INCLUDING GDPR AND COOKIE POLICY
PRIVACY POLICYevery detail matters
WEBSITE PRIVACY POLICY FOR DAMZO.PL
This Website Privacy Policy is for informational purposes only, meaning it does not create obligations for the Website Users. The Privacy Policy primarily outlines the principles regarding the processing of personal data by the Administrator on the Website, including the bases, purposes, and scope of personal data processing, as well as the rights of individuals whose data is processed, and information regarding the use of cookies and analytical tools on the Website.
The Administrator of personal data collected via the Website is DAMIAN GRUSZCZYŃSKI conducting business under the name DAMZO DAMIAN GRUSZCZYŃSKI registered in the Central Registration and Information on Business (CEIDG) of the Republic of Poland maintained by the minister responsible for the economy, having: business address and address for service of documents: Plewiska, ul. Kminkowa, nr 170A, lok. 2, 62–064, NIP 7661096928, REGON 365668318, email address: kontakt@damzo.pl, phone number: +48 502 240 792 — hereinafter referred to as the ‘Administrator’ and also the Owner of the Website.
Personal data on the Website is processed by the Administrator in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as ‘GDPR’ or ‘GDPR Regulation’Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
Using the Website is voluntary. Similarly, providing personal data by the User of the Website is voluntary, with two exceptions: (1) entering into agreements with the Administrator: not providing the data in cases and to the extent required for entering into and performing a Sales Agreement or an agreement for the provision of Electronic Services with the Administrator will result in the inability to conclude such an agreement. Providing personal data is a contractual requirement in such cases, and if the data subject wishes to enter into the agreement with the Administrator, they are obliged to provide the required data. The scope of data required to conclude the agreement is always specified by the Administrator; (2) statutory obligations of the Administrator: providing personal data is a statutory requirement resulting from generally applicable laws imposing on the Administrator the obligation to process personal data (e.g., data processing for keeping tax or accounting records) and the failure to provide such data will prevent the Administrator from fulfilling these obligations.
The Administrator exercises special care to protect the interests of data subjects whose personal data is processed by him, and in particular, is responsible for and ensures that the data he collects is: (1) processed lawfully; (2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes; (3) factually correct and adequate to the purposes for which it is processed; (4) stored in a form that allows identification of the data subjects for no longer than necessary to achieve the purpose of processing; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
Taking into account the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Administrator implements appropriate technical and organizational measures to ensure and be able to demonstrate that processing is performed in accordance with this Regulation. These measures are reviewed and updated as necessary. The Administrator uses technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.
All words, expressions, and acronyms appearing in this Privacy Policy and beginning with a capital letter (e.g., Website, Electronic Service) should be understood in accordance with their meaning as defined in this document.
BASIS FOR DATA PROCESSING
The Administrator is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The processing of personal data by the Administrator requires the existence of at least one of the bases listed above. The specific bases for processing personal data of the Website Users by the Administrator are indicated in the next section of the privacy policy – in relation to the specific purpose of personal data processing by the Administrator.
PURPOSE, BASIS, PERIOD, AND SCOPE OF DATA PROCESSING ON THE WEBSITE
The purpose, basis, period, scope, and recipients of personal data processed by the Administrator are determined by the actions taken by the respective User on the Website.
The Administrator may process personal data on the Website for the following purposes, on the following bases, for the following periods, and within the following scope:
| Purpose of Data Processing | Legal Basis for Processing and Data Retention Period | Scope of Processed Data |
| Execution of the contract for the provision of Electronic Services or taking steps at the request of the data subject prior to entering into the contract | Article 6(1)(b) of the GDPR (performance of the contract)
Data is stored for the period necessary for the execution, termination, or expiration of the contract. |
Maximum scope: first and last name/company name, email address. |
| Direct marketing | Article 6(1)(f) of the GDPR (legitimate interest of the administrator) Data is stored for the duration of the legitimate interest of the Administrator, but no longer than for the period of limitation of the claims against the data subject in respect of the business activity conducted by the Administrator. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for a sales contract — two years). |
Maximum scope: first and last name, email address. |
PURPOSE, BASIS, PERIOD, AND SCOPE OF DATA PROCESSING ON THE WEBSITE
The purpose, basis, period, scope, and recipients of personal data processed by the Administrator are determined by the actions taken by the respective User on the Website.
The Administrator may process personal data on the Website for the following purposes, on the following bases, for the following periods, and within the following scope:
| Purpose of Data Processing | Legal Basis for Processing and Data Retention Period | Scope of Processed Data |
| Execution of the contract for the provision of Electronic Services or taking steps at the request of the data subject prior to entering into the contract | Article 6(1)(b) of the GDPR (performance of the contract)
Data is stored for the period necessary for the execution, termination, or expiration of the contract. |
Maximum scope: first and last name/company name, email address. |
| Direct marketing | Article 6(1)(f) of the GDPR (legitimate interest of the Administrator) Data is stored for the duration of the legitimate interest of the Administrator, but no longer than for the period of limitation of the claims against the data subject in respect of the business activity conducted by the Administrator. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for a sales contract — two years). |
Maximum scope: first and last name, email address. |
| Marketing | Article 6(1)(a) of the GDPR (consent) Data is stored until the consent is withdrawn by the data subject. |
First name, email address. |
| Establishing, pursuing, or defending claims that may be raised by the Administrator or which may be raised against the Administrator | Article 6(1)(f) of the GDPR (legitimate interest of the Administrator) Data is stored for the duration of the legitimate interest of the Administrator, but no longer than for the period of limitation of claims against the data subject, resulting from the business activities conducted by the Administrator. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for a sales contract — two years). |
First and last name; contact phone number; email address; delivery address (street, house number, apartment number, postal code, city, country), residential/business/registered address (if different from the delivery address). For Service Users or Clients who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service User or Client. |
RECIPIENTS OF DATA ON THE WEBSITE
For the proper functioning of the Website, it is necessary for the Administrator to use the services of external entities (such as software providers). The Administrator uses only the services of such data processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.
The transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
The personal data of the Website Users may be transferred to the following recipients or categories of recipients:
a. Carriers / shippers / courier brokers — if you use the method of delivery of the Product by postal or courier service, the Administrator provides your collected personal data to the selected carrier, shipper, or intermediary performing the shipment on behalf of the Administrator to the extent necessary to complete the delivery of the Product.
RIGHTS OF THE DATA SUBJECT
Right of access, rectification, restriction, erasure, or portability – the data subject has the right to request from the Administrator access to their personal data, rectification, erasure (“right to be forgotten”), or restriction of processing, and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the above-mentioned rights are indicated in Articles 15–21 of the GDPR Regulation.
Right to withdraw consent at any time – a person whose data is processed by the Administrator based on expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation) has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with a supervisory authority – a person whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
Right to object – the data subject has the right to object at any time – on grounds relating to their particular situation – to the processing of personal data concerning them based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the Administrator), including profiling based on those provisions. The Administrator shall no longer process the personal data unless he demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling to the extent that it is related to such direct marketing.
To exercise the rights referred to in this point of the privacy policy, you can contact the Administrator by sending an appropriate message in writing or by email to the Administrator’s address indicated at the beginning of the privacy policy or by using the contact form available on the Website.
PROFILING ON THE WEBSITE
The GDPR Regulation imposes an obligation on the Administrator to inform about automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR Regulation, and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Considering this, the Administrator provides information regarding possible profiling in this point of the privacy policy.
The Administrator may use profiling on the Website for direct marketing purposes, but decisions based on profiling by the Administrator do not concern the conclusion or refusal to conclude a Sales Agreement, or the possibility of using Electronic Services. The effect of using profiling may be, for example, granting a discount to a given person, sending them a discount code, reminding them of unfinished purchases, sending a proposal for a Product that may match the interests or preferences of a given person, or offering better conditions compared to the standard offer. Despite profiling, it is up to the individual to decide whether they want to take advantage of the received discount or better conditions and make a purchase.
Profiling on the Website involves the automatic analysis or prediction of a given person’s behavior on the Website, for example by adding a specific Product to the cart, browsing a specific Product page. The condition for such profiling is that the Administrator has the personal data of a given person to be able to send them, for example, a discount code.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
Cookies are small text files in the form of text files sent by a server and saved on the side of the person visiting the Website (e.g., on the hard drive of a computer, laptop, or on a smartphone’s memory card – depending on the device used by the visitor to our Website). Detailed information about cookies, as well as their history, can be found, among others, here: http://pl.wikipedia.org/wiki/Ciasteczko.
The Administrator may process the data contained in cookies when visitors use the Website for the following purposes:
- adjusting the content of the Website to the individual preferences of the User (e.g., regarding colors, font size, page layout) and optimizing the use of the Website;
- conducting anonymous statistics presenting the way of using the Website;
By default, most web browsers available on the market accept saving cookies by default. Everyone has the option of determining the conditions for using cookies through their browser settings. This means that you can, for example, partially limit (e.g., temporarily) or completely disable the possibility of saving cookies – in the latter case, however, it may affect some functionalities of the Website.
Browser settings regarding cookies are important from the perspective of consent to use cookies by our Website – in accordance with the regulations, such consent may also be expressed through browser settings. In the absence of such consent, you should appropriately change your web browser settings regarding cookies.
Detailed information on changing cookie settings and their independent deletion in the most popular web browsers are available in the browser’s help section and on the following pages (just click the given link):
- in the Chrome browser
- in the Firefox browser
- in the Internet Explorer browser
- in the Opera browser
- in the Safari browser
- in the Microsoft Edge browser
Zadzwoń lub napisz do nas, aby otrzymać indywidualną ofertę
Damian Gruszczyński
Kontakt
DAMZO DAMIAN GRUSZCZYŃSKI
ul. Jarzębinowa 11
60–185 Skórzewo
+48 502 240 792
kontakt@damzo.plTooltip Text
Copyright © Damzo 2023
PROJEKT I WYKONANIE: PIOTR JEZIORNY 