PRIVACY POLICY OF WEBSITE WWW.PAFANA.PL

1. Protection of the Users’ personal data is of paramount importance to the Owner of this website. The Owner makes enormous effort to ensure that the Users feel safe as they entrust their personal data while using this website.

2. A User is a natural person, a legal person or an unincorporated legal entity with statutory legal personality who/which uses electronic services available through the website.

3. This Privacy Policy explains the principles and scope of processing of the User’s personal data, the rights of the User and the obligations of the data controller, and provides information on the use of cookies.

4. The controller applies state-of-the-art technical measures and organisational solutions to ensure a high level of protection of processed personal data and prevent any unauthorised access.

I. CONTROLLER OF PERSONAL DATA

The controller of personal data is PFN PAFANA S.A., with its registered office at: ul. Warszawska 75 in Pabianice (95-200)
tel. 506 293 604, tel. +48 42 215 58 23, e-mail; pfn@pafana.pl

NIP No.731-14-31-510 (hereinafter referred to as the “Owner”).

The Data Protection Officer is the Security Administrator of PFN PAFANA S.A., e-mail: odo@pafana.pl

(hereinafter referred to as the “DPO”)

II. PURPOSE OF PERSONAL DATA PROCESSING

1. The controller processes the User’s personal data for the following purpose: Making the Contact Form available to visitors of www.pafana.pl who want to send enquiries to Departments of PFN PAFANA S.A. listed in the Form. Building of an electronic mailing database with a view to sending out information on new products of PFN PAFANA S.A.
2. That means that these data are needed in particular for registration on the website.
3. The User may also give consent to receiving information about new releases and promotions, as a result of which the controller will also process personal data for the purpose of sending to the User commercial information relating to e.g. new products or services, promotions or sales.
4. Personal data are also processed in fulfilment of legal obligations of the data controller and in performance of public interest tasks e.g. tasks connected with security and defence or storage of tax documentation.
5. Personal data may also be processed for the purposes of direct marketing of products, establishment and exercise of legal claims or defence of legal claims of the User or third parties as well as marketing of third party services and products or own marketing which is not direct marketing.

III. TYPE OF DATA

1. The controller processes the following personal data the provision of which is necessary for:
filling in the contact form with a view to sending an enquiry to the selected Department of the company:

• name and surname;
• e-mail address;
• company name;

IV. LEGAL BASIS OF PERSONAL DATA PROCESSING

1. Personal data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1–88, hereinafter referred to as the “GDPR”.
2. The controller processes personal data only with prior consent of the User, given upon registration on the website.
3. Consent to personal data processing is completely voluntary, but without consent registration on the website is not possible.

V. PRAWA PRZYSŁUGUJĄCE UŻYTKOWNIKOWI

1. At any time, the User may request from the controller information on personal data processing.
2. The User may request at any time that his or her personal data be corrected or rectified. The User may also do this on his or her own, after logging in his or her account.
3. At any time, the User may withdraw his or her consent to personal data processing without giving any reason. A request that data not be processed may relate to a specific purpose of processing indicated by the User, e.g. withdrawal of consent to receiving commercial information, or to all purposes of data processing. Withdrawal of consent in relation to all purposes of processing will result in the User’s account being deleted from the website, together with all personal data of the User previously processed by the controller. Withdrawal of consent will not affect any already completed activities.
4. At any time, the User may request, without giving any reason, that the controller erase his or her data. A request to erase data will not affect any already completed activities. Erasure of data means concurrent deletion of the User’s account, together with any saved personal data previously processed by the controller.
5. At any time, the User may object to personal data processing, either within the scope of all personal data of the User processed by the Controller or within a limited scope, e.g. data processing for a specific purpose. An objection will not affect any already completed activities. An objection will result in deletion of the User’s account, together with any saved personal data previously processed by the controller.
6. The User may request restriction of personal data processing, whether for a limited period of time or without such limitation, but within a specified scope, and the controller will be obliged to comply with such request. Such request will not affect any already completed activities.
7. The User may request that the controller transmit the User’s personal data to another entity. To this end, he or she should submit a request to the controller, indicating the entity (name, address) to which the User’s personal data are to be transmitted and specific data that the User wishes to be transmitted by the controller. After confirmation of the request by the User, the controller will transmit, in electronic form, the User’s personal data to the indicated entity. Confirmation of the request by the User is necessary for the purpose of ensuring safety of the User’s personal data and obtaining assurance that the request originates from an entitled person.
8. The controller informs the User about any steps taken, within one month from receipt of any of the requests referred to in preceding subsections.

VI. PERIOD OF STORAGE OF PERSONAL DATA

1. Generally, personal data are stored as long as it is necessary for fulfilment of contractual or statutory obligations being the reason why they were collected. Such data will be erased immediately when storage is no longer necessary for evidentiary purposes, in accordance with civil law or in connection with the statutory obligation to store data.
2. Information relating to a contract is stored for evidentiary purposes for a period of three years from the end of the year in which commercial relations with the User were terminated. Data will be erased after expiration of the statutory limitation period for exercise of contractual claims.
3. Furthermore, the controller may keep archive information relating to effected transactions because storage of such information is connected with the User’s claims e.g. commercial warranty claims.
4. If no contract was entered into between the User and the Owner, the User’s personal data are stored until the User’s account on the website is deleted. The account may be deleted as a result of the User’s request, withdrawal of consent to personal data processing or submission of an objection to processing of such data.

VII. ENTRUSTMENT OF PERSONAL DATA PROCESSING

1. The controller may entrust personal data processing to the controller’s collaborators, within a scope necessary for a transaction, e.g. for the purpose of preparation of ordered goods and delivery of shipments or provision of commercial information originating from the controller (the latter applies to the Users who gave their consent to receiving commercial information).
2. Apart from the purposes indicated in this Privacy Policy, personal data of the Users will not be shared in any way with any third parties or transferred to other entities for the purpose of sending third party marketing materials.
3. Personal data of the website Users are not transferred outside the territory of the European Union.
4. This Privacy Policy is compliant with the provisions arising from Article 13(1) and Article 13(2) of the GDPR

VIII. COOKIES

1. The website uses cookies or a similar technology (hereinafter collectively referred as “cookies”) for collecting information about the User’s access to the website (e.g. with the use of a computer or a smartphone) and his or her preferences. They are used, among other things, for advertising and statistical purposes and for the purpose of adjusting the website to individual needs of the User.
2. Cookies are fragments of information which contain a unique reference code sent by the website to the User’s device for the purpose of storing, and sometimes tracking, information about the device used. Usually, they do not allow for personal identification of the User. Their main task is to better adjust the website to the User.
3. Some cookies used on the website are only available during a given online session and expire after the browser is closed. Other cookies are used for remembering the User who, after returning to the website, is recognised on it. They are kept for a longer period of time.
4. Cookies used on this websites are: Cookies Policy – Pafana available at www.pafana.pl, page “Contact”, page “Cookies Policy” • On the Website, the following types of cookies are used: 
   • “necessary” cookies, allowing for the use of services available through the Website, e.g. authentication cookies used for services which require authentication on the Website; 
   • cookies used for ensuring safety, e.g. used for detecting abuse in respect of authentication on the Website; 
   • “performance” cookies allowing for collection of information on the manner in which pages of the Website are used; 
   • “functional” cookies allowing for remembering of settings selected by the User and customization of the User’s interface, e.g. in respect of the selected language or region of the User, font size, look of the website, etc.;
5. All cookies used on the website are determined by the controller.
6. All cookies used by this website are compliant with the applicable laws of the European Union.
7. Most Users and certain mobile browsers accept cookies automatically. If the User does not change settings, cookies will be saved in the memory of the device.
8. The User may change preferences relating to acceptance of cookies or change the browser so that an appropriate notification may be received when the cookies function is set. In order to change cookies acceptance settings, one should adjust browser settings.
9. It is worth remembering that blocking or deleting cookies may prevent full usability of the website.
10. Cookies will be used for necessary session management, including:
    • Creating a special login session for the website User so that the website remembers that the User is logged in and his or her requests are delivered effectively, safely and coherently;
    • Recognising the User who has already visited the website earlier, which allows for identification of the number of unique Users who used the website and for making sure the website has sufficient capacity for the number of new users;
    • Recognising if the visitor of the website is registered on the website;
    • Registering information from the User’s device, including cookies, IP address and browser information, in order to allow for troubleshooting, administration and tracking of the website User;
    • Adjusting artwork elements or content of the website;
    • Collecting statistical data about the use of the website by the User for the purpose of improving the website and finding out which areas of the website are most popular among the Users.