Contact with personal data controller
The Controller of your data is DARUMA sp. z o.o. with its registered office in Łódź, ul. Zbąszyńska 3, 91-342 Łódź, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Łódź-Śródmieście in Łódź, 20th Commercial Division of the National Court Register, under the KRS no. 0000219771, REGON (Business ID): 473282779, NIP (Tax ID): 9471914419, with the share capital of PLN 42,000,000, having the status of a large entrepreneur within the meaning of the Act of 8 March 2013
on counteracting excessive delays in commercial transactions.
You can contact us at: +48 42 888 61 45/42 200 71 50 or by sending an e-mail to the following address: firstname.lastname@example.org
Introduction - definitions
• Website/site – a website available at https://www.daruma-pelion.eu/ and all services provided in the domain.
• User – a person who voluntarily uses services available on the Website, in particular browses through the pages of the Website.
• Data processing – performing any operation on personal data, that is, collecting, recording, organising, ordering, storing, adapting or modifying, downloading, browsing, using, disclosing by sending, disseminating or otherwise making available, matching or combining, limiting, deleting or destroying.
• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
• persons viewing the Website pages;
• persons contacting us by e-mail, telephone or other means.
Objectives and legal basis for processing of personal data
Personal data obtained by Daruma Spółka z o.o. within the operation of the Website is processed for specific purposes and on the basis of indicated legal grounds, always in accordance with the law.
The data is processed for the following purposes:
• contacting us, that is, receiving and handling requests and enquiries addressed to us via e-mail, phone, other means of remote communication – the legal basis for processing is our legitimate interest consisting in handling requests and handling correspondence in connection with messages sent by the Users and answering questions sent by the Users (Article 6(1)(f) of the GDPR);
• establishment, investigation or defence of claims – the legal basis for processing is our legitimate interest consisting in the possession of the User's personal data that allows to establish, assert or defend against claims (Article 6(1)(f) of the GDPR);
• creating records of data processing activities and records resulting from the GDPR – the legal basis for the processing is the law (Article 6(1)(c) of the GDPR) and our legitimate interest consisting in the possession of information about persons exercising their rights under the GDPR (Article 6(1)(f) of the GDPR);
• storing data for archiving (evidence) purposes in order to secure information in the event of a legal need to prove facts, which is our legitimate interest – the legal basis for processing is our legitimate interest (Article 6(1)(f) of the GDPR);
• direct marketing of own products and services, which is our legitimate interest – the legal basis for processing is our legitimate interest (Article 6(1)(f) of the GDPR);
• analytical, consisting, for example, in the analysis of data and statistics collected automatically when using the site, including through third-party cookies - the legal basis for processing is our legitimate interest consisting in researching Users' activities on the site (Article 6(1)(f) RODO);
• administration and management of the Website, which is our legitimate interest – the legal basis for processing is our legitimate interest consisting in administering the Website (Article 6(1)(f) of the GDPR);
How do we obtain personal data?
We obtain your personal data directly from you. Providing personal data is always voluntary. However, it may turn out that if it is not given, our cooperation will not be possible.
Moreover, the Website uses its own cookies and third parties – due to this, some information about you may be collected automatically. During the use of the Website, IT data concerning the visit, the "server logs", are also obtained automatically. See the Cookies section below for details (points 17 et seq.).
What personal data may be processed by us?
The scope of personal data processed is limited to the minimum necessary for the provision of services and depends on the purpose for which the data is processed. Depending on the details, the catalogue of such data may be different. The provision of data that is not necessary for the provision of the service is voluntary and requires explicit consent to its further processing. Then the processing of such data takes place on the basis of consent (Article 6(1)(a) of the GDPR).
We process the data you provide in connection with the commencement of cooperation with us or in connection with the commencement of cooperation by your Employer or Principal. Most often it is your first name, last name, e-mail address, telephone number, position and employer's data. If you are an independent entrepreneur, we also process your Tax Identification Number (NIP), National Business Registry Number (REGON), registered office address and bank account number.
Period of storage of personal data
Your personal data will be processed for the period necessary to achieve individual purposes of processing.
• Personal data processed in connection with contacting us, that is receiving and handling requests and enquiries addressed to us via e-mail, telephone, other means of remote communication (e.g. via social media) will be processed for the time necessary to handle a request/inquiry, and then for the period of archiving to secure information in case of a legal need to prove facts in the future, if archiving is justified due to our legitimate interest in establishing, pursuing or defending claims.
• Personal data processed in connection with the establishment, investigation or defence of claims will be processed until the expiry of the limitation period.
• Personal data processed in connection with the performance of legal obligations imposed on Daruma Sp. z o.o., including the fulfilment of legal requirements for keeping records of data processing activities and records resulting from the GDPR, will be processed for the time required by law.
• Personal data processed for analytical purposes and in connection with the administration of the Website will be processed until it becomes obsolete or no longer useful, but no longer than 3 years from the end of the year in which it was collected.
• Personal data processed for the purpose of direct marketing of own products and services will be processed us until you object to its processing.
• If the legal basis for the processing of personal data is our legitimate interest, personal data will be processed until the data owner objects to the processing for this purpose.
• If the legal basis for the processing of personal data is the consent of the data owner, personal data will be processed until the data owner withdraws their consent to the processing or we achieve the purpose of the processing, whichever comes first.
Personal data recipients
In conducting our business, we are supported by entities that provide and support the IT systems used by us and entities that provide services related to day-to-day operations. It happens that we entrust your personal data to these entities. However, we make it available under relevant agreements for entrusting the processing of personal data and ensuring that the above-mentioned entities apply adequate technical and organisational measures ensuring data protection. These entities process your data only in accordance with our order and to achieve the agreed purpose.
Your data may also be provided to entities authorised to obtain it on the basis of applicable law, e.g. law enforcement authorities in the case of a request made by the authority on an appropriate legal basis (e.g. for the purposes of pending criminal proceedings).
At the same time, we would like to inform you that the transfer of data takes place on the basis of concluded personal data processing agreements and these entities guarantee appropriate personal data protection and security measures required by law.
If necessary and required by applicable provisions of law, your personal data may be made available to competent public authorities (courts, prosecutor's office, police).
What rights does the data owner have in relation to the processing of personal data?
What are your rights related to the processing of personal data?
You have the following rights in connection with the processing of your personal data by us:
• right to access your data, including to obtain a copy of your data,
• right to request rectification of data,
• right to erase data (in specific situations),
• right to lodge a complaint with the supervisory authority dealing with personal data protection,
• right to restrict data processing.
If you have given us your consent to the processing of your data, you also have:
• the right to withdraw consent to the extent it is processed on this basis. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal,
• the right to transfer personal data, i.e. to receive your personal data from the controller in a structured, commonly used and machine-readable format. You may transfer this data to another data controller.
In order to exercise the above rights, contact the controller or the Data Protection Officer.
The right to withdraw the consent
If the processing of your personal data takes place on the basis of a voluntary consent of the data owner, they may withdraw this consent at any time. In order to withdraw the consent to the processing of personal data, please contact: email@example.com
Withdrawal of consent to the processing of personal data is possible at any time and does not affect the lawfulness of processing based on consent before its withdrawal.
The right to lodge a complaint with the supervisory authority
If you believe that we are processing your personal data unlawfully or there has been an infringement of data protection regulations in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority (the President of the Personal Data Protection Office).
Requirement to provide personal data
Providing personal data is always voluntary. However, it may turn out that if it is not given, our cooperation will not be possible.
How do we protect personal data?
Your personal data is secure. We apply appropriate technical and organisational measures to ensure the protection of the processed data, appropriate to the risks and categories of protected data, in particular we secure the data against unauthorised access, takeover by unauthorised persons, unlawful processing and alteration, loss, damage or destruction.
Access to personal data is restricted to authorised persons only, who are obliged to keep the data and their security measures confidential.
Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) which can be read by the Website ICT system, as well as by ICT systems belonging to other entities whose services we use (own cookies and third-party cookies). The Website uses "temporary" cookies, which are deleted when you close your browser, and "permanent" cookies, which are stored even after you have finished using the Website for the time specified in the parameters of the cookies.
Cookies do not collect personal data or any confidential information from your computer. The Users’ identity is not determined on their basis.
How to turn off cookies?
Why do we use our own cookies?
We use our own cookies to ensure the proper functioning of the website. In particular, own cookies help improve the speed and security of using the Website, and improve the functions available on the website.
Which third party cookies do we use?
The website includes cookies of third parties.
What are server logs?
Apart from cookies, the Website may also collect data customarily collected by administrators of Internet systems within the server logs. The information contained in the logs may include: IP address, date and time of the visit to the Website, information about the Internet browser and operating system, Internet provider, address of the website from which the User was redirected to the website and others. Logs are saved and stored on the server. No data allowing identification of the User is collected within the server logs. Server logs are only auxiliary material used for administration of the website, and only persons authorised to administer the server have access to them.
Can the privacy and cookies policy change?