As part of our website, we use cookies to provide you with services at the highest level, including in a manner tailored to your individual needs. You can change your cookie settings at any time and disable profiling. By using the website, you consent to the use of cookies in accordance with the current browser settings. More information on Cookies can be found in our Privacy Policy.

Privacy policy Acceptdone
Loading...

Privacy policy

Privacy policy for clients of the B2B platform

 

I.                   Data of the Personal Data Administrator

 

1.      We kindly inform you that the administrator of your personal data is the company: best Automax Polska Sp. z o.o, ul. Gromadzka 101, 30 - 719 Kraków, entered into the Register of Entrepreneurs kept by the District Court for Kraków - Śródmieście, 11th Commercial Division of the National Court Register under KRS number: 0000267930, NIP: 679-291-59-87, hereinafter referred to as the "Company". Contact with the Company regarding the protection of personal data is possible at the following e-mail address: rodo@automaxpolska.pl

 

II.                Purposes and grounds for processing personal data

In order to provide services in line with the business profile, the Company processes personal data - for various purposes, but always in accordance with the law. Below you will find the detailed purposes of personal data processing along with the legal basis.

 

In order to register in the online store (on the website, - online sales system), we process personal data such as:

·         first name and last name ,

·         e-mail adress,

·         phone number

 

The legal basis for such data processing is Art. 6 sec. 1 lit. a GDPR and art. 6 sec. 1 lit. b GDPR, which allows the processing of personal data on the basis of a voluntarily granted consent, if they are necessary to perform the contract or take steps to conclude a contract;

 

In order to send e-mail notifications about messages in the customer panel, we process personal data such as:

·         e-mail adress;

·         first name and last name;

·         order number;

·         company address;

·         number nip

The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator implements its legitimate interest (in this case, the interest of the Company is to inform the customer about activities related to the implementation of the order in order to increase the comfort of using the store);

 

In order to contact us by phone in matters related to the execution of the order, we process personal data such as:

·         phone number,

·         order number

·         first name and last name

- if you are interested in a form of telephone contact. The legal basis for such data processing is Art. 6 sec. 1 lit. a GDPR, which allows the processing of personal data on the basis of a voluntarily granted consent;

 

In order to issue an invoice and fulfill other obligations resulting from tax law, such as storing accounting documentation for 5 years, we process personal data such as:

·         first name and last name;

·         business;

·         home address or registered office address;

·         number nip;

·         order number;

·         phone number

 

The legal basis for such data processing is Art. 6 sec. 1 lit. c GDPR, which allows the processing of personal data, if such processing is necessary for the Personal Data Administrator to fulfill its obligations under the law;

 

In order to store unpaid (credited) orders, we process personal data such as:

·         first name and last name;

·         e-mail adress;

·         order number;

·         HQ adress;

·         number nip

 The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator implements its legitimate interest (in this case, the interest of the Company is to enable payment for the goods and performance of the contract)

 

In order to create registers and records related to the GDPR, including, for example, the register of customers who objected in accordance with the GDPR, we process personal data such as:

·         e-mail adress,

because, firstly, the provisions of the GDPR impose certain documentation obligations on us to demonstrate compliance and accountability, secondly, if you object, for example, to the processing of your personal data for marketing purposes, we need to know who not to use direct marketing, because he does not wish it.

The legal basis for such data processing is, firstly, Art. 6 sec. 1 lit. c GDPR, which allows the processing of personal data, if such processing is necessary for the Personal Data Administrator to fulfill its obligations under the law; second, Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator implements its legitimate interest (in this case, the interest of the Company is to have knowledge about people who exercise their rights under the GDPR);

 

In order to establish, investigate or defend against claims, we process personal data such as:

·         name and surname or company name, if applicable;

·         address;

·         PESEL number or NIP number;

·         e-mail adress;

·         IP;

·         order number;

The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator implements its legitimate interest (in this case, the interest of the Company is to have personal data that will allow to establish, pursue or defend against claims, including customers and third parties);

 

For archival and evidence purposes, we process personal data such as:

·         first name and last name;

·         e-mail adress;

·         order number

- for the purposes of securing information that may be used to demonstrate facts of legal significance. The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator implements its legitimate interest (in this case, the interest of the Company is to have personal data that will prove certain facts related to the execution of orders, e.g. when a state authority requests it) ;

 

For analytical purposes, i.e. research and analysis of activity on the website belonging to the Company, we process personal data such as:

·         the date and time of visiting the website;

·         type of operating system;

·         approximate location;

·         type of web browser used to view the website;

·         time spent on the site;

·         visited subpages.

The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator carries out its legitimate interest (in this case, the interest of the Company is to know the activity of customers on the website);

 

In order to use cookies on the website, we process such text information (cookies will be described in a separate section). The legal basis for such processing is Art. 6 sec. 1 lit. a GDPR, which allows the processing of personal data on the basis of a voluntarily granted consent (the first time you enter the website, a request for consent to the use of cookies appears);

 

In order to administer the website, we process personal data such as:

·         adres IP;

·         server date and time;

·         information about the web browser;

·         information about the operating system

- these data are saved automatically in the so-called server logs each time you use the website belonging to the Company. It would not be possible to administer the website without the use of a server and without this automatic saving. The legal basis for such data processing is Art. 6 sec. 1 lit. f GDPR, which allows the processing of personal data, if in this way the Personal Data Administrator carries out its legitimate interest (in this case, the interest of the Company is to administer the website);

 

III.    Cookies

1.      The company on its website, like other entities, uses the so-called cookies, i.e. short text information saved on a computer, phone, tablet or other user's device. They can be read by our system, as well as by systems belonging to other entities whose services we use (e.g. Facebook, Google).

2.      Cookies perform many functions on the website, most often useful, which we will try to describe below:

  • ensuring security - cookies are used to authenticate users and prevent unauthorized use of the customer panel. Therefore, they are used to protect the user's personal data against unauthorized access;

  • impact on the processes and efficiency of using the website - cookies are used to ensure that the website works efficiently and that you can use the functions available on it, which is possible, among other things, by remembering the settings between subsequent visits to the website. Thanks to them, you can efficiently navigate the website and individual subpages;

  • session status - cookies often contain information on how visitors use the website, e.g. which subpages are displayed most often. They also make it possible to identify errors displayed on some subpages. Cookies used to save the so-called "Session state" therefore help to improve services and increase the browsing experience;

  • maintaining the session status - if the client logs in to his panel, cookies enable the session to be maintained. This means that after switching to another subpage, you do not have to re-enter your login and password each time, which contributes to the comfort of using the website;

  • creating statistics - cookies are used to analyze how users use the website (how many people open the website, how long they stay on it, which content is of greatest interest, etc.). Thanks to this, it is possible to constantly improve the website and adapt its operation to the preferences of users. In order to track activity and create statistics, we use Google tools, such as Google Analytics; in addition to reporting website usage statistics, pixel Google Analytics may also be used, together with some of the cookies described above, to help display more relevant content to the user in Google services (e.g. in the Google search engine) and throughout the web;

3.      By default, your web browser allows the use of cookies on your device, so during the first visit, please consent to the use of cookies. However, if you do not wish to use cookies when browsing the website, you can change the settings in your web browser - completely block the automatic handling of cookies or request notification each time cookies are placed on the device. The settings can be changed at any time.

4.      While respecting the autonomy of all people using the website, we feel obliged to inform you that disabling or limiting the use of cookies may cause quite serious difficulties in using the website, e.g. in the form of having to log in to each subpage, longer loading period. , restrictions on the use of functionalities.

IV.             The right to withdraw consent

1.      If the processing of personal data is based on consent, you can withdraw this consent at any time - at your discretion.

2.      If you would like to withdraw your consent to the processing of personal data, it is enough to do this:

  • send an e-mail directly to the Company to the e-mail address: rodo@automaxpolska.pl

3.      If the processing of your personal data was based on consent, its withdrawal does not make the processing of personal data up to that point illegal. In other words, until the consent is withdrawn, we have the right to process personal data and its revocation does not affect the lawfulness of the current processing.

 

V.                The requirement to provide personal data

1.      Providing any personal data is voluntary and depends on your decision.

2.      To place an order in the store, it is necessary to provide an e-mail address and company data - without this, we are not able to conclude and perform the contract.

3.      In order to be able to receive an invoice for an order, it is necessary to provide all the data required by tax law, i.e. company name, registered office address, tax identification number - without this we are not able to properly issue an invoice.

4.      In order to be able to contact you by phone in matters related to the implementation of the order, it is necessary to provide a telephone number - without this, we are not able to establish telephone contact.

 

VI.             Automated decision making and profiling

We would like to kindly inform you that we do not make automated decision-making, including based on profiling. The proposed price of the goods is in no way the result of an assessment made by any IT system.

 

VII.          Recipients of personal data

1.      Like most entrepreneurs, we use the help of other entities in our activities, which often involves the necessity to provide personal data. In connection with the above, if necessary, we transfer your personal data to companies cooperating with us that support quick payments, an accounting company, and a hosting company.

2.      In addition, it may happen that, for example, on the basis of an appropriate legal provision or a decision of a competent authority, we will also have to transfer your personal data to other entities, whether public or private. Therefore, it is extremely difficult for us to predict who may request the disclosure of personal data. Nevertheless, we ensure that we analyze each case of a request for disclosure of personal data very carefully and very carefully, so as not to accidentally provide information to an unauthorized person.

 

VIII.       Transferring personal data to third countries

1.      Like most entrepreneurs, we use various popular services and technologies offered by entities such as Facebook, Microsoft, and Google. These companies are based outside the European Union, and therefore in the light of the provisions of the GDPR, they are treated as third countries.

2.      The GDPR introduces certain limitations in the transfer of personal data to third countries, because since, as a rule, European regulations do not apply there, the protection of personal data of European Union citizens may unfortunately be insufficient. Therefore, each data controller is required to establish the legal basis for such transfer.

3.      For our part, we assure you that when using the services and technologies, we transfer personal data only to entities from the United States and only to those that have joined the Privacy Shield program, based on the implementing decision of the European Commission of July 12, 2016 - more on this subject can be found read on the website of the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en. Entities that have joined the Privacy Shield program guarantee that they will comply with the high standards of personal data protection that are in force in the European Union, therefore the use of their services and technologies in the process of personal data processing is legal.

4.      At any time, we will provide you with additional explanations regarding the transfer of personal data, in particular when this issue raises your concern.

5.      You have the right to obtain a copy of the personal data transferred to a third country at any time.

 

IX.             The period of personal data processing

1.      In accordance with applicable law, we do not process your personal data "indefinitely", but for the time needed to achieve the set goal. After this period, your personal data will be irretrievably deleted or destroyed.

2.      Regarding individual periods of personal data processing, we kindly inform you that we process personal data for the period of:

·         the duration of the contract - in relation to personal data processed in order to conclude and perform the contract;

·         3 years - in relation to personal data processed for the purpose of establishing, investigating or defending claims (the length of the period depends on whether both parties are entrepreneurs or not);

·         5 years - in relation to personal data related to the fulfillment of obligations under tax law;

·         until the consent is withdrawn or the purpose of processing is achieved, but not longer than for 5 years - in relation to personal data processed on the basis of consent;

·         until the objection is effectively raised or the purpose of processing is achieved, but not longer than for 5 years - in relation to personal data processed on the basis of the legitimate interest of the Personal Data Administrator or for marketing purposes;

·         until they become obsolete or lose their usefulness, but no longer than for 3 years - in relation to personal data processed mainly for analytical purposes, the use of cookies and website administration.

3.      We count the periods in years from the end of the year in which we started processing personal data in order to improve the process of deleting or destroying personal data. Separate counting of the deadline for each concluded contract would entail significant organizational and technical difficulties, as well as a significant financial outlay, therefore setting a single date for the deletion or destruction of personal data allows us to manage this process more efficiently. Of course, if you exercise your right to be forgotten, such situations are considered individually.

4.      An additional year related to the processing of personal data collected for the performance of the contract is dictated by the fact that you can hypothetically submit a claim a moment before the expiry of the limitation period, the request may be delivered with a significant delay or you may incorrectly specify the limitation period for your claim.

 

X.                Data subject rights

1.      We kindly inform you that you have the right to:

·         access to your personal data;

·         rectification of personal data;

·         deletion of personal data;

·         restrictions on the processing of personal data;

·         object to the processing of personal data;

·         transferring personal data.

2.      We respect your rights under the provisions on the protection of personal data and we try to facilitate their implementation as much as possible.

3.      We point out that the above-mentioned rights are not absolute, and therefore we may legally refuse you to comply with them in certain situations. However, if we refuse to accept the request, it is only after careful analysis and only if the refusal to accept the request is necessary.

4.      Regarding the right to object, we explain that you have the right to object to the processing of your personal data at any time on the basis of the legitimate interest of the Personal Data Administrator (they are listed in point III) in connection with your particular situation. However, you must remember that, in accordance with the provisions, we may refuse to take into account the objection if we prove that:

·         there are legitimate grounds for processing that override your interests, rights and freedoms, or

·         there are grounds for establishing, investigating or defending claims.

5.      In addition, you can object to the processing of your personal data for marketing purposes at any time. In such a situation, after receiving the objection, we will stop processing for this purpose.

1.      You can exercise your rights by:

·         sending an e-mail directly to the Company to the e-mail address: rodo@automaxpolska.pl

 

XI.                  Right to lodge a complaint

If you believe that the personal data provided is processed contrary to the applicable law, you may lodge a complaint with the President of the Personal Data Protection Office.

 

XII.          Final Provisions

1.      In matters not covered by this Privacy Policy, the provisions on the protection of personal data shall apply.

2.      This Privacy Policy applies from May 25, 2018.