Privacy Policy Polcar PPH

RE.OG.1
Version: 2.0

The following Privacy Policy describes the principles of personal data processing and protection applied at Polcar PPH with its registered office in Warsaw (02-619) at Wejnerta 19 Street, NIP 521-044-50-18.

I Personal data controller
1.1 The administrator of personal data of persons cooperating with Polcar PPH, customers, users of Internet catalogues and visitors to websites administered by Polcar PPH is Polcar PPH with its registered office in Warsaw (02-619) at Wejnerta 19, NIP 521-044-50-18, hereinafter referred to as the Administrator.

1.2 The Administrator processes personal data in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

II Rules on the collection of personal data
2.1 Data sources

1. The provision of personal data is voluntary but necessary for the processing of enquiries and orders. Consent given for any purpose of processing can be revoked at any time.
2. The Administrator may obtain personal data from public sources e.g. KRS, CEIDG registers and from sources with restricted access e.g. KRD, BIG. In such a case, verification of whether there is a legal basis for the processing of personal data is required.
3. Browsing the content of the websites does not require the user to disclose personal data. The use of the services provided by the Administrator may require the user to provide personal data. In such a case, failure to provide personal data may reduce the possibilities or limit the use of the service completely.
4. If the user uses the services using mobile devices, the Administrator may acquire, in particular, the identification data of the mobile device, the Internet service provider and the subscriber. The data collected in this way will be processed anonymously and will only be used for statistical purposes or to ensure the correct use of the website by the user.

2.2    Scope of personal data stored

1. The personal data collected may include: name, surname, company name, function within the organisation, address, contact details such as - telephone number, e-mail address, fax number and instant messaging addresses such as Skype, GaduGadu or other, enabling contact.
2. Where appropriate, we also store your identity document number if required by law in connection with the issuing of documents relating to the execution of contracts.
3. The administrator collects information related to users' browsing of the website's content, such as: the number and source of visits to the website's pages, the time of the visit, the content viewed, the number and type of subpages opened, the references used, the IP address of the computer. The administrator does not combine such information with the user's personal data and does not use it to identify the user, unless this is necessary for the proper provision of the service.
4. The controller does not store sensitive data.

III Data processing
3.1 Purposes of personal data processing
Personal data is processed for:

1. To carry out enquiries and orders placed directly with Polcar PPH and through Local Distributors, through all available communication channels and to pursue related claims on the basis of Article 6(1)(b) of the GDPR.
2. Direct marketing related to the business on the basis of Article 6(1)(a) of the GDPR, including (but not limited to) sending commercial information to the email address provided, making telephone calls to the number provided, presenting promotional offers as part of ongoing campaigns, through all sales channels carried out.
3. Satisfaction surveys with the Administrator and Local Distributors on the basis of Article 6(1)(f) of the GDPR. Surveys may take place electronically using surveys, forms or enquiries via email or telephone.

3.2 Scope of information use

1. The administrator shall use the information referred to in point 2.2 sub-point c exclusively for the purposes of market research and Internet traffic within the sites, for statistical purposes, in particular to assess interest in the content of the sites and to improve the content of the sites.
2. The Administrator uses cookies or similar files. These types of cookies allow the Administrator, in particular, to better adapt the website to the individual interests and preferences of the user. More information can be found on the website dedicated to cookies. (https://catalog.polcar.com/pages/cookies)

3.3 Profiling

1. The controller does not use profiling based on personal data.
2. The controller does not make automated decisions resulting from profiling based on personal data.

3.4 Processing period for personal data

1. The duration of the processing of personal data depends on the withdrawal of the consents given.
2. It is possible to extend the processing of personal data until the fulfilment of the legitimate interests of the Controller, including the performance of contracts or the safeguarding of possible claims. This does not imply that personal data may be processed for purposes other than those mentioned.

IV Data recipients
4.1 The Administrator declares that he does not sell or make available the collected personal data to entities not related to the execution of the contracts.

4.2 The Administrator may entrust the processing of data to a Local Distributor for the purpose of fulfilling an enquiry or order.

4.3 The entrustment of personal data is based on an entrustment agreement ensuring the protection of personal data in accordance with the applicable legislation.

4.4 Personal data may be disclosed to entities cooperating in connection with the exercise and performance of contractual rights including, but not limited to, service providers:

•    accounting
•    debt collection
•    IT
•    marketing
•    courier and postal services
•    legal
•    administrative facilities

4.5 The Administrator does not transfer personal data outside the European Union, except when required by a specific request from the customer related to the fulfilment of an order and except for processing in the territory of the USA by: CloudFlare - as a proxy server to protect the service from attacks by criminals.

Due to the use of CloudFlare, which uses servers located outside the European Union, there may be a transfer of personal data (IP address as metadata) to a third country - the USA. However, this data is adequately secured. CloudFlare, guarantees an adequate level of protection and security of personal data in line with the GDPR and its services are used by many EU entities.   More information can be found at: https://www.cloudflare.com/gdpr/introduction/.

4.6 The Administrator reserves the right to disclose your information to the competent authorities or to third parties who request such information, on the appropriate legal basis and in accordance with the provisions of the applicable law.

V Rights in relation to the processing of personal data
5.1 The person whose personal data is processed is entitled to:

•    the right to withdraw consent to the processing of personal data
•    the right to object to the processing of data for marketing purposes
•    right of access to data
•    the right to request the rectification of personal data
•    the right to request erasure of personal data
•    the right to request the restriction of the processing of personal data
•    right to the portability of personal data

5.2 The data subject has the right to lodge a complaint with the supervisory authority in charge of personal data protection, i.e. the President of the Office for Personal Data Protection.

5.3 The Controller may refuse to delete personal data if there are legal grounds for doing so.

5.4 Contact relating to data protection at Polcar PPH:

•    by telephone: + 48 22 4922491
•    by e-mail todane-osobowe@polcar.com
•    by letter to the company's address, marked "Personal data".

VI Final provisions
6.1 This policy is available at the Administrator's office and at www.polcar.com.

6.2 The Administrator reserves the right to amend the Privacy Policy. Each user using the Administrator's services is bound by the current version of the Privacy Policy.

6.3 The binding version of this Polcar PPH Privacy Policy is the Polish version.