Policy

Privacy Policy

This Privacy Policy outlines the rules for storing and accessing data on the Devices of Users who use the Service for the purpose of electronic service provision by the Administrator, as well as the rules for collecting and processing Users’ personal data, voluntarily provided by them through tools available on the Service.

This Privacy Policy is an integral part of the Terms of Service, which define the rules, rights, and obligations of Users utilizing the Service.

§1 Definitions

  • Service – The online service “Żwirek Trade” operating under the address: https://zwirekmilek.pl/
  • External Service – Websites of partners, service providers, or service recipients cooperating with the Administrator.
  • Service/Data Administrator – The administrator of the Service and the data (hereafter referred to as “Administrator”) is the company “MILEK TRADE SPÓŁKA Z O.O.” operating at: Wąska 1, Urle, 05-281 Jadów, Poland, with VAT ID (NIP): 1251766390, and KRS number: 0001099848, providing electronic services via the Service.
  • User – A natural person for whom the Administrator provides electronic services through the Service.
  • Device – An electronic device, along with its software, through which the User gains access to the Service.
  • Cookies – Textual data files stored on the User’s Device.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
  • Personal Data – Information about an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Processing – Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • Restriction of Processing – The marking of stored personal data to limit its processing in the future.
  • Profiling – Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning the individual’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  • Consent – A voluntary, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
  • Personal Data Breach – A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
  • Pseudonymization – The processing of personal data in such a manner that it can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
  • Anonymization – An irreversible process of altering data that destroys or overwrites “personal data,” preventing identification or linkage of the data record to a specific User or individual.

§2 Data Protection Officer

In accordance with Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer. For matters related to data processing, including personal data, please contact the Administrator directly.

§3 Types of Cookies

  • Internal Cookies – Files placed and read from the User’s Device by the Service’s telecommunication system.
  • External Cookies – Files placed and read from the User’s Device by the telecommunication systems of External Services. External Service scripts integrated into the Service may place cookies on the User’s Devices.
  • Session Cookies – Files placed and read from the User’s Device by the Service during a single session. These files are deleted after the session ends.
  • Persistent Cookies – Files placed and read from the User’s Device by the Service until they are manually deleted. These files are not automatically deleted after the session ends unless the User’s Device settings are configured to clear cookies after the session.

§4 Data Security

  • Cookie Storage and Reading Mechanisms – The mechanisms used for storing and exchanging cookie data between the User’s Device and the Service are carried out through built-in web browser mechanisms. They do not allow the retrieval of other data from the User’s Device, including personal data or confidential information. The transfer of viruses, Trojan horses, or worms is practically impossible.
  • Internal Cookies – Cookies used by the Administrator are safe for Users’ Devices and do not contain scripts, content, or information that may compromise data security or the security of the Device.
  • External Cookies – The Administrator ensures, to the extent possible, that trusted, globally recognized partners are chosen for the cooperation. However, the Administrator cannot fully control the contents of External Cookies, and thus assumes no responsibility for their security, subject to applicable law.

§5 Purposes of Using Cookies

Cookies are used for:

  • Enhancing and facilitating access to the Service.
  • Personalizing the Service for Users.
  • Marketing and remarketing on external platforms.
  • Advertising services.
  • Affiliate marketing.
  • Statistical purposes (e.g., user count, visits, device types).
  • Delivering multimedia services.
  • Providing social media functionality.

§6 Purposes of Processing Personal Data

Personal data voluntarily provided by Users may be processed for:

  • Providing electronic services, such as sharing content on social media or communication between the Administrator and Users.
  • Ensuring the legitimate interest of the Administrator.

Anonymous data collected automatically may be processed for:

  • Statistical purposes.
  • Remarketing.
  • Displaying tailored advertisements.
  • Affiliate marketing.
  • Ensuring the legitimate interest of the Administrator.

§7 Changing Browser Settings for Cookies

  1. The User has the right to independently manage cookies by configuring their web browser.
  2. In particular, the User can:
    a. Delete cookies: By manually removing stored cookies using the browser’s settings.
    b. Block cookies: By setting the browser to prevent the storage of cookies.
    c. Restrict cookies: By limiting the scope or types of cookies allowed.
  3. Restricting or disabling cookies may lead to certain functionalities of the Service becoming unavailable or limited.
  4. Detailed instructions for managing cookies can be found in the help section or documentation of the User’s browser.

§8 Data Security Rules

  1. The Administrator undertakes appropriate technical and organizational measures to protect the Users’ personal data against unauthorized access, alteration, disclosure, or destruction.
  2. Security measures include, but are not limited to:
    a. Data encryption (where applicable).
    b. Access control to personal data, ensuring that only authorized persons can process the data.
    c. Regular security updates and system audits.
  3. Users are responsible for maintaining the confidentiality of login credentials, passwords, and any other authentication methods.
  4. In the event of a personal data breach that may pose a risk to the rights or freedoms of the User, the Administrator will notify the User without undue delay and fulfill all legal obligations related to data breach reporting.

§9 Third-Party Services and Tools

  1. The Administrator may use external services and tools, such as analytics platforms or payment processors, which may collect data about the User independently.
  2. The User is advised to review the privacy policies of third-party providers used by the Service.
  3. The Administrator makes efforts to ensure that third-party providers adhere to applicable privacy laws, particularly GDPR, if applicable.
  4. Data transfer to third parties is carried out only under appropriate legal grounds, such as consent, contract necessity, or legitimate interest.

§10 User Rights Regarding Data

  1. Users have the following rights concerning their personal data:
    a. Access: The right to request information about the data being processed.
    b. Rectification: The right to request correction of inaccurate or incomplete data.
    c. Deletion: The right to request deletion of personal data (“the right to be forgotten”), subject to legal limitations.
    d. Restriction: The right to request limitations on the processing of their data.
    e. Data portability: The right to receive personal data in a structured, commonly used format or request its transfer to another entity.
    f. Objection: The right to object to data processing based on legitimate interest or direct marketing.
    g. Withdraw consent: The right to withdraw consent at any time without affecting the legality of prior processing.
  2. Users may exercise their rights by contacting the Administrator via the provided contact details in this Policy.
  3. Complaints related to personal data processing may be filed with the relevant supervisory authority in the User’s jurisdiction.
  4. Requests related to data rights will be handled within 30 calendar days, unless additional time is required due to complexity, in which case the User will be notified of the extension.

§11 Legal Basis for Data Processing

The Administrator processes Users’ Personal Data based on:

  1. Consent: Provided voluntarily by the User.
  2. Contract Fulfillment: Necessary for the execution of electronic services provided by the Administrator.
  3. Legal Obligation: To fulfill obligations under applicable laws (e.g., tax or accounting regulations).
  4. Legitimate Interests: For purposes such as ensuring the security of the Service, fraud prevention, direct marketing, or statistical analysis.

§12 Users’ Rights

In accordance with applicable laws, Users have the following rights regarding their personal data:

  1. Access: Users have the right to access their personal data processed by the Administrator.
  2. Correction: Users can request corrections to any inaccurate or incomplete personal data.
  3. Deletion: Users can request the deletion of their data (“right to be forgotten”), except where data retention is legally required.
  4. Restriction: Users can request limitations on the processing of their personal data.
  5. Data Portability: Users can request a copy of their personal data in a structured, commonly used, and machine-readable format.
  6. Objection: Users can object to the processing of their personal data based on legitimate interests, including profiling or direct marketing.
  7. Withdrawal of Consent: Users may withdraw their consent to data processing at any time, without affecting the legality of processing conducted prior to withdrawal.

To exercise any of these rights, Users must contact the Administrator directly.

§13 Data Retention

Personal data voluntarily provided by Users will be stored for the duration necessary to fulfill the purposes for which it was collected, or as required by law.

  1. Anonymous Data: Anonymous data (without personal identifiers) may be retained indefinitely for statistical and analytical purposes.
  2. Email Data: Personal email addresses provided for newsletter subscriptions will be retained until the User unsubscribes.

§14 Changes to the Privacy Policy

The Administrator reserves the right to modify this Privacy Policy to ensure compliance with applicable laws or to reflect any changes in the Service. Users will be informed of any significant changes by a notice posted on the Service.