Privacy Policy

Privacy Policy of the Website

www.cynkomet.pl

  1. Definitions

1.1. Controller – Cynkomet Sp. z o.o., ul. Fabryczna 7W, 16-020 Czarna Białostocka

1.2. Personal Data – information about an identified or identifiable natural person based on one or more specific factors determining physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP address, online identifiers, and information collected via cookies or other similar technologies. 

1.3. Policy – this Privacy Policy. 

1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.

1.5. Website – the website operated by the Controller at www.cynkomet.pl

1.6. User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.

  1. Processing of Personal Data in connection with the use of the Website

2.1. In connection with the User’s use of the Website, the Controller collects data to the extent necessary to provide the individual services offered.  Detailed rules and purposes of the processing of Personal Data collected during the User’s use of the Website are set out below.

  1. Purposes and legal grounds for the processing of Personal Data on the Website
  2. A) Use of the Website

3.1. Personal Data of all individuals using the Website are processed by the Controller:

3.1.1. for the purpose of providing electronic services related to making content available to Users on the Website – the necessity of processing for the performance of a contract is the legal basis for processing (Article 6(1)(b) GDPR); 

3.1.2. for the purpose of establishing, pursuing, or defending against claims – the legitimate interest of the Controller (Article 6(1)(f) GDPR), which consists in the protection of its rights, is the legal basis for processing.

  1. B) Contact form  

3.2. The Controller provides the option of contacting the Controller via an electronic contact form.  Use of the form requires the provision of personal data necessary to establish contact with the User and respond to the enquiry.  The User may also provide other data to facilitate communication or the processing of the enquiry. Providing data marked as mandatory is required to submit and process the enquiry; failure to provide such data will result in the enquiry not being processed.  Provision of other data is voluntary.  

3.3. Personal Data is processed to identify the sender and process the enquiry submitted via the contact form – the necessity of processing for the performance of a service contract is the legal basis for processing (Article 6(1)(b) GDPR); with regard to optionally provided data, consent is the legal basis (Article 6(1)(a) GDPR).

  1. C) Marketing

3.4. The User’s Personal Data may also be used by the Controller to send marketing content via various channels, such as email or MMS/SMS.  These actions are undertaken by the Controller only where the User has given their consent, which may be withdrawn at any time.

3.5. Personal Data is processed:

3.5.1. for the purpose of sending requested marketing information – the Controller’s legitimate interest in connection with the consent given is the legal basis for processing, including profiling (Article 6(1)(f) GDPR); 

3.5.2. for analytical and statistical purposes – the Controller’s legitimate interest, consisting in conducting analyses of User activity on the Website to improve its functionalities, is the legal basis for processing (Article 6(1)(f) GDPR).

  1. Cookies

4.1. The Controller uses cookies on the Website.  The purposes and rules for using cookies are set out in the Cookies Policy.

  1. Duration of Personal Data Processing

5.1. The duration of data processing by the Controller depends on the type of service provided and the purpose of processing.  As a general rule, data is processed for the duration of the service, until the consent given is withdrawn, or until an effective objection to the processing is submitted, in cases where the Controller’s legitimate interest is the legal basis for processing. 

5.2. The data processing period may be extended where processing is necessary for the establishment or defence of claims, and after that, only where and to the extent required by law.  Once the processing period has ended, the data is irreversibly deleted or anonymised.

  1. User Rights

6.1. The User has the right to access their data and request its rectification, erasure, restriction of processing, the right to data portability, and the right to lodge a complaint with a supervisory authority responsible for personal data protection.

6.2. The User also has the right to object to the processing of their data based on the legitimate interest of the Controller.

6.3. Where the User’s data is processed based on consent, that consent may be withdrawn at any time by contacting the Controller via cynkomet@cynkomet.pl

  1. Recipients of Personal Data

7.1. In connection with the provision of services, Personal Data will be disclosed to external entities, in particular to IT service providers that enable proper operation of the Website.

7.2. Where the User has given consent, their data may also be shared with other entities for their own purposes, including marketing purposes.  

7.3. The Controller reserves the right to disclose selected information about the User to the relevant authorities or third parties who submit a request for such information based on an appropriate legal basis and in accordance with applicable law.

  1. Transfer of Personal Data outside the EEA

8.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that guaranteed by European law.  For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an appropriate level of protection, primarily through:

8.1.1. cooperation with entities processing Personal Data in countries for which a relevant European Commission decision has been issued confirming an adequate level of Personal Data protection;  

8.1.2. the use of standard contractual clauses issued by the European Commission;

8.1.3. the application of binding corporate rules approved by the competent supervisory authority.  

8.2. The Controller always informs about the intention to transfer Personal Data outside the EEA at the data collection stage.

  1. Personal Data Security

9.1. The Controller continuously carries out risk analysis to ensure that Personal Data is processed securely – in particular, to ensure that only authorised persons have access to the data and only to the extent necessary for their tasks.  The Controller ensures that all operations on Personal Data are recorded and carried out only by authorised employees and collaborators.  

9.2. The Controller takes all necessary steps to ensure that its subcontractors and other cooperating entities provide guarantees of applying appropriate security measures whenever they process Personal Data on behalf of the Controller.

  1. Contact Details

10.1. The Controller may be contacted via cynkomet@cynkomet.pl

  1. Changes to the Privacy Policy

11.1. This Policy is regularly reviewed and updated where necessary.

11.2. The current version of the Policy was adopted and has been in effect since 27/01/2023.

Newsletter