PRIVACY POLICY

Our goal is to provide you with a sense of security on our Website, which is why your privacy and protection of personal data are very important to us. We ensure that your data will be processed in a transparent and fair manner and that we will do our best to ensure that it is treated with care and responsibility.

1. Controller’s data

The administrator of your personal data within the meaning of the GDPR is Zakłady Przemysłu Cukierniczego “Otmuchów” S.A. with its registered office in Otmuchów, 21 Nyska Street, 48-385 Otmuchów, registered in the register of entrepreneurs of the National Court Register under the KRS number: 0000028079, whose documentation is stored in the District Court in Opole, VIII Commercial Division of the National Court Register, NIP: 753-001-25-46, REGON: 531258977.

In all matters related to the processing of personal data, please contact the Administrator directly by writing to the following address: sekretariat@zpcotmuchow.pl or by calling 774417200.

2. Definitions

Personal data – all information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including the IP of the device, location data, online identifier and information collected through cookies and other similar technology.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

User – any natural person visiting the Website

Website – a website operating on the Internet under the domain www.cosby.pl together with a set of all services available on the Website, enabling Users to use the offered functionalities of the Website;

EEA – European Economic Area comprising the member states of the European Union plus Iceland, Norway and Liechtenstein. The GDPR applies to the latter under the EEA Agreement;

Third country – any country that is not a member state of the EEA;

3. General Information

1. The Website may be used by Users with access to the Internet.

2. The Website collects Users’ Personal Data, which are collected in IT systems when the User views (visits) the Website – these are only ordinary system logs and information sent by the browser introducing itself, i.e. data on a given visit of the User to the Website (IP address, domain name, browser type, operating system type, etc.).

3. The Website collects only the Personal Data that is necessary and adequate for the purposes for which it will be processed. The use of the Website does not require the User to provide the Administrator with their personal data, i.e. data allowing to determine their identity (including e.g. name and surname, date of birth, telephone number). However, as part of the use of this website, the User may be asked to provide the Administrator with their personal data for the purposes of specific activities, e.g. a contact form to contact a consultant. Providing this personal data (e.g. e-mail address) is voluntary, but at the same time necessary to achieve the purpose for which it was provided. By providing said data, the User consents to the use and disclosure of his/her personal data for the purposes indicated.

4. Data in statistics systems (e.g. Google Analytics) are collected anonymously.

5. For technical reasons, some areas of the Website may use cookies.

Cookies are files or pieces of information that may be stored on your computer when you visit this website. Cookies help analyse website visitors and notify website operators when they are visited. Cookies allow websites to automatically recognize you. The website application can adapt its reactions to the user’s needs and preferences by collecting and remembering information about the choices made by the user. The Administrator does not use cookies to collect information that allows to determine the identity of the User. The Administrator may use cookies to recognize Users and to collect general statistical information on the way they use this website. The owner does not use cookies to collect personal data, such as: name, surname or email address.

You can delete cookies – these cookies are stored on your hard drive or in your web browser. In order to limit or block cookies placed by the Administrator or any other website, or to receive notifications about placed cookies or to completely resign from accepting them, you should make the appropriate settings of your browser. To find out how to do this, please use the “Help” function in the search engine. Please also note that refusing to accept cookies may prevent you from taking advantage of certain opportunities offered by this website.

4. Purposes, legal bases and period of data processing

The Personal Data Administrator may process Personal Data for the following purposes:

a) in order to communicate, identify and respond to the User’s inquiry via the Website

The legal basis for the processing of Personal Data for the above purpose is the User’s consent, i.e. Article 6(1)(a) of the GDPR. The User’s personal data will be processed for the period necessary to answer the question or until the consent to the processing of personal data is withdrawn.

b) to handle complaints

The legal basis for the processing of Personal Data is the fulfilment of a legal obligation, i.e. Article 6(1)(c) of the GDPR and the legitimate interest of the Personal Data Controller, i.e. Article 6(1)(f) of the GDPR, consisting in the pursuit by the Personal Data Controller of possible claims, as well as defence against such claims. Personal data will be processed for the period necessary to consider the complaint, the period of limitation of claims from the complaint and the period necessary to defend against the claims of the complainant.

c) in order to take steps to conclude a contract/establish cooperation and/or to perform a contract/cooperation

The legal basis for the processing of personal data is Article 6(1)(b) of the GDPR

In connection with the actions taken to conclude the contract or its implementation, the Administrator contacts the employees/associates of customers and contractors for a legitimate purpose. In addition, the data controller may obtain from the contractor the basic data of its employee/co-worker (name and surname, place of employment or cooperation, telephone number and, in certain situations, the number of a document with a photo) in connection with the performance of the contract to which the data relates from the entity for which the person is employed or cooperates. The data will be processed for the duration of the contract, and after the end of its validity until the expiry of the deadlines for claims arising from it.

d) in order to adapt the content of the Website to the User’s preferences, communicate with the User, optimise the use of the Website, for the purposes of creating statistics, presenting personalised content on the Website tailored to the User’s preferences and interests, personalising and presenting advertisements displayed on other websites, applications, websites, conducting surveys and detecting bots and abuses in the services of analysing the activities of marketing tools and ensuring security use of the Website.

The processing of the User’s Personal Data for the above purposes is necessary for the purposes resulting from the legitimate interests of the Personal Data Administrator, i.e. to ensure the proper functioning of the Website and to conduct promotional and marketing activities, including taking into account the characteristics of recipients in the activities carried out, as well as to protect the Website against attempts of unlawful interference with the Website, e.g. attempts to hack into the Website by unauthorized persons – i.e.  Article 6(1)(f) of the GDPR. Personal data processed with the use of cookies will be processed after the User has given their consent. Personal data will be processed until the data subject objects – for reasons related to his or her particular situation – to the processing of personal data concerning him/her, also for marketing purposes.

5. Transfer of personal data

The Controller does not transfer the collected Personal Data to third parties, with the exception of entities processing Personal Data at the request of the Controller and if such transfer is necessary due to legal regulations. In the case described in the preceding sentence, the scope of the data made available is limited to the data necessary for the purpose of sharing. Some of the entities we work with are based outside the EEA. In connection with the transfer of Personal Data outside the EEA, we verify that these entities guarantee a high level of Personal Data protection.

6. Your rights

As a person whose data will be processed, you have the right to:

1) access their personal data and obtain the information referred to in Article 15(1) and (2) of the GDPR, including obtaining a copy of the personal data subject to processing on the basis and principles set out in Article 15 of the GDPR;

2) request rectification or supplementation of their personal data on the basis and in the cases specified in Article 16 of the GDPR);

3) request the deletion of their personal data on the basis and principles set out in Article 17 of the GDPR;

4) request restriction of the processing of their personal data on the basis and principles set out in Article 18 of the GDPR;

5) request information about the recipients to whom the personal data has been disclosed, and which have subsequently been rectified, deleted or their processing has been restricted, on the basis and principles set out in Article 19 of the GDPR;

6) object to the processing of personal data, on the basis and principles set out in Article 21 of the GDPR, taking into account point IV of this clause;

7) to receive in a structured, commonly used and machine-readable format their personal data (which have previously been provided to the Controller) on the basis and principles set out in Article 20(1) of the GDPR;

8) to transfer personal data to another administrator on the basis and principles set out in Article 20 of the GDPR (the so-called right to transfer personal data).

9) withdraw consent to the processing of personal data, on the basis and principles set out in Article 7 of the GDPR.

7. Right to lodge a complaint

You have the right to lodge a complaint with the supervisory authority dealing with the protection of personal data. Currently, this authority is the President of the Office for Personal Data Protection – 2 Stawki Street, 00-193 Warsaw. 7. Changes to the Privacy Policy In order to ensure that the Privacy Policy meets the current requirements imposed by law at all times, we reserve the right to make changes to it at any time. The above also applies in cases where the Privacy Policy requires changes to cover new or changed products or services of the Website.