Privacy Policy

  1. This Privacy Policy sets out the rules for the processing of personal data obtained through the website kamilbielat.pl (hereinafter referred to as: „Website”).
  2. The owner of the website and the data controller is Kamil Bielat EML SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, hereinafter referred to as the Controller. Email
    kamilbielat@eml-group.eu    , address: ul. Borowa 1C Rzeszów 35-232 PL – Poland, phone number +48.797783150, tax identification number (NIP) 5170421855.
  3. Personal data collected by the Administrator via the Website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as GDPR.
  4. The Administrator takes special care to respect the privacy of Customers visiting the Website.
  • 1 Type of data processed, purposes, and legal basis
  1. The administrator collects information about natural persons performing legal transactions not directly related to their business activities, natural persons conducting business or professional activities on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons but are granted legal capacity by law, conducting business or professional activities on their own behalf, hereinafter collectively referred to as Customers.
  2. Customers' personal data is collected in the following cases:

using the contact form service on the Website in order to perform a contract provided electronically. Legal basis: necessary for the performance of a contract for the provision of contact form services (Article 6(1)(b) of the GDPR)

  1. When using the contact form service, the Customer provides the following data:

– email address

– first name

– phone number

  1. When using the Website, additional information may be collected, in particular: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
  2. Navigation data may also be collected from Customers, including information about links and references they decide to click on or other activities undertaken on the Website. Legal basis – legitimate interest (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of those services.
  3. The provision of personal data to the Administrator is voluntary.
  • 2 Who is the data shared or entrusted to, and how long is it stored?
  1. The Customer's personal data is transferred to service providers used by the Administrator in the operation of the Website. Depending on contractual arrangements and circumstances, service providers to whom personal data is transferred are either subject to the Administrator's instructions regarding the purposes and methods of processing such data (processors) or independently determine the purposes and methods of processing (administrators).

1.1. Processors. The Administrator uses providers who process personal data exclusively on the Administrator's instructions. These include, among others, providers offering hosting services, accounting services, marketing systems, website traffic analysis systems, and marketing campaign effectiveness analysis systems.

1.2. Administrators. The administrator uses providers who do not act solely on instructions and who themselves determine the purposes and means of using customers' personal data. They provide electronic payment and banking services.

  1. Location. Service providers are mainly based in Poland and other countries of the European Economic Area (EEA).
  2. Customers' personal data is stored:

3.1. If the basis for the processing of personal data is consent, the Customer's personal data will be processed by the Administrator until the consent is revoked, and after the consent is revoked, for a period corresponding to the limitation period for claims that may be raised by the Administrator and that may be raised against him. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activities – three years.

3.2. If the basis for data processing is the performance of a contract, the Customer's personal data will be processed by the Administrator for as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period for claims. Unless otherwise specified, the limitation period is six years, and for claims for periodic benefits and claims related to business activities – three years.

  1. If requested, the Administrator shall disclose personal data to authorized state authorities, in particular to organizational units of the Public Prosecutor's Office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.
  • 3 Cookies mechanism, IP address
  1. The website uses small files called cookies. They are saved by the Administrator on the end device of the person visiting the Website, if the web browser allows it. A cookie usually contains the name of the domain from which it originates, its „expiration time,” and an individual, randomly selected number identifying the file. The information collected using such files helps to tailor the products offered by the Administrator to the individual preferences and actual needs of visitors to the Website.
  2. The administrator uses two types of cookies:

2.1. Session cookies: after closing the browser session or turning off the computer, the stored information is deleted from the device's memory. The session cookie mechanism does not allow the collection of any personal data or confidential information from customers' computers.

2.2. Persistent cookies: are stored in the memory of the Customer's end device and remain there until they are deleted or expire. The persistent cookie mechanism does not allow any personal data or confidential information to be downloaded from the Customer's computer.

  1. The administrator uses its own cookies for the following purposes:

3.1. analyses and research, as well as audience auditing, and in particular to create anonymous statistics that help us understand how Customers use the Website, which allows us to improve its structure and content.

  1. The administrator uses external cookies for the following purposes:

4.1. presenting a map showing the location of the Administrator's office on the Website's information pages, using the maps.google.com website (external cookie administrator: Google Inc. based in the USA)

  1. The cookie mechanism is safe for the computers of Customers visiting the Website. In particular, it is not possible for viruses or other unwanted software or malware to enter Customers' computers in this way. However, customers have the option of restricting or disabling access to cookies on their computers in their browsers. If this option is used, it will still be possible to use the Website, except for functions that by their nature require cookies.
  2. The administrator may collect the IP addresses of Customers. An IP address is a number assigned to the computer of a person visiting the Website by their Internet service provider. The IP number enables access to the Internet. In most cases, it is assigned to a computer dynamically, i.e., it changes with each connection to the Internet and for this reason is generally treated as non-personal identifying information. The IP address is used by the Administrator to diagnose technical problems with the server, create statistical analyses (e.g., to determine which regions have the most visits), as information useful for administering and improving the Website, as well as for security purposes and the possible identification of unwanted automatic programs that browse the content of the Website and overload the server.
  • 4 Rights of data subjects
  1. Right to withdraw consent – legal basis: Article 7(3) of the GDPR.

1.1. The customer has the right to withdraw any consent they have given.

1.2. Withdrawal of consent takes effect from the moment of withdrawal.

1.3. Withdrawal of consent does not affect the processing carried out by the Administrator in accordance with the law prior to its withdrawal.

1.4. Withdrawal of consent does not entail any negative consequences for the Customer, but it may prevent further use of services or functionalities which, in accordance with the law, the Administrator may provide only with consent.

  1. Right to object to data processing – legal basis: Article 21 of the GDPR.

2.1. The customer has the right to object at any time, on grounds relating to their particular situation, – to the processing of their personal data, including profiling, if the Administrator processes their data based on a legitimate interest, e.g., marketing the Administrator's products and services, keeping statistics on the use of individual functionalities of the Website and facilitating the use of the Website, as well as conducting satisfaction surveys.

2.2. Opting out of receiving marketing communications about products or services by email will mean that the Customer objects to the processing of their personal data, including profiling for these purposes.

2.3. If the Customer's objection proves to be justified, the Administrator will have no other legal basis for processing personal data, and the Customer's personal data will be deleted if the Customer has objected to its processing.

  1. Right to erasure („right to be forgotten”) – legal basis: Article 17 of the GDPR.

3.1. The customer has the right to request the deletion of all or some of their personal data.

3.2. The customer has the right to request the deletion of personal data if:

3.2.1. personal data is no longer necessary for the purposes for which it was collected or processed

3.2.2. withdrew specific consent, to the extent that personal data was processed based on his consent

3.2.3. objected to the use of his data for marketing purposes

3.2.4. personal data is processed unlawfully

3.2.5. personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the Controller is subject

3.2.6. personal data has been collected in connection with the provision of information society services

3.3. Despite a request to delete personal data, in connection with an objection or withdrawal of consent, the Controller may retain certain personal data to the extent that processing is necessary for the establishment, investigate or defend claims, as well as to comply with a legal obligation requiring processing under Union law or the law of the Member State to which the Administrator is subject. This applies in particular to personal data including: first name, last name, email address, which are retained for the purpose of handling complaints and claims related to the use of the Administrator's services, or additionally the address of residence/correspondence address, order number, which are retained for the purpose of handling complaints and claims related to concluded sales contracts or the provision of services.

  1. Right to restrict data processing – legal basis: Article 18 of the GDPR.

4.1. The customer has the right to request the restriction of the processing of their personal data. Until the request is considered, it prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request. The administrator will also not send any communications, including marketing communications.

4.2. The customer has the right to request the restriction of the use of personal data in the following cases:

4.2.1. when they question the accuracy of their personal data – in such cases, the Administrator shall restrict the use of such data for the time necessary to verify its accuracy, but for no longer than 7 days

4.2.2. when the processing of data is unlawful, and instead of deleting the data, the Customer requests that its use be restricted

4.2.3. when personal data is no longer necessary for the purposes for which it was collected or used, but is needed by the Customer to establish, pursue, or defend legal claims

4.2.4. when he/she has objected to the use of his/her data – in this case, the restriction applies for the time necessary to consider whether, due to the specific situation, the protection of the Customer's interests, rights, and freedoms outweighs the interests pursued by the Controller in processing the Customer's personal data.

  1. Right of access to data – legal basis: Article 15 of the GDPR.

5.1. The Customer has the right to obtain confirmation from the Administrator as to whether personal data is being processed, and if so, the Customer has the right to:

5.1.1. access your personal data

5.1.2. obtain information about the purposes of processing, the categories of personal data being processed, the recipients or categories of recipients of such data, the planned period of storage of the Customer's data or the criteria for determining that period (where it is not possible to specify the planned period of data processing), about the rights of the Customer under the GDPR and the right to lodge a complaint with a supervisory authority, about the source of the data, about automated decision-making, including profiling, and about the safeguards applied in connection with the transfer of the data outside the European Union.

5.1.3. obtain a copy of your personal data.

  1. Right to rectify data – legal basis: Article 16 of the GDPR.

6.1. The Customer has the right to request the Administrator to immediately correct any personal data concerning him/her that is incorrect. Taking into account the purposes of processing, the Customer whose data is concerned has the right to request the completion of incomplete personal data, including by submitting an additional statement, by sending a request to the e-mail address in accordance with §6 of the Privacy Policy.

  1. Right to data portability – legal basis: Article 20 of the GDPR.

7.1. The Customer has the right to receive their personal data that they have provided to the Administrator and then send it to another personal data administrator of their choice. The Customer also has the right to request that the personal data be sent by the Administrator directly to such an administrator, if technically possible. In such a case, the Administrator will send the Customer's personal data in the form of a csv file, which is a commonly used format, suitable for machine reading and allowing the received data to be sent to another personal data administrator.

  1. If the Customer exercises their rights under the above provisions, the Administrator shall comply with the request or refuse to comply with it immediately, but no later than within one month of receiving it. However, if, due to the complex nature of the request or the number of requests, the Administrator is unable to comply with the request within one month, it shall comply with it within the next two months, informing the Customer in advance, within one month of receiving the request, of the intended extension of the deadline and the reasons for it.
  2. The customer may submit complaints, inquiries, and requests to the Administrator regarding the processing of their personal data and the exercise of their rights.
  3. The customer has the right to lodge a complaint with the President of the Personal Data Protection Office in the event of a violation of their rights to personal data protection or other rights granted under the GDPR.
  • 5 Changes to the Privacy Policy
  1. The Privacy Policy may be subject to change, and the Administrator is not obligated to provide notice of such changes.
  2. Please send any questions regarding the Privacy Policy to: kamil.bielat.eml@gmail.com.
  3. Date of last modification: March 31, 2023.