For inquiries regarding the protection of your personal data, you can contact us via email at email@example.com or in writing at the address of our registered office.
§1 Basic Definitions
- a) Administrator – Solar Energia Wankowicz Glezer Spółka Jawna
- b) Personal Data – The information about an identified or identifiable natural person (the person to whom the data relates) is referred to as “personal data.” An identifiable natural person is someone who can be directly or indirectly identified, especially by an identifier such as a name, identification number, location data, online identifier, or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
- c) Processing – The term “przetwarzanie” translates to “processing” in English. The definition of processing in the context of personal data includes operations or a set of operations performed on personal data or sets of personal data, whether by automated or non-automated means. These operations include collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing through transmission, disseminating, or making other forms of data available, aligning or combining, restricting, erasing, or destroying.
- d) Set of data – An organized set of personal data available according to specific criteria, whether this set is centralized, decentralized, or functionally or geographically distributed, is referred to as a “dataset.
- e) Data Processor – a data processor is an individual or legal entity, public authority, organization, or another entity that processes personal data on behalf of the data controller.
- f) Recipient – a recipient is a natural person or legal entity, public authority, organization, or another entity to whom personal data is disclosed, regardless of whether they are a third party. Public authorities that may receive personal data in the context of a specific proceeding in accordance with Union law or the law of a Member State are not considered recipients.
- g) Third party – osobę fizyczną lub prawną, organ publiczny, jednostkę lub podmiot inny niż: osoba, której dane dotyczą, administrator, podmiot przetwarzający czy osoby, której upoważnienia administratora lub podmiotu przetwarzającego mogą przetwarzać dane osobowe.
- h) Consent of the data subject is a voluntary, specific, informed, and unambiguous expression of the data subject’s will, expressed in the form of a statement or a clear affirmative action, indicating agreement to the processing of their personal data.
- i) Personal Data Breach – is a security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data transmitted, stored, or otherwise processed.
- j) Information System – Interconnected devices, programs, software tools applied for data processing.
- k) Data Security – Securing data (especially personal data) against unauthorized processing. The goal of security is to prevent and avoid the loss of integrity, confidentiality, and availability of processed data.
§2 Scope of personal data protection
- The policy applies to the processing of all personal data, including, in particular, data processed in a traditional manner (in books, files, registers, indices, collections, etc.) as well as in information systems.
- Subject to protection:
- a) Subject to protection are personal data processed in information systems and personal data stored on digital data carriers,
- b) Subject to protection are personal data gathered in documents,
- c) Subject to protection are information regarding the security of personal data, including, in particular, access passwords to data systems,
- d) Subject to protection is the register of individuals authorized to process personal data,
- e) Subject to protection are computer hardware, as well as any media and devices containing personal data,
- f) Subject to protection are buildings and premises where personal data is processed,
- g) The data protection policy applies to both currently existing and planned, as well as future-implemented systems involving the processing of personal data.
- All individuals employed by the Administrator and collaborating with the Administrator are obligated to adhere to this policy, regardless of the nature of the legal relationship between the parties, if they have access to personal data.
§3 The duties of the data controller in the scope of confidentiality, integrity, and accountability in data processing.
- Taking into account the state of the art, the cost of implementation, as well as the nature, scope, context, and purposes of processing, and the risks of varying likelihood and severity for the rights and freedoms of natural persons, the data controller, both at the time of determining the means of processing and during the processing itself, implements appropriate technical and organizational measures to ensure the effective application of data protection principles, such as data minimization. This is done to provide the necessary safeguards for processing in order to meet the requirements of this regulation and protect the rights of the individuals whose data is being processed.
- The controller implements appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose of processing is processed. This obligation relates to the amount of collected personal data, the extent of their processing, the period of their storage, and their accessibility. In particular, these measures ensure that, by default, personal data are not made accessible without the intervention of the data subject to an indefinite number of individuals.
- The technical measures implemented by the Administrator include, in particular, the use of an up-to-date and valid SSL+ Certificate, as well as regular software updates on the website.
- The purpose of implementing Security Measures is to ensure accountability, integrity, and confidentiality.
- The Administrator categorizes Security Measures into: physical, organizational, and technological.
§4 Fundamental principles of personal data processing
- Personal data are:
- a) processed lawfully, fairly, and in a transparent manner in relation to the data subject,
- b) collected for specified, explicit, and legitimate purposes and not processed further in a manner incompatible with those purposes,
- c) adekwatne, stosowne oraz ograniczone do tego, co niezbędne do celów, dla których są przetwarzane,
- d) accurate and, if necessary, kept up to date; inaccurate data should be promptly erased or rectified,
- e) stored for no longer than is necessary for the purposes for which the data is processed; they may be stored for a longer period if processed solely for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes,
- f) processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using suitable technical or organizational measures, ensuring “integrity and confidentiality.”
- If processing is based on consent, the data subject expresses it in a statement made in written or electronic form.
- Consent is voluntary and cannot be made a condition for the performance of a contract, including the provision of a service, if the processing of personal data is not necessary for the performance of that contract.
- The data subject is informed about the possibility to withdraw their consent at any time.
§5 Purposes and Legal Bases of Processing
- We will process your personal data:
- a) for contact and audit purposes based on the provided consent (GDPR regulations),
- b) to provide the user with the requested commercial information and handle inquiries submitted through the contact form available on the website www.solar-energia.pl,
- c) to fulfill the accepted order in accordance with the art and its proper purpose as per the concluded agreement and the Civil Code;
- d) for archival (evidential) purposes as part of our legitimate interest in securing information in case of a legal need to demonstrate them,
- e) to potentially establish, investigate, or defend against claims as part of our legitimate interest, in accordance with the provisions of the GDPR.
§6 Data retention period
- We will store your personal data for the period:
- a) Your personal data resulting from the conclusion of the contract will be processed for a period during which claims from the contract may arise, but not longer than 6 years,
- b) Until the purpose for which they were collected is achieved,
- c) The data processed based on the provided consent may be processed until the consent is withdrawn or until they become outdated.
§7 Data recipient
- Your personal data may be disclosed to:
- a) institutions specified by law (law enforcement authorities),
- b) to our subcontractors (data processors), such as accounting, legal, IT, marketing, and debt collection firms, with whom we have signed Data Processing Agreements to ensure that the data is adequately protected.
§8 User rights
- Your rights under the GDPR:
- a) at any time, you have the right to request access to the processed personal data,
- b) correct inaccuracies in personal data,
- c) request the administrator to cease processing and delete personal data,
- d) request the limitation of the processing of personal data,
- e) exercise the right to data portability,
- f) withdraw consent for specific processing (if consent was given),
- g) object to the processing of personal data,
- h) At any time, you have the right to lodge a complaint with the relevant supervisory authority if personal data has been processed in violation of applicable data protection regulations.
§10 Final provisions
- The administrator processes personal data solely in accordance with the law, in a manner that does not violate the fundamental rights of the data subject. The processing of personal data in our company occurs only when at least one of the following legal bases is met:
- a) the data subject has given consent to the processing for one or more specific purposes,
- b) processing is necessary for the performance of a contract,
- c) processing is necessary for the fulfillment of a legal obligation or an international agreement,
- d) processing is necessary for purposes arising from the legitimate interests pursued by the data controller.
- We do not employ automated profiling.
- We use Google Analytics and tracking pixels (Facebook pixel, LinkedIn Insight Tag).
- We have implemented technical and organizational measures in our company to ensure the highest level of data protection. Our website has a valid and up-to-date SSL+ certificate, and the software on the website is regularly updated.