Privacy Policy
This privacy policy contains information on how we protect your privacy and how your personal data is processed on the website www.marbetdesign.com
I. Controller / Data Protection Officer / Supervisory Authority
Personal data controller
This Privacy Policy applies to data processing by:
MARBET Spółka z o.o.
ul. Chochołowska 28
43-346 Bielsko-Biała, Poland
tel. +48 33 81 27 100
Data Protection Officer
If you do not find the information contained in this Privacy Policy sufficient or understandable, please contact our Data Protection Officer:
Grzegorz Krawiec
MARBET Spółka z o.o.
ul. Chochołowska 28
43-346 Bielsko-Biała, Poland
e-mail: rodo@marbet.com.pl
tel. +48 790 215 608
Competent supervisory authority
he President of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych)
ul. Stawki 2
00-193 Warsaw, Poland
website: www.uodo.gov.pl
II. Definitions
The definitions are derived from Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter the “General Data Protection Regulation” or “GDPR”).
III. General principles / information
1. Scope of processing of personal data
We collect and use the personal data of website users generally only to the extent required to fulfil and provide our services and to display our website.
Personal data can only be processed for other purposes:
- after obtaining the user’s consent,
- where processing is for the purpose of performing a contract, or
- the protection of legitimate interests, except where these objectives and interests are overridden by the interests or fundamental rights and freedoms of the data subject which requires protection of personal data.
Exceptions are cases where data processing is permitted by law.
2. Legal bases
Where personal data is processed on the basis of the data subject’s consent, the legal basis for processing is Article 6(1)(a) of the GDPR.
When processing personal data in the performance of a contract to which the data subject is a party, the legal basis is Article 6(1)(b) of the GDPR. This also applies to processing required for the performance of pre-contractual activities.
Where personal data is processed for the purpose of complying with a legal obligation to which we are subject, the legal basis is Article 6(1)(c) of the GDPR.
Processing for the purpose of protecting the legitimate interests of the Controller or a third party shall be performed under be Article 6(1)(f) of the GDPR, and the interests, fundamental rights and freedoms of the data subject shall not be prevailing over the aforementioned interests.
3. Obtaining consent / Right to withdraw consent
Consent under Article 6(1)(a) of the GDPR is generally obtained electronically.
Consent is given by ticking the appropriate box, which serves as proof of consent. You may withdraw your consent at any time with effect for the future. Any withdrawal should be sent to the contact details given in point I to the Controller or the Data Protection Officer.
4. Recipients of personal data
In order for our website to function, we appoint, in part, external service providers who act on our behalf and according to our instructions when providing services (data processing entity). These service providers may receive or come into contact with personal data in the course of providing their services, and are therefore third parties or recipients within the meaning of the GDPR.
In such cases, we ensure that our service providers provide adequate guarantees that they have the appropriate technical and organisational measures available, and that they process the data in a manner that complies with the requirements of this regulation and ensures the protection of the rights of data subjects (cf. Article 28 GDPR).
If personal data is transferred to third parties and/or recipients other than for the purpose of processing within the scope of an order, we ensure that this is done only in accordance with the requirements of the GDPR (e.g. Article 6(4) GDPR) and only if there is an appropriate legal basis (e.g. Article 6(4) GDPR).
5. Processing of data in so-called third countries
Personal data is generally processed within the EU or the European Economic Area (“EEA”).
Only in exceptional cases (e.g. in connection with the use of web analytics service providers) may information be transferred to so-called third countries. Third countries are countries which do not belong to the European Union and/or do not have a signed European Economic Area treaty, and where an adequate level of data protection in accordance with EU standards cannot be assumed.
If the information transferred also includes personal data, we shall ensure, prior to such transfer, that an adequate level of data protection is ensured in the third country or for the recipient in the third country concerned. This may result from a so-called ‘protection adequacy decision’ of the European Union or be provided on the basis of so-called ‘EU standard contractual clauses’.
6. Deletion of data and retention period
The personal data of the data subject shall be erased or blocked if there is no purpose for processing such data. Storage in the absence of a processing purpose only takes place if this is stipulated by European or national legislators on the basis of EU legal regulations, laws or other regulations to which our company is subject (e.g. to comply with statutory storage obligations and/or if there is a legitimate storage interest, e.g. during limitation periods for legal defence against any claims). The blocking or deletion of data shall also take place when the storage period prescribed by these standards expires, unless it is necessary to store the data further for the conclusion of a contract or for other purposes.
IV. Displaying the website
1. Purpose and legal basis
When you view our website, the browser operating on your end device sends the following data to our website’s server without your participation, and temporarily stores the data (referred to as “log data”):
- information about the type of browser and version used;
- user operating system;
- user internet service provider;
- user IP address (no personal data);
- date and time of access;
- websites from which the user system accesses our website;
- web pages that are called up from the user’s system via our website;
- the user’s navigation through our website.
The legal basis for processing the IP address and other data indicated above is Article 6(1)(f) of the GDPR. Our legitimate interest arises from the processing purposes listed above. If the presentation is for the preparation of a contract, the legal basis for the processing is Article 6(1)(b) of the GDPR.
2. Recipients of the data / categories of recipients
Data will not be passed on to third parties.
3. Deletion of data and retention period
The IP address is stored for 30 days and then automatically deleted.
For more information on processing data such as: browser type/version, operating system used, URL (page previously visited), host name of the computer from which access was made (IP address), time of the request sent to the server, see section VI.2.
4. Possibility of objection and removal
The logging of log data in order to make the website accessible, together with its storage in log files within the limits mentioned, is necessary for the functioning of the website. The user has no opportunity to object.
Different rules apply to the processing of log data for analytical purposes, as they follow from point. VIII, depending on the web analysis tool currently used or the type of data analysis (personal/anonymised/pseudonymised).
V. Use of cookies
1. Purpose and legal basis
Cookies are used on our website. Cookies are text files that are placed on your device (laptop, tablet, smartphone, etc.) when you visit our websites. A cookie stores information related to the specific device you are using. Such a cookie contains a distinctive string of characters that uniquely identifies your browser when you return to the website. However, this does not mean that we are directly informed of your identity.
The use of cookies serves the following purposes, depending on the category of cookie:
- Essential. The purpose of using these cookies is to simplify your use of the website. Some features of our website are not available without the use of cookies (e.g. to display our website/functions you wish to use, to remember your registration in the login area, etc.).
In order to use them, it is necessary to recognise the browser again after switching to another page. User data is not used to create user profiles.
The cookies used take into account, in particular, the processing of the following categories of personal data: user input (to remember input on several pages), authentication data (to identify the user after registration for access to authorised content on subsequent visits), security-relevant events (e.g. detection of multiple failed login attempts), data for playing multimedia content.
- Preferences. These allow us to take account of your actual or presumed preferences for convenient use of our website (e.g. to display our web pages in the appropriate language for you). In particular, the cookies used take into account the processing of categories of personal data related to the setting of user interface adaptations that are not linked to a fixed identifier (e.g. active language selection or specific display of search queries).
- Statistical. These allow us to create anonymous statistics about the use of our services in order to adapt them to your needs (e.g. we can determine how to further adapt our websites to your habits).
The cookies used include, in particular, the processing of the following categories of personal data related to the pseudonymisation of user profiles with information about the use of our website, that is browser type/version, operating system used, referring site URL, host name of the accessing computer, IP address, server request time, individual user ID, triggered website events.
We combine your user ID with other data from you (e.g. name, email address, etc.) only with your explicit consent. Based on your user ID alone, we cannot draw any conclusions about you.
- Advertising. These enable us to display advertising content that is relevant to you, based on analysis of your usage patterns. We can also track usage patterns through different websites, browsers or end devices using a user identifier (unique identifier). The cookies used take particular account of the processing of the following categories of personal data related to the pseudonymisation of user profiles with information about the use of our website, including: IP address, individual user ID, potential interest in products, triggered events on the website.
We combine your user ID with other data from you (e.g. name, email address, etc.) only with your explicit consent. Based on your user ID alone, we cannot draw any conclusions about you. Where applicable, we share your user ID and related usage profiles with third parties via advertising network providers.
The legal basis for the use of technically necessary cookies is Article 6(1)(b) of the GDPR and may also be Article 6(1)(f) of the GDPR, which means that we process your data on the basis of our legitimate interest, which is to enable you to use our website without interruption.
The legal basis for the use of cookies to set preferences, and for statistical and marketing purposes is your consent under Article 6(1)(a) of the GDPR.
You can revoke/adjust your consent at any time with effect for the future, without affecting the legitimacy of the processing based on consent until revoked. By removing the relevant checkmarks, you can easily revoke your consent for the relevant processing purposes.
2. Recipients of the data / categories of recipients
We use specialised service providers, particularly in the online marketing sector, to process your data using cookies. These service providers process your data on our behalf as processing entities, in each case they are subject to contractual obligations in accordance with Article 28 of the GDPR.
If you have consented to processing for marketing purposes, we may share your user ID and related user profiles with third parties through advertising network providers.
3. Deletion of data and retention period
Cookies are stored on your end device (mobile device / computer) and from there are transferred to our websites. A distinction is made between so-called permanent and session cookies. Session cookies are stored for the duration of the browser session and are deleted when the browser is closed. Permanent cookies are not deleted when you close a particular browser session, or are stored on your end device for an extended period of time.
4. Possibility of objection and removal
Upon accessing our website, users are informed by an information banner about the use of cookies and this data protection declaration. The user’s consent to the processing of the personal data used is also obtained via the banner.
You have full control over the use and storage of cookies. By changing your browser settings, you can generally deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, you will not be able to use all of its functions to their full extent.
VI. Web analytics / social network plug-ins
To optimise our websites and adapt them to the changing habits and technical conditions of our users, we use tools for so-called web analysis. We check which elements users visit, whether the information they are searching for is easy to find, etc. We carry out analyses on our website and online offers or use the following web analysis tools. We have also inserted screen buttons (“plugins”) for social networks on our website. These plug-ins provide various functions, the object and scope of which are determined by the social network administrator. Please note that the IP address of your browser session may be linked to your own profile on a particular social network if you are logged into it at the time. Also, your visit to our website can be linked to your social network profile if it recognises you through a social network cookie that has been set previously and is still on your computer.
1. Analysis of log data
The use of log data for analytical purposes is exclusively anonymous and, in particular, there is no link to your personal data and/or IP address or cookie. Such analysis of log data is not subject to the data protection provisions of the GDPR.
2. Google Analytics
In order to adapt the content of our website to your preferences and to optimise it continuously (i.e. statistical and advertising cookies), we use Google Analytics, Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA (‘Google’), an analytics service provided by Google Inc. (‘Google’). In this context, pseudonymised user profiles are created and cookies are used. In doing so, the cookie generates the following information regarding the use of this website:
- browser type / version,
- operating system used,
- the URL (the page previously visited),
- the hostname of the computer from which the input came (IP address),
- the time the request was sent to the server.
This information is used to analyse the use of our website, to compile reports on website activity and to provide other services relating to website and internet usage in order to conduct market research and to tailor the content of these websites to users’ preferences. IP addresses are anonymised so that they cannot be assigned (so-called IP masking).
You can manage your consent to the installation of cookies through your settings; however, we point out that if you do not grant or you withdraw your consent, you will not be able to use all the functionalities of this website to their full extent. Furthermore, you can prevent Google from collecting and processing the data collected by the cookie and about your use of the website (including your IP address) by downloading and installing the browser add-on available under the link: https://tools.google.com/dlpage/gaoptout?hl=pl. Further information on data protection in relation to Google Analytics can be found on the Google Analytics website.
3. Google Remarketing
We use remarketing tools provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). These tools make it possible to target advertising material to users visiting partner websites of the Google network, who have already used our website and shown interest in our offer. The display of the advertisement takes place through the use of cookies. Cookies make it possible to analyse a user’s behaviour when visiting a website, and then use the information obtained to recommend specific products and present dedicated advertising.
Users who are not interested in receiving dedicated advertising can deactivate Google’s use of cookies by visiting https://www.google.pl/settings/ads/onweb.
By using our offer, you consent to the processing of data about you by Google in the manner and for the purpose described above. Please note that Google uses separate data protection guidelines. We are not responsible for such guidelines and procedures.
4. Facebook pixel
Facebook pixel allows us to track your activities on our website and display customised product information to you on this basis (i.e. advertising cookies), .
Information on how this works can be found on the Facebook page: https://www.facebook.com/about/privacy
Pixel acts as a pseudonym, that is it does not create any direct link to any personal information about you.
Opt-out option. You can adjust your consents to use Facebook Pixel by:
- Changing the settings for different categories of cookies,
- Users with a Facebook account as stated in the link below: https://www.facebook.com/about/basics/advertising/ad-preferences
- Anyone can opt out of seeing interest-based advertising displayed by Facebook or its partner companies via the European Interactive Digital Advertising Alliance (‘opt-out’ option) by clicking on the following link: http://www.youronlinechoices.com/pl/twojewybory.
When the cookie blocker is removed, data will again be collected by the Facebook pixel.
VII. Contact form and e-mail contact
There is a contact form on our website which the user can use to contact us electronically. If the user makes use of this option, the data entered in the input boxes will be transmitted to us and saved.
Alternatively, you can contact us via the e-mail address given on our website. In this case, your personal data provided in the email will be saved. Data is never passed on to third parties, except where we need to contact a third party to deal with an enquiry.
1. Purpose and legal basis
Data is processed exclusively for the purpose of dealing with a user’s request or needs. Other data collected during sending is used to prevent abuse of the contact form and to ensure the security of our technical information systems.
The legal basis is Article 6(1)(f) of the GDPR, or Article 6(1)(b) of the GDPR. Our legitimate interest in processing your data arises from the purpose of responding to your enquiries or resolving any problems you may have.
2. Recipients of the data / categories of recipients
In exceptional cases, your data is processed on our behalf by subcontractors. We select these companies with the utmost care, subject them to audits and in the contract concluded we oblige them to comply with the provisions contained in Article 28 of the GDPR.
3. Deletion of data and retention period
All personal data that we have received from you as part of your enquiries via this website or by email is stored until the request is completed and deleted or anonymised at the latest when the request is closed.
In the event that you assert your rights as a data subject under the GDPR, your personal data will be retained for 3 years after our final response so that we can demonstrate that we have provided you with comprehensive information and that the legal requirements have been met.
4. Possibility of objection and removal
You have the opportunity at any time to stop communicating with us and/or to withdraw your request and to refuse the corresponding use of your data. In this case, communication cannot be continued. All personal data saved as part of the contact is then deleted.
VIII. Rights of data subjects
On the basis of the GDPR, the user shall in particular have the following data subject rights:
1. Right of access (Article 15 GDPR)
You have the right to request information about whether or not we process your personal data. If your personal data is processed by our company, you have the right to be informed about:
- the purposes of the processing;
- the categories of personal data (type of data) that is processed;
- the recipients or categories of recipients to whom your data is made available or is intended to be made available; this applies in particular if the data has been made available or is intended to be made available to a recipient in third countries outside the scope of the GDPR;
- the intended period of storage, if possible; where it is not possible to indicate the period of storage, the criteria for determining the period of storage (e.g. statutory storage periods, etc.) should be communicated;
- your right to rectification and erasure of data concerning you, including the right to restrict processing and/or to object (see also the following points);
- the existence of the right to lodge a complaint with a supervisory authority;
- the origin of the data, if the personal data has not been collected directly from the user.
Furthermore, you have the right to be informed whether your personal data is subject to automated decision-making within the meaning of Article 22 of the GDPR and, if so, what decision-making criteria form the basis for such automated decision-making or what effects and scope the automated decision-making may have on you.
If personal data is transferred to a third country outside the scope of the GDPR, the user has the right to be informed whether, and if so on the basis of which guarantees, an adequate level of protection within the meaning of Articles 45, 46 of the GDPR is ensured at the recipient of the data in the third country.
You have the right to request a copy of your personal data. The first copy is free of charge, a charge may be made for other copies.
2. Right of rectification (Article 16 GDPR)
You have the right to request us to rectify any inaccurate personal data concerning you without delay. With regard to the purposes of the processing, you have the right to request the completion of incomplete personal data.
3. Right to erase data (Article 17 GDPR)
You have the right to request us to delete personal data concerning you immediately if one of the following reasons applies:
- the personal data is no longer necessary for the purpose for which it was collected or otherwise processed;
- you revoke the consent on which the processing has taken place in accordance with Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing;
- you object to the processing in accordance with Article 21(1) or (2) GDPR and in the case of Article 21(1) GDPR there are no overriding legitimate grounds for the processing; the personal data has been unlawfully processed; the erasure of the personal data is required to comply with a legal obligation;
- personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If we have shared personal data and are obliged to delete it, we will take reasonable steps, taking into account available technologies and implementation costs, to inform third parties processing your data that you also request them to delete all links to that personal data or copies or replications of that personal data.
4. Right to restrict processing (Article 18 GDPR)
You have the right to request us to restrict processing if any of the following conditions apply:
- you challenge the accuracy of your personal data;
- the processing is unlawful and instead of erasure you request the restriction of the use of your personal data;
- the controller no longer needs the personal data for the purposes for which it was processed, but the data subject needs it in order to assert, exercise or defend a legal claim, or
- you have objected to the processing in accordance with Article 21(1) of the GDPR until it is clear that the legitimate interests pursued by the controller do not outweigh the interests of the data subject.
5. Right to data portability (Article 20 GDPR)
You have the right to receive the personal data you provide to us in a structured, customary machine-readable format and the right to have that data transferred to another controller without interruption by us, provided that:
- the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) of the GDPR and
- processing is carried out using automated methods.
When exercising your right to data portability, you have the option to decide that we will transfer your personal data directly to another controller, as long as this is technically feasible.
6. Right to object (Article 21 GDPR)
In the case of processing of personal data for the performance of tasks of public interest (Article 6(1)(e) of the GDPR) or in order to take account of legitimate interests (Article 6(1)(f) of the GDPR), you may object to the processing of personal data at any time with effect for the future. In the event of an objection, we must cease further processing of your data for the aforementioned purposes unless
- there are compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
- processing is required in order to bring, exercise or defend legal claims.
The use of data for the purposes of direct advertising may be objected to at any time with effect for the future; this also applies to profiling insofar as it is linked to direct advertising. If you object, we must stop further processing of your data for direct advertising purposes.
7. Possibilities of legal protection / right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with the competent supervisory authority responsible for data protection. The competent supervisory authority in Poland is the President of the Office for Personal Data Protection, as mentioned in point I.