Privacy policy and cookie policy

 

GENERAL INFORMATION

 

  1. The privacy policy and the cookie policy (hereinafter referred to as “the Policy”) shall specify the principles regarding the processing of personal data of the users (hereinafter referred to as “the Users”) as part of web services owned by FORMASTER S.A.: formaster.com, dafi.pl, seeyoo.pl, blog.dafi.pl, salon.dafi.pl, ogrzewacze.dafi.pl, dafi.info, hex-r.pl, filtrujetestuje.pl, wodazmagnezem.pl, dafi-heaters.com, dbamosmak.pl, jakdwiekrople.pl, dafi-heaters.com, dafisystems.pl, as well as the mobile application “Moje Dafi” [My Dafi] (hereinafter referred to as “the Websites”) and other listed categories of people, as well as specify the manner in which the Websites utilize cookie files.
  2. The Websites indicated along with their www address in point I of the Policy belong to and are managed by FORMASTER S.A. seated in Kielce, ul. Fabryczna 24, 25 – 818 Kielce, registered in the registry of entrepreneurs of the National Court Register managed by the District Court in Kielce, the 10th Commercial Division of the National Court Register, under KRS number 0000080942, with share capital of PLN 9,313,000.00 paid in full, NIP (Tax ID no.) 9590122245, REGON (National Business Registry Number) 290670483. Contact details:
    1. Address: ul. Fabryczna 24, 25-818 Kielce
    2. E-mail address: [email protected]
    3. Number of free hotline of the Customer Service: 800 703 048

 

  1. Definitions:
    1. Personal data – shall stand for information on an identified or identifiable natural person (“person that the data refer to”); an identifiable natural person is a person that can be directly or indirectly identified, particularly on the basis of an identifier such as name and surname, identification number, details on location, Internet identifier, or one or several factors describing the physical, physiological, genetic, mental, economic, cultural, or social identity of a natural person.
    2. GDPR – Regulation of the European Parliament and the Council (EU) 2016/679 dated 27 April 2016 on protection of individuals with regard to processing of personal details and on the free movement of such data and repeal to Directive 95/46/EC.
    3. Website – the Internet website within the formaster.com or dafi.pl domain or other domains specified in this privacy policy.
    4. Application – the mobile application of the Service Provider called “My Dafi”.
    5. User – every natural person visiting the Service, using the Application or using one or several services or functions offered by the Administrator.

 

RULES OF THE PROCESSING OF YOUR PERSONAL DATA

 

  1. The Administrator of your personal data shall be FORMASTER S.A. seated in Kielce, ul.  Fabryczna 24, 25 – 818 Kielce, registered in the registry of entrepreneurs of the National Court Register by the District Court in Kielce, the 10th Commercial Division of the National Court Register under KRS number 0000080942, with a share capital of PLN 9,313,000.00 paid in full, NIP (Tax ID no.): 9590122245, REGON (National Business Registry Number): 290670483 (hereinafter referred to as “the Administrator”).
  2. The type of data, purpose and legal grounds for its processing depends on the relationship between you and the Administrator. Your personal data shall be processed in the following situations:
    1. You are a user of the Websites or the Application;
    2. You are a current or potential customer, supplier or seller of the Administrator or work for them;
    3. You are a guest visiting one of the Administrator’s websites;
    4. You are a person who subscribed to one of our newsletters;
    5. You are a person who “liked” or otherwise connected their profile with the Administrator’s profile on social media;
    6. You are a candidate to work at the Administrator’s company;
    7. You participate in events organized by the Administrator.

     

    INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR USERS OF WEBSITES MANAGED BY THE ADMINISTRATOR

     

    In this case, your data shall be processed for the following purposes:

     

    1. Name, surname, contact details (phone no., e-mail address), address details and other data will be necessary to initiate, shape contents, perform, change or terminate any agreements concluded between the Administrator and the User, including particularly the agreement covering the use of the Application, the agreement connected with placing an order via the Online Store, or another agreement concerning services rendered in favor of the User through electronic means as part of the Website i.e., under Art. 6 section 1 letter b) of the GDPR;
    2. Name, surname, contact details (phone no., e-mail address), address details in relation to the use of the Online Store and the application “My Dafi” shall be processed for purposes necessary to perform legal obligations imposed on the Service Provider, particularly those arising from the act of 12 July 2002 on provision of services by electronic means and from regulations of tax law and regulations on accounting i.e., under Art. 6 section 1 letter c) of the GDPR;
    3. Name, surname, contact details (phone no., e-mail address) can be also processed for purposes arising from legally justified interests realized by the Administrator, in particular:
      1. conducting marketing of products and services by the Service Provider during the period of the agreement concluded with the User;
      2. conducting analyses of Users’ activity as well as their preferences and ensuring efficient functioning of the Service;
      3. pursuit and protection against eventual claims arising from concluded agreements;
      4. providing answers to the question stated via the contact form on the Website – under Art. 6 section 1 letter f) of the GDPR.
    4. Name, surname, contact details (phone no., e-mail address) for purposes compliant with a voluntary consent you gave for the processing of your personal data, among others, when you join loyalty programs or give consent to participate in competitions and marketing activities (indicated precisely in the terms and conditions concerning a particular competition or marketing activity) i.e. under Art. 6 section 1 letter a) of the GDPR.

     

    INFORMATION ON PROCESSING OF PERSONAL DATA OF CURRENT OR POTENTIAL CUSTOMERS, SUPPLIERS OR SELLERS OF THE ADMINISTRATOR OR AN EMPLOYEE THEREOF:

     

    In this case, your data shall be processed for the following purposes:

     

    1. Name, surname, contact details (e-mail and phone no.), workplace and position – in order to perform an agreement or take action upon the request of persons submitted prior to conclusion of the agreement i.e. under Art. 6 section 1 letter b) of the GDPR;
    2. Name, surname, contact details (e-mail and phone no.), workplace – in order to protect and pursue claims remaining in connection with a concluded agreement or request of a person submitted prior to the conclusion of the agreement i.e., under justified interests of the Administrator referred to in Art. 6 section 1 letter f) of the GDPR;
    3. Name, surname, contact details (e-mail and phone no.), workplace – in order to allow the Administrator to fulfil and comply with imposed legal obligations imposed i.e., under Art. 6 section 1 letter c) of the GDPR.

     

    INFORMATION ON THE PROCESSING OF PERSONAL DATA OF GUESTS VISITING ONE OF THE WEBSITES MANAGED BY THE ADMINISTRATOR:

     

    In this case, your data shall be processed for the following purposes:

     

    1. Data included in Cookie files (more about the Cookie Policy – read below) shall be processed under a justified interest of the Administrator i.e. distribution of Internet websites on the Internet by the Administrator, ensuring their safety and collection of basic statistics – pursuant to Art. 6 section 1 letter f) of the GDPR;
    2. The above-mentioned data shall also be processed under Art. 6 section 1 letter b) of the GDPR in relation to rendering of services via electronic means by allowing visiting and use of the Administrator’s Internet websites;
    3.  The data integrated into Cookie files are also processed under the conscious and voluntary consent of the user, Art. 6 section 1 letter a) of the GDPR.

     

    INFORMATION ON THE PROCESSING OF PERSONAL DATA FOR USERS OF NEWSLETTERS:

     

    In this case, your data shall be processed for the following purposes:

     

    1. Name, surname, e-mail address, phone no. and other data you provided – to allow the Administrator to provide you with informative contents in form of a newsletter i.e. under the Administrator’s justified interest that has been referred to in Art. 6 section 1 letter f) of the GDPR; You have expressed interest in the above-mentioned information by subscribing to a selected newsletter.

     

    INFORMATION ON THE PROCESSING OF PERSONAL DATA OF USERS WHO ASSOCIATED THEIR PROFILE WITH THE ADMINISTRATOR’S PROFILE ON SOCIAL MEDIA:

     

    In this case, your data shall be processed for the following purposes:

     

    1. Name, surname, e-mail address, profile name on the portal and other data you provided according to the privacy policy on a specific portal – to purpose of the processing will be to providing information on conducted activities by the Administrator and promotion of services rendered by the Administrator i.e., under the Administrator’s justified interest that has been referred to in Art. 6 section 1 letter f) of the GDPR;
    2. Name, surname and contact details – in order to pursue claims or protect against claims within the scope in which such claims might arise due to your activity on social websites i.e., under the Administrator’s justified interest specified in Art. 6 section 1 letter f) of the GDPR;

     

    INFORMATION ON THE PROCESSING OF PERSONAL DATA OF CANDIDATES WHO PARTICIPATE IN THE RECRUITMENT PROCESS:

     

    In this case, your data shall be processed for the following purposes:

     

    1.  Information collected under Art. 221 of the Labor Code (i.e. name and surname, date of birth, contact details, education, professional competences, history of employment) shall be processed for the purpose of the ongoing recruitment process. In this case, the grounds for the processing shall be Art. 221 of the Labor Code.
    2. Information other than the one specified in letter a. above that you provided in your curriculum vitae and the cover letter shall be processed under your consent i.e., under Art. 6 section 1 letter a) of the GDPR;
    3. Information other than the one mentioned in letters a. and b. above, collected during the interview, shall be processed under the Administrator’s justified interest, namely verification of skills and fitness for work on a specific position i.e., Art. 6 section 1 letter f) of the GDPR;
    4. Name, surname, contact details (e-mail and phone no.) – in order to pursue claims or protect against claims within the scope in which such claims might arise in relation to the ongoing recruitment i.e., under the Administrator’s justified interest specified in Art. 6 section 1 letter f) of the GDPR.

     

    INFORMATION ON THE PROCESSING OF PERSONAL DETAILS OF PEOPLE PARTICIPATING IN EVENTS ORGANIZED BY THE ADMINISTRATOR:

     

    In this case, your data shall be processed for the following purposes:

     

    1. Name, surname, contact details (e-mail and phone no.), workplace – in order to perform an agreement concluded in relation to your acceptance of the terms and conditions of participation in an event organized by the Administrator i.e., under Art. 6 section 1 letter b) of the GDPR;
    2. Name, surname, contact details (e-mail and phone no.) – in order to pursue claims or protect against claims within the scope in which such claims might arise in relation to performance of an agreement i.e., under the Administrator’s justified interest specified in Art. 6 section 1 letter f) of the GDPR;
    3. Name, surname, contact details (e-mail and phone no.), workplace – in order to collect statistics and for archiving data on organized events i.e., under the Administrator’s justified interest referred to in Art. 6 section 1 letter f) of the GDPR.

 

 

  1. Duration of processing and storage of personal data:
    1. The data concerning an order placed via the Online Store shall be processed as long as it is needed in order to realize the order as well as according to tax and accounting regulations.
    2. The data required for performance of an agreement that you are a party of or to undertake action upon your request prior to the conclusion of an agreement shall be processed for the duration of the agreement and, after that period, for the period of prescription of possible claims and according to tax and accounting regulations and other commonly applicable provisions of law.
    3. Other data, provided that they are processed based on your consent, shall be processed until the consent for processing is revoked. The consent for processing of personal data can be revoked at any moment. Revocation of the consent to processing of personal data is made by submitting such a request to the following e-mail address e-mail [email protected] or by sending such a request to the Administrator’s address. Revocation of the consent shall not affect the lawfulness of processing performed under a previously given consent.
    4. Any data the processing of which is necessary to fulfil a legal obligation imposed on the Company shall be processed for the period specified in commonly applicable provisions of law.
    5. Any data the processing of which is required for the realization of legally justified interests of the Administrator or by a third party shall be processed for a period that will not be longer than necessary for the purposes for which such data is processed or until an objection regarding the processing of personal data is submitted as to its further processing for the said purposes for reasons concerning your situation, unless the Administrator proves the existence of important and legally justified grounds for the processing which are precedent to your interests, rights, freedoms or grounds for determination, pursuit or protection of claims.

 

  1. Obligation to provide personal data:
    1. The personal data processed under your consent shall be provided voluntarily. No provision of such data, however, shall make it impossible to render services, if a consent is required for the rendering of services.
    2. Personal data necessary for the conclusion, performance of the agreement / realization of the order or data necessary to perform action upon your request shall be voluntary. No provision of data can, however, make it impossible to conclude, perform the agreement / realize the order or perform action upon your request.
    3. Personal data necessary to fulfill a legal obligation imposed on the Administrator shall be considered a statutory requirement.
    4. Personal data processed for purposes arising from legally justified interests of the Administrator or by a third party are voluntary. However, no provision of such data will make it impossible to realize purposes arising from legally justified interests of the Administrator or by a third party.

 

  1. Rights attributable in relation to the processing of personal data:
    1. You shall have the right to access your personal data, including the right to receive a confirmation whether the data is processed and, if applicable, the right to gain access to such data and receive a copy of the processed personal data.
    2. You shall have the right to make corrections to personal data, which covers the right to order the Administrator to correct one’s personal data that are incorrect.
    3. You shall have the right to remove personal data.
    4. You shall have the right to restrict the processing of personal data.
    5. You shall have the right to transfer data through the right to receive data and send them to another administrator or to request, if technically possible, to have such data sent directly to another administrator – within the scope of data processing under your consent and for purposes required to perform the agreement and process data in an automatic manner.
    6. You shall have the right to object to the processing of personal data within the scope of data for purposes arising from legally justified interests realized by the Administrator under Art. 6 section 1 letter f) of the GDPR, unless the Administrator proves the existence of important legally justified grounds for the processing, where such grounds are precedent to interests, rights, and freedoms of the person that the data refer to or grounds to determine, pursue, or protect claims.
    7. You shall have the right to submit a complaint to the supervisory authority within the scope of protection of personal data – the President of the Office of Personal Data Protection, should you decide that the processing is unlawful.

 

  1. The exercise of rights attributable in relation to the processing of personal data:
    1. Every natural person (hereinafter referred to as the “the Requestor”) shall have the right to submit to the Administrator a request (hereinafter referred to as “the Request”) for execution of rights indicated in Section V above.
    2. Requests shall be proceeded subject to the GDPR regulations, which means that in situations referred to in the GDPR, Requests might not be attributable to the data subject or they will be realized subject to a fee in order to cover the costs of execution.
    3. The Request must be submitted by sending it to the following e-mail address: [email protected] or the Administrator’s address: ul. Fabryczna 24, 25-818 Kielce.
    4. If the Administrator does not process the data of the Requestor (excluding processing of personal data for the purposes of the request as such), the Requestor shall be immediately notified about it and their data shall be removed without delay.
    5. Immediately after receipt of the Request, the Administrator shall inform the Requestor about the receipt and shall include this information in their records.
    6. The Administrator shall have the right to verify the Requestor’s identity. In the case of lack of a successful verification of the Requestor’s identity due to reasons attributable to the Requestor, the Administrator shall not be able to realize the Request, which the Requestor shall be immediately informed about.
    7. In case of submission of a Request and the eventual proper verification of the Requestor’s identity, the Administrator shall provide the Requestor with a reply within maximum one (1) month from the date on which the Request was received. In case of objectively complicated situations, when the reply will require a lot of effort on the Administrator’s side, the above-mentioned deadline might be extended to two (2) months and the Requestor shall be immediately informed about it.
    8. The legal realization of the access to the Requestor’s data shall involve indicating by the Administrator the data subjected to the processing, to the extent for which the Requestor submitted the request, and on the purpose of data processing, category of personal data, recipients or categories of recipients that the data have been or will be disclosed to, if possible – on the planned period for which personal data will be stored, on automated decision-making (including profiling and crucial information on the rules for making such decisions), the significance and expected consequences of the data processing, the right to demand that the Administrator rectifies, removes or limits the processing of personal data and to submit an objection to such processing, on the source of collection of personal data and the right to submit a complaint to the supervisory authority. Moreover, the Administrator shall enclose to the reply a copy of personal data concerning the Requestor in a commonly known and available formats that are machine-readable.
    9. Complaints connected with the performance of the said procedure should be submitted in writing to the following e-mail address [email protected] or to the Administrator’s address ul. Fabryczna 24, 25-818 Kielce. The complaint shall be considered immediately but not later than within 7 (seven) days from the date of its delivery and the Requestor shall be immediately informed about it. The Requestor shall also be informed on the receipt of the complaint. Moreover, the Administrator shall include the information regarding the complaint in relevant records.

 

  1. Other:
    1. For realization of marketing actions, the Administrator shall, in some cases, utilize profiling. Profiling shall be understood as automated processing of data obtained by the Administrator, performed in order to assess the selected aspects regarding natural persons to analyze them and prepare projections for the future.
    2. The Administrator shall not transfer your personal data to Third Countries (i.e. outside the European Economic Area) or outside international organizations.

 

 

COOKIE POLICY

 

  1. The Administrator uses cookie files and other similar mechanisms for marketing purposes, including as a method of displaying advertisement in other places on the Internet.
  2. A cookie file is a text file that is generated automatically by the web browser when you visit a website. They are used to gather information on how you use the website, which helps in improving its functionality and adjusting the displayed contents or offering help.
  3. You can change the cookie settings at any time. Unchecking specific cookie files shall be considered as withdrawal of consent and, consequently, the Administrator shall not process your data in that particular scope.
  4. Types of used cookie files and other mechanisms:
    1. Technical cookie files. Such files are required for the proper functionality of the Online Store. They facilitate the optimization of the website, ensure your safety during the use of the Online Store, save the consents you gave and maintain the session. If you turn those files off, the Online Store will not work.
    2. Analytical cookie files. Those files improve the functioning of the Websites and measure the efficiency of undertaken marketing actions. Collected information forms collective statistics and analyses that allow understanding the way the Website is used and improving it.
    3. Marketing cookie files. Those files are used to adjust the contents and form of advertisements displayed both by the Website as well as in other places on the Internet.
  5. Duration of processing and storage of data:
    1. In case of session cookies, such files shall be stored on your device until you leave the Website or turn off the web browser.
    2. In the case of persistent cookies, such files will be stored on your device for a specific period or until they are manually deleted.
  6. Types of data collected with cookie files:
    1. Cookie files and other similar mechanisms we use only collect your anonymous statistical data which are used to improve the Website and for marketing purposes.
    2. The Website does not use the cookie files or similar mechanisms to collect data that would allow identifying you. The only information about the user is the IP address that, without other data, is insufficient for their identification. When the Company transfers your IP address, it is impossible to identify you.
  7. Changing the settings of cookie files:
    1. At any time, you can make changes in the scope of settings concerning the cookie files.
    2. Changes in the scope of cookie files settings is also possible by changing the settings of the web browser. Detailed information on possibilities and methods of making changes in cookie files settings for particular web browsers can be found here:
      1. Google Chrome https://support.google.com/chrome/answer/95647?hl=pl;
      2. Mozilla Firefox https://support.mozilla.org/pl/kb/ciasteczka
      3. Opera http://help.opera.com/Windows/12.10/pl/cookies.html
      4. Safarii https://support.apple.com/pl-pl/guide/safari/sfri11471/mac.
      5. Microsoft Eage https://support.microsoft.com/pl-pl/microsoft-edge/znajdowanie-narz%C4%99dzi-lub-opcji-internetowych-w-microsoft-edge-ad9e7a98-5a3b-d5e1-1c2f-ecf0f69efe31
      6. Internet Explorer https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies;

 

MISCELLANEOUS

 

  1. Any events that affect the safety of your personal data within the scope of use of the Websites can be notified to the address [email protected] or sent to the Administrator’s address: ul. Fabryczna 24, 25-818 Kielce.
  2. The Administrator shall reserve the right to disclose selected information and your personal data to proper authorities or third parties that request the provision of such information / personal data based on legal grounds and in accordance with applicable regulations of law.
  3. Except for situations indicated in this Policy, personal data shall not be disclosed to any third parties or authorities without the consent of the data subject.

 

Privacy policy and cookie policy – PDF