PRIVACY POLICY
P.H. HAMAR Sp.j. B. i H. Grzesiak, with its registered office in Gdynia
This document is intended to inform all users of the P.H. website. HAMAR Sp.j. B. i H. Grzesiak, with its registered office in Gdynia, hereinafter referred to as the "Website", about the principles of operation of the Website and the principles of processing users' personal data, which data is processed in a manner consistent with Regulation (EU) 2016/679 EU of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as the "GDPR").
1. Definitions
The Controller of your personal data within the meaning of the GDPR is P.H. HAMAR Sp.j. B. i H. Grzesiak, with its registered office in Gdynia (81-061) at ul. Hutnicza 7, hereinafter referred to as the "Controller." As regards matters related to data protection and the operation of the website, the Controller can also be contacted via email address: Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!
2. Purposes and grounds for processing personal data
Your personal data is processed by the Controller pursuant to:
1) Article 6(1)(b) of the GDPR, i.e. for the purpose of performing the contract (servicing the order) or taking steps prior to its execution consisting in:
a) preparation and presentation of the range
b) execution of the contract
c) consideration of your CV in the case of recruitment for a vacant post
2) Article 6(1)(a) of the GDPR, i.e. consent for the purpose of marketing the Controller and, in terms of the data provided in the CV, against data beyond that which the potential employer may collect according to legal provisions, and for future recruitment;
3) Article 6(1)(c) of the GDPR, i.e. in order to comply with a legal obligation incumbent on the Controller such as the fulfilment of tax, accounting or HR obligations;
4) Article 6(1)(f) of the GDPR, i.e. the Controller's legitimate interest for:
a) marketing of the Controller's own products and services, including for analytical purposes, where the Controller's legitimate interest is to conduct direct marketing of its own products and services. The purpose of data processing is to prepare the P.H. product range. HAMAR Sp.j. B. i H. Grzesiak, based in Gdynia, taking into account preferences of the website users,
b) use of the contact forms provided by the Controller on the website, where the Controller's legitimate interest is to take care of the website users and to answer their questions,
c) assertion or defence of claims related to the Controller's business, including the handling of complaints and declarations of withdrawal,
d) social media handling, including comment handling, audience creation,
e) handling of correspondence,
f) ensuring that YouTube and social network plug-ins work.
3. Type of data processed by the Controller
Depending on the purpose of personal data processing, the Controller may process data such as:
1. Data collected from the contact form and e-mails
a) Company,
b) NIP [tax identification number],
c) REGON [national business registry number],
d) Full name,
e) Address,
f) Telephone,
g) e-mail address,
h) other data provided in the contact form and e-mails,
i) bank account number,
j) details of the order.
2. Data collected from potential job applicants:
a) full name,
b) date of birth,
c) contact details indicated by the job applicant,
d) education,
e) professional qualifications,
f) previous employment history,
g) other data voluntarily provided by the job applicant.
3. Data collected from the website visitors:
a) IP address,
b) Approximate location,
c) Website traffic.
4. Duration of personal data storage
a) Data related to orders placed will be stored for the duration of the order and thereafter until the expiry of the limitation period for contractual claims, including warranty and implied warranty claims. Accounting and bookkeeping records of orders placed will be kept for the time required by law.
b) The data of potential job applicants will be retained for a period of three (3) months after the end of the recruitment process. After this period, the data will be destroyed. Where an individual has consented to participate in future recruitments, data will be stored for a period of two (2) years from the date of submitting the CV. Afterwards, the data will be destroyed.
c) Your personal data in the form of your name processed from a comment you have added to company profiles maintained on social networks will be stored until deleted by the Controller or by the user of the website. You may modify or delete comments at any time.
d) Data collected in the course of correspondence will be stored until the expiry of the limitation period for claims against the Controller.
e) Where personal data is processed on the basis of your consent, the data will be stored until you withdraw it. At any time, it is possible to withdraw consents given on the website, including consent to the processing of data for marketing purposes of entities cooperating with the Controller. At the same time, we would like to inform you that revoking your consent to processing will not affect the lawfulness of processing prior to your withdrawal.
f) In the case of the processing of your data based on the legitimate interest of the Controller, the Controller will stop processing the data earlier if the data subject objects to the processing.
5. Recipients of personal data
Data may be transferred to entities processing it on behalf of the Controller under contracts executed with the Controller, only for the purpose and to the extent requisite for the aforementioned purposes, including but not limited to:
- entities providing IT or other services to the Controller to ensure the proper functioning of the website;
- the hosting provider on whose server the Controller stores data;
- an entity with which the Controller holds its e-mail account;
- an entity providing accounting, HR and payroll software to the Controller;
- an accounting firm processing the personal data of the firm's clients on behalf of the Controller.
Entities to which the Controller transfers data are to process it only on the Controller's instructions and in accordance with the Controller's guidelines. Personal data may be made available to entities entitled to obtain it under law, such as attorneys providing legal services to the Controller, tax authorities, the social security office, and other entities, authorities and institutions entitled to obtain it.
6. Sharing data outside the European Economic Area
The Controller transfers personal data only to entities whose operations are focused on the European Economic Area. Currently, the Controller does not transfer personal data to entities based outside the European Economic Area.
7. Rights in relation to personal data processing
In relation to the processing of your data by the Controller, to the extent and within the limits provided for in the GDPR, you are entitled to:
1. Access the content of your data – by exercising this right you have the possibility to obtain information on what data, how and for what purpose is processed;
2. Rectify your data – by exercising this right, you may notify the Controller of the need to correct inaccurate data or to complete data resulting from an error in data collection or processing;
3. Have your data erased – by exercising this right, you may request the erasure of your data. If the request is justified, the Controller will delete such data immediately. However, this right does not apply when your personal data is processed for purposes related to the fulfilment of the Controller's legal obligations or for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the Controller;
4. Have the processing of your data restricted – by exercising this right, you may request a restriction of processing if you question the accuracy of data processed. If the request is legitimate, the Controller may process such data with the exception of storage, only with the consent of the data subject, or for the establishment, exercise or defence of claims, or for the protection of the rights of another natural or legal person, or for important grounds of public interest of the Union or of a Member State. Further processing may take place once the grounds justifying the restriction of processing have ceased to exist;
5. Data portability – applies only in cases of data processing based on consent or on contract and by automated means. If you request that this data be sent to another data controller, this will be done, provided that this is technically possible;
6. Object to the processing of your data – by exercising this right, you may object at any time to the processing of your data where your personal data is processed based on a legitimate interest of the Controller, pursuant to Article 21 GDPR. Once a request to this effect has been accepted, the Controller is obliged to cease data processing for this purpose. In such a situation, once your request has been processed, the Controller will no longer be capable of processing personal data that is subject to the objection on this basis, unless the Controller can demonstrate that there are compelling legitimate grounds for processing which are deemed by law to override your interests, rights and freedoms or grounds for the establishment, assertion or defence of claims;
7. Withdraw your consent to the processing of your data (in the case of processing based on consent) – you have the right to withdraw your consent at any time, without affecting the lawfulness of the previous processing, i.e. that carried out before the withdrawal of consent;
8. Lodge a complaint with the President of the Personal Data Protection Authority if found that the Controller is processing data unlawfully.
If you wish to exercise your rights, send an e-mail to the Controller at: Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!, or by post to: ul. Hutnicza 7, 81-061 Gdynia.
8. Information on data requirements/voluntariness
The provision of personal data to the extent indicated by law (in particular labour, accounting and tax law) is a statutory requirement. Otherwise, the provision of data is voluntary, but necessary for the purpose of data processing (e.g. for the preparation and presentation of our range to you or the execution of a contract with you.
9. Principles for using cookies on the website
The Controller uses cookies at its website. Cookies are small files saved and stored on the computer or other device (phone, tablet) of a website user during the time the user visits various websites on the web, including the Controller's website.
Cookies can be read by the Controller's system (Controller's own cookies) or third party systems (third party cookies). Cookies may record and store specific information, which can then be accessed by ICT systems for specific purposes.
Identification data is retransmitted to the server each time the browser sends a request to open a page located on the server. Cookies can be "persistent" or "session" cookies. Persistent ones will be stored by your browser and will remain valid until the set expiry date, unless you delete them before the expiry date. The session cookie expires at the end of the user session when the web browser is closed.
Cookies do not normally contain any information that identifies you; however, the personal information that the Controller stores about you may be linked to information stored in and derived from cookies.
The Controller uses cookies only based on the user's consent, except when cookies are necessary for the proper provision of an electronic service on behalf of the user. Cookies that are not necessary for the proper provision of the electronic service remain blocked until you have given your consent to using the cookies. When you visit the Controller's website for the first time, a message will be displayed asking you to consent to the Controller's ability to use cookies.
Disabling cookies may prevent you from using certain functions available on the website and may cause difficulties in using the website.
You may also decide on the cookie settings in your internet browser. You may block all or selected cookies or block cookies of specific sites. You may also delete previously saved cookies and other website and plug-in data at any time.
It is also possible to use a private mode in a specific browser called incognito or in private mode in some browsers. This mode may be used if the user does not want information about pages visited and files downloaded to be saved in the browsing and download history. Cookies created in private mode are deleted when all windows of this mode are closed.
The website uses two main types of cookies:
- Temporary – stored on your terminal equipment until you leave the website or switch off your software (web browser).
- Permanent – not deleted when the browser is closed, stored on the user's terminal equipment for the time specified in the parameters of the cookies or until manually deleted by the user.
The following types of cookies are also used at the website:
- Necessary – to enable the use of services available on the website, e.g. authentication cookies used for services requiring authentication on the website.
- Functional – to "remember" your chosen settings and personalise your user interface, e.g. as regards your chosen language or region.
- Performance – to enable the collection of information about how the website pages are used.
- Advertising – to enable us to provide users with advertising content more tailored to their interests.
- Cookies for security purposes, e.g. used to detect the misuse of authentication on the website.
The following third-party cookies operate at the website:
- YouTube – YouTube widgets are embedded on the Controller's pages allowing the playback of videos available on YouTube directly from the Controller's pages.
The videos are embedded on the website in a privacy-protected mode based on information provided by YouTube, which means that no cookies are stored on the user's device and therefore Google does not collect any information about the user until the video is played.
When a user plays a video, YouTube saves cookies on the device and receives information that the video has been played from a specific website, even if the website user does not have a Google account or is not currently logged in. If the user has logged into a Google account, this service provider will be able to directly attribute the visit to the Controller's website. The purpose and scope of data collection, as well as their further processing and use by Google, are described in Google's privacy policy.
- Social plug-ins – the Controller's website uses plug-ins, buttons and other social media tools, collectively referred to as "plug-ins," provided by social networks such as Instagram.
When displaying a website containing a plug-in for a particular social network, the user's browser sends information to the Controller of that social network about the visit.
The Controller's website displays content from third parties such as YouTube, Google. In order to view third-party content, the user must first accept their specific terms and conditions. Part of these terms and conditions is a cookie policy over which the Controller has no control. If the user does not view this type of content, no third-party cookies will be installed on their device.
External entities on the Controller's website are:
- YouTube
- Google Maps
- Google
Services provided by third parties are beyond the Controller's influence. These entities may change their terms of service, purpose and use of cookies at any time.
10. Changes to the Privacy Policy
In order to ensure that the website's privacy policy meets the current requirements imposed by law at all times, we reserve the right to amend it at any time. The above also applies to cases where the Privacy Policy needs to be amended to cover new or changed products or services offered on the website.
