the application of binding corporate rules approved by the relevant supervisory authority; in the case of transferring data to the USA – cooperation with entities participating in the Privacy Shield program. (Privacy Shield), approved by a decision of the European Commission. The data controller always informs about the intention to transfer personal data outside the EEA at the stage of their collection.
THE RIGHTS OF THE PERSON WHOSE PERSONAL DATA WE PROCESS
We ensure the exercise of your rights indicated below. You can exercise your rights by submitting a request to the contact details provided in section IV above. The data subject has the following rights:
a) Right to rectification of data
You have the right to correct and complete the personal data you have provided. With regard to other personal data, you have the right to request that we correct this data (if it is incorrect) and complete it (if it is incomplete).
b) The right to object to the use of data
You have the right to object at any time to the use of your personal data, including profiling, if we process your data based on our legitimate interest.
If your objection is justified and we have no other legal basis for processing your personal data, we will delete the data you objected to being used.
c) Right to data deletion ('right to be forgotten')
You have the right to request the deletion of all or some of your personal data. A request to delete all personal data will be treated as a request to delete your Account. You have the right to request the deletion of personal data if:
a) you have withdrawn a specific consent, to the extent that personal data was processed based on your consent;
b) your personal data is no longer necessary for the purposes for which it was collected or processed;
c) you objected to the use of your data for marketing purposes;
d) your personal data is being processed unlawfully.
Despite a request to delete personal data, in connection with an objection or withdrawal of consent, we may retain certain personal data to the extent necessary for the purposes of establishing, pursuing, or defending claims. This particularly applies to personal data including: first name, last name, email address, and application history, which we retain for the purposes of handling complaints and claims related to the use of our services.
d) The right to restrict data processing
You have the right to request the restriction of the processing of your personal data. If you make such a request, until it is processed, we will prevent you from using certain features or services that involve the processing of the data covered by your request. We will also not send you any communications, including marketing messages.
You have the right to request the restriction of the use of your personal data in the following cases:
a) when you question the accuracy of your personal data – in that case, we will limit its use for the time necessary to verify the accuracy of your data, but not longer than 7 days;
b) when the processing of your data is unlawful, and instead of deleting the data, you request a restriction on its use;
c) when your personal data is no longer necessary for the purposes for which we collected or used them, but they are needed by you to establish, exercise, or defend claims;
d) when you have objected to the processing of your data – in this case, the restriction applies for the time needed to consider whether, due to your particular situation, the protection of your interests, rights, and freedoms overrides the interests we pursue by processing your personal data.
e) Right of access to data
You have the right to obtain from us confirmation as to whether we are processing your personal data, and if so, you have the right to:
a) access your personal data;
b) obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of this data, the planned period for storing your data or the criteria for determining that period, the rights available to you under the GDPR, and the right to lodge a complaint with a supervisory authority, the source of this data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of this data outside the European Union;
c) obtain a copy of your personal data.
f) The right to withdraw consent
If your data is processed based on given consent, you have the right to withdraw it at any time, which, however, does not affect the lawfulness of processing carried out before the withdrawal of that consent.
g) Right to data portability
You have the right to receive your personal data that you provided to us and then transfer it to another data controller of your choice. You also have the right to request that the personal data be sent directly by us to such another data controller, if technically feasible. We will send your personal data in a file in a commonly used, machine-readable format that allows the received data to be transferred to another data controller.
h) Right to complain
If you believe that the processing of personal data violates the GDPR or other personal data protection regulations, you can file a complaint with the President of the Personal Data Protection Office.
1. If the Data Controller (ADO) is unable to identify the person submitting the request based on the provided submission, they will ask the applicant for additional information. The request can be submitted in person or through an authorized representative (e.g., a family member).
2. For data security purposes, the Data Controller encourages the use of a power of attorney certified by a notary or an authorized legal advisor or attorney, which will significantly speed up the verification of its authenticity.
3. The response is provided in writing, unless the request was submitted via e-mail or requested that the response be delivered in electronic form.
4. How long does it take us to fulfill your request? If you submit a request to us to exercise the rights mentioned above, we will either fulfill that request or refuse to do so promptly, but no later than within one month of receiving it. However, if—due to the complex nature of the request or the number of requests—we are unable to fulfill your request within a month, we will do so within the following two months, informing you in advance of the intended extension of the deadline. For technical reasons, we always need 24 hours to update the settings you have selected in our systems. Therefore, it may happen that you receive an e-mail from us during the system update, even if you have opted out of receiving such messages.
5. Reporting complaints, inquiries, and requests You can submit to us complaints, inquiries, and requests regarding the processing of your personal data and the exercise of your rights.
PROFILING
As part of the Service, we may automatically tailor certain content to your needs, i.e., carry out profiling using the personal data you provide. Before we carry out profiling based on which decisions will be made that:
a) have legal effects on you,
b) affect you in a similarly significant way,
we will ask for your consent. Remember that you can withdraw your consent at any time. Processing of data up until the moment you withdraw your consent remains lawful.
REQUIREMENT TO PROVIDE PERSONAL DATA
Providing your personal data is voluntary, but in some cases it may be necessary to conclude a contract. Depending on the purpose for which the data is provided, it may not be possible to make purchases in the Store.
DATA SECURITY
The Data Controller makes efforts to ensure the security of your personal data. In order to ensure the integrity and confidentiality of the data, the Data Controller:
a) has implemented procedures that allow access to personal data only to authorized persons and only to the extent necessary for the tasks they perform.
b) applies organizational and technical solutions to ensure that all operations on personal data are recorded and carried out only by authorized persons.
c) also takes the necessary actions to ensure that subcontractors and other entities cooperating with the Data Controller provide a guarantee of applying appropriate security measures in every case where they process personal data on behalf of the Data Controller.
d) Performs risk analysis and monitors the adequacy of the data protection measures in place in relation to identified threats.
e) If necessary, the data controller implements additional measures to enhance data security.
COOKIES
1. Cookies are small text information in the form of text files, sent by the server and stored on the side of the person visiting the website (e.g., on the hard drive of a computer, laptop, or on a smartphone memory card – depending on the device the visitor uses to access our Online Store). Detailed information about cookies, as well as the history of their creation, can be found, among other places, here: http://pl.wikipedia.org/wiki/Ciasteczko. The website uses the following types of cookies:
1.1 session or temporary cookies, which are associated with the session and are stored on the user's device until they leave the website;
1.2 persistent cookies, which remain in the browser after the session ends (unless deleted by the user);
1.3 third-party cookies, originating from advertising servers of entities cooperating with the website.
2. ADO may process the data contained in Cookies when visitors use the Online Store's website for the following purposes: a) identifying Users as logged into the Online Store and showing that they are logged in; b) remembering Products added to the cart for placing an Order; c) remembering data from completed Order Forms, surveys, or login data for the Online Store.
c) storing data from completed Order Forms, surveys, or login information for the Online Store;
d) customizing the content of the Service's website to the individual User's preferences (e.g., regarding colors, font size, page layout) and optimizing the use of the Service's pages;
e) conducting anonymous statistics showing how the Service's website is used.
3. By default, most web browsers available on the market accept saving Cookies. Everyone has the option to specify the conditions for using Cookies through their own web browser settings. This means that you can, for example, partially limit (e.g., temporarily) or completely disable the ability to save Cookies – in the latter case, however, this may affect some functionalities of the Online Store (for example, it may become impossible to complete the Order process through the Order Form due to Products not being remembered in the cart during subsequent steps of placing the Order).
4. Web browser settings regarding Cookies are important from the perspective of consenting to the use of Cookies by our Online Store – according to regulations, such consent can also be expressed through internet browser settings. If such consent is not given, the internet browser settings regarding cookies should be adjusted accordingly.
5. Detailed information on how to change cookie settings and delete them yourself in the most popular web browsers is available in the browser's help section and on the following pages (just click on the link):
- in Chrome browser in Firefox browser
- in Internet Explorer browser in Opera browser
- in Safari browser
- in Microsoft Edge browser
6. ADO also processes anonymized operational data related to the use of the Website (IP address, domain) to generate statistics helpful in managing the Website. This data is aggregate and anonymous, meaning it does not contain features that identify individuals visiting the Website. This data is not disclosed to third parties.