Privacy Policy (PP) describes what personal data we collect from you as a User of our Service, why and how we ensure the privacy of your data and how we process it based on applicable law, including GDPR.
By Service we mean the website operating at: https://www.lumagadzety.pl
GDPR is the Personal Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016), which regulates the principles of personal data protection of natural persons within the European Union (EU).
We care about your personal data, we want you to feel safe on our Service. PP aims to provide you as a User with information about what personal data we collect, for what purposes, as well as how we use it and who we are. PP also aims to inform you about the rights you have in connection with our processing of your personal data.
Who is the Administrator of your personal data?
The Administrator of your personal data is Łukasz Cyprys, conducting business under the name LUMA-DRUK Łukasz Cyprys in Radomsko (97-500), ul. Ignacego Krasickiego 108, NIP: 7282448636, REGON: 100077703 (Administrator)
In the scope of personal data protection, you can contact us by phone: +48 609 738 889, email: rodo@lumadruk.pl or in writing at the address indicated above.
Security of your personal data
We care about the security of all personal data that we process in our company, and in particular about ensuring confidentiality and integrity, we have implemented, among others, the following technical and organizational measures:
- we regularly conduct risk analysis in order to properly match solutions to potential threats related to violations,
- we make sure that only authorized persons have access to the data and only to the extent necessary to perform their duties tasks,
- we conclude entrustment agreements with entities to which we entrust the processing of personal data, but we also ensure that these entities guarantee the highest level of security,
- access to IT systems is controlled in accordance with IT security procedures.
Whose personal data can we process?
As the Personal Data Administrator, we can process in particular the personal data of the following persons:
- our clients – recipients of goods and services,
- our contractors – suppliers of goods and services,
- entities and persons whose data we receive as part of the implementation of cooperation,
- persons representing entities with which we cooperate and their employees,
- entities and persons with whom we would like to establish cooperation or we have business relations.
For what purpose and on what basis do we process your personal data?
As the Administrator personal data, I process your personal data - for various purposes, but always in accordance with the law and so that we can carry out our business.
We process personal data that you provide to us in connection with the use of the services provided by us, but also during business contacts with us.
To make it easier for you to navigate in these areas, we have prepared a table in which you will find the purposes and legal basis for processing personal data.
| Purpose of personal data processing | Type of personal data processed | Legal basis for personal data processing |
|---|---|---|
| Taking action before concluding a contract for the provision of our services at the initiative of the Administrator and data subject | Name and surname, company name, contact details, including address details, Tax Identification Number, information contained in public registers and other information you provide to us | Article 6 paragraph 1 letter b GDPR action before concluding a contract, e.g. by sending a message via a form to obtain a quote for the order Article 6 paragraph 1 letter f GDPR legitimate interest of the Data Controller, among others, in order to establish cooperation |
| Conclusion and performance of the contract | Name and surname, company name, contact details, address details, Tax Identification Number, bank account number, information contained in public registers and other information you provide to us | Article 6 paragraph 1 letter b GDPR performance of the contract Article 6 paragraph 1 letter f GDPR legitimate interest of the data controller, e.g. contact person data |
| Fulfillment of our legal obligations, such as: issuing a proforma invoice, issuing an invoice, other accounting documents and making tax settlements | Name and surname, company name, contact details, data aaddress, Tax Identification Number, bank account number and information contained in public registers | Article 6, paragraph 1, letter c GDPR legally binding obligation |
| Ongoing contact, in connection with the performance of the contract between us, but also consideration of complaints, grievances and applications | Name and surname, company name, contact details, address details and other data that we have received from you as part of our contract or notification | Article 6, paragraph 1, letter b GDPR to perform the contract Article 6, paragraph 1, letter f GDPR legitimate interest of the data controller, e.g. examining needs, ensuring high quality of service |
| Determining, defending and pursuing our claims | Name and surname, company name, contact details, address details, tax identification number, bank account number, information contained in public registers, and other information related to the contract or other legal relationship between us | Art. 6 sec. 1 lit. f GDPR legitimate interest, including defending the interests of the Administrator |
| Storing left offers / inquiries | Name and surname, company name, contact details and other data you provide to us | Art. 6 sec. 1 lit. f GDPR legally justified interest, which will enable you to use our services for a specified period of time without having to repeat the offer or inquiry |
| Archival and evidential | Name and surname, company name, contact details, address details, tax identification number, bank account number, information contained in public registers and other information that you provide to us | Article 6 paragraph 1 letter c GDPR legally binding obligation Article 6 paragraph 1 letter f GDPR legally justified interest, among others possession of personal data will allow us to prove certain facts related to the performance of the contract, services, e.g. when a state authority requests it |
| Sending commercial information to entities with which we cooperate or have cooperated | Name and surname, company name, contact details, address details, Tax Identification Number, information contained in public registers | Article 6 paragraph 1 letter a GDPR consent, if it is required Article 6 paragraph 1 letter f GDPR legitimate interest, including building relationships, offering our services |
| Sending direct marketing on our own behalf to our potential customers | Name and surname, company name, contact details, address details, Tax Identification Number, information contained in public registers | Article 6 paragraph 1 letter a GDPR consent, if required Art. 6 sec. 1 letter f GDPR legitimate interest, including building relationships, offering our services |
| Sending the newsletter | Name and surname, company name, contact details, address details, Tax Identification Number, information contained in public registers | Art. 6 sec. 1 letter a GDPR consent to sending the newsletter Art. 6 sec. 1 letter f GDPR legitimate interest, including building relationships, offering our services |
| Verification of business partners | Name and surname, company name, contact details, address details, Tax Identification Number, information contained in public registers, financial data, information contained in business intelligence agencies | Art. 6 sec. 1 letter f GDPR legitimate interest of the data controller, including checking the credibility of our business partners |
| Administering our Website (automatic recording of the following data in the so-called server logs, each time you use our website) and creating statistics, summaries and analyses. | IP address, server date and time, information about the web browser, information about the operating system | Art. 6 sec. 1 letter a GDPR consent to cookies Art. 6 sec. 1 letter f GDPR legitimate interest of the data controller, including the ability to administer the website |
How do we process your data in social media (SM)?
1. The Administrator has and manages the following company profiles on social networking sites, i.e. LinkedIn, Google My Business, YouTube, Facebook, Instagram. In connection with the above, we process the personal data of people who enter our profile, regardless of whether they become active or start following our activities in SM.
2. We manage profiles on social media for the following purposes:
a) promoting our services and products and informing about our promotions and competitions;
b) providing information about events in which we participate or invite you to participate, e.g. fairs, trainings, events;
c) collecting data and analyzing it;
d) establishing a defense strategy and pursuing claims.
3. The legal basis for the processing of personal data in connection with the profiles maintained in SM is art. 6 sec. 1 letter f) of the GDPR Regulation - the legitimate interest of the Administrator. Our interest is to develop and promote the Administrator's brand, improve our services and products, and sometimes also establish a strategy related to the pursuit and defense of our claims.
How will you exercise your right to withdraw consent?
1. If we process personal data based on your consent, you can withdraw this consent at any time without giving a reason.
2. You can withdraw your consent to the processing of your personal data by sending an e-mail to the following address: rodo@lumadruk.pl
3. Until you withdraw your consent, we have the right to process your personal data and its withdrawal does not affect the lawfulness of the previous processing.
Voluntary nature and requirement to provide personal data
1. Providing any personal data by you is voluntary and depends on your decision.
2. However, in some cases, providing certain personal data is necessary to do what you ask us to do (e.g. price a service, respond to an email).
Who can we transfer your personal data to?
1. For the purpose of conducting our business in a broad sense and in all possible, legally permitted areas, we may transfer your data to entities associated with the Administrator. We write about them below.
2. In our business, we cooperate with other entities that provide services to us, sell products, and this involves the need to transfer personal data. In connection with the above, if necessary, we transfer your personal data to the following entities:
a) IT companies,
b) companies providing accounting and tax services,
c) marketing companies and agencies,
d) companies providing hosting services;
e) banks, payment institutions, leasing, factoring and insurance companies,
f) entities conducting postal, courier and transport activities;
g) entities providing services related to the security of persons and property;
h) entities providing us with advisory, audit, legal, tax and debt collection services.
3. In the course of our business, it may be necessary that, on the basis of the relevant legal provision or decision of the competent authority, we will also have to transfer your personal data to other entities, whether public or private, such as the Social Insurance Institution, the Tax Office, the National Tax Administration, etc.
4. Your personal data are generally processed within the European Economic Area (hereinafter: EEA). However, taking into account the services provided by the Administrator's subcontractors in the scope of providing IT services, the Administrator may commission the performance of these services to recognized subcontractors operating outside the EEA, which may result in the transfer of your data outside the EEA.
5. In the case of recipients in the territory of countries not covered by the decision of the European Commission on ensuring an adequate level of protection, in order to ensure appropriate safeguards, the Administrator concludes agreements with the recipients of personal data, based on standard contractual clauses issued by the European Commission in accordance with Article 46 paragraph 2 letter c of the GDPR.
6. The content of the standard contractual clauses and additional information on the applied safeguards can be obtained from the Administrator by contacting us at the address provided in the PP at the very beginning of the document.
How long do we store your personal data?
1. In accordance with applicable law, we process your personal data for the time necessary to achieve the purpose for which the personal data was processed. After this period, your personal data will be irreversibly deleted or destroyed by us.
2. We process personal data for the following periods:
a) the duration of the contract, but also after its termination, but no longer than for a period of 6 years — in relation to personal data processed for the purpose of concluding and performing the contract
b) up to 6 years — in relation to personal data processed for the purpose of determining, pursuing or defending claims, but no longer than it results from applicable law;
c) up to 3 years — in relation to personal data that were collected in connection with the submission of an offer, and at the same time the contract was not concluded immediately;
d) up to 7 years — in relation to personal data related to the fulfillment of obligations under tax law, e.g. storing invoices, bills;
e) until the consent is withdrawn or the purpose of processing is achieved, but no longer than for 3 years — in relation to personal data processed on the basis of consent;
f) until the objection is effectively raised or the purpose of processing is achieved, but no longer than for 3 years — in relation to personal data processed on the basis of the legitimate interest of the Administrator or for marketing purposes;
g) until they become outdated or lose their usefulness, but no longer than for 5 years - in relation to personal data processed primarily for the purposes of using cookies and administering the website.
3. We count periods in years from the end of the year in which we began processing personal data in order to streamline the process of deleting or destroying personal data. Separate counting of the period for each event would involve significant organizational and technical difficulties, as well as significant financial outlays, therefore setting a single date for deleting or destroying personal data allows us to manage this process more efficiently.
4. If you decide to exercise your right to be forgotten, write to us and we will verify whether it is legally possible. Such decisions are considered individually. There are situations when we cannot comply with such a request, e.g. due to our obligations (Article 6, paragraph 1, letter c) of the GDPR) and others, and in such situations we may refuse to completely delete your data.
Your rights related to the protection and processing of your personal data.
1. You have the following rights related to the protection and processing of your personal data:
a) The right to access the content of your personal data – i.e. to obtain information about the purpose and method of processing your personal data and a copy of the data.
b) The right to rectify data – i.e. to correct data when it is incorrect, has changed or has become outdated.
c) The right to partial or complete deletion of data (“Right to be forgotten”) – i.e. deletion of data that is processed without legitimate legal grounds.
d) The right to limit processing – i.e. limiting data processing to their storage only.
e) The right to transfer data – i.e. obtaining your personal data that you have provided to us or indicating another administrator, to whom we should transfer it, if technically possible.
f) The right to object, as to personal data, the provision of which is voluntary – i.e., among others, for the purposes of direct marketing.
g) Right to withdraw consent - you may withdraw any consent you have given us at any time.
2. We want you to know that your rights listed in paragraph 1 above are not absolute, which means that in certain cases we may lawfully refuse to exercise them. However, if we refuse to comply with your request or demand, we always analyze the issue in detail beforehand and only refuse if refusing to comply with the request is necessary.
3. You have the right to object to the processing of your personal data based on the legitimate interest of the Personal Data Administrator in connection with your particular situation. In accordance with the law, we may refuse to take into account the objection if we prove that:
a) there are legitimate grounds for processing that override your interests, rights and freedoms or;