Privacy Policy

I. Name and Contact Details of the Administrator

Pursuant to the Regulation of the European Parliament and Council (EU) 2016/679 of 27th April 2016, the so-called “general regulation on personal data protection (“GDPR”), the Administrator of personal data collected through the website www.stacon.pl is:
Stacon TiS Duszak sp.j. with its registered office in Kadzidło
Address: ul. Ogrodowa 5, 07-420 Kadzidło,
Phone +48 29 761 80 72
e-mail: biuro@stacon.pl
hereinafter referred to as “the Company” or “the Administrator”.

II. General Information

1. This Privacy Policy sets out how the Company collects and processes personal data of users through its website at www.stacon.pl (hereinafter “the Website”).
2. The Privacy Policy may be changed from time to time in the future. Each time any such change is introduced, a new amended version of this privacy policy shall be posted on the Website.
3. Contact with the Company in matters related to personal data processing of users through the Website is possible:
– in writing to the address given below: Stacon TIS Duszak Sp.j., ul.Ogrodowa 5, 07-420 Kadzidło;
or – by email to the address iod@stacon.pl
4. The extent of personal data processing:
– we process personal data of our users only when it is required to make our website operational and available, as well as to provide them with our content and services,
– processing of our users’ personal data by means of the Website is performed with a user’s consent exclusively,
– exception being cases where processing of users’ personal data by the Company is based on other premise than a user’s consent.
5. Legal basis for personal data processing:
– personal data are processed in compliance with the applicable laws, and with GDPR in particular;
– if we obtain consent for processing personal data from a data subject, the legal basis shall be Article 6(1)(a) of GDPR;
– when processing personal data is required for entering into a contract or performing a contract to which a data subject is a party, The legal basis shall be Article 6(1)(b) of GDPR; it also pertains to processing operations which are required to take action prior to entering into a contract;
– if personal data processing is required for meeting legal obligation imposed on the Company, the legal basis shall be Article 6(1)(c) of GDPR;
– if material interests of a data subject or other natural person require that personal data be processed, the legal basis shall be Article 6(1)(d) of GPDR;
– if processing data is necessary for securing the Administrator’s or a third party’s legitimate and justified interest, and if interests, fundamental rights and freedoms of a data subject do not take precedence over the former ones, the legal basis shall be Article 6(1)(f) of GDPR;
Data deletion and storage period
– personal data of a data subject shall be immediately deleted when the purpose for their storage has ceased to apply;
– furthermore, even when a purpose for which they were obtained has been met, they still can be stored if under generally applicable laws to which the Administrator is subject to, the Administrator still has the obligation to store these data for a period specified in the said laws;
– data shall also be deleted following the expiry of a storage period specified in the standards hereinabove;

III. Privacy Protection

1. The Company fully respects the right to privacy and personal data protection of its users.
2. The Company enables you to use its websites anonymously, however, when you contact us, e.g. with the form available on the Website, you are required to give your personal details.
3. In certain cases, users’ personal data may be transferred to third parties (data recipients) if it turns out to be required to execute the purpose of processing for which they have been obtained. However, in such situations, the Administrator is obliged to ensure that data transfer was proportional and justified by the purpose for processing.
4. If, due to the purpose of processing, it is necessary to transfer a user’s data to a third country, the Administrator shall make all efforts so that the transfer meets the requirements of GDPR in respect of ensuring a proper level of protection of natural persons’ data.
5. The Administrator, in relevant cases, may also transfer users’ personal data to public entities if under generally applicable laws the Administrator is be obliged to disclose them if they are requested by these entities. Irrespective of that, the Administrator shall make all efforts to verify if a request and the extent of data which the Administrator is obliged to disclose are justified.

IV. Making the Website Available and Creating Log Files

1. Description and extent of data processing
During each visit on our website, our system automatically collects data and information from a user’s computer system. The following data are collected:
(1) information on the type and version of a search engine used
(2) a user’s operating system
(3) a user’s Internet service provider
(4) a user’s IP address
(5) date and time of a visit
(6) websites that direct a user’s system to our website
(7) websites entered by a user’s system through our website
These data shall also be stored in log files of our system. The data shall not be stored along with other personal data of a user.
2. Legal basis for data processing
The legal basis for temporary data storage and log files shall be Article 6(1)(f) of GDPR.
3. Purpose of data processing
Temporary storage of an IP address by the system is required to deliver the website to a user’s computer. In respect of that a user’s IP address may be stored through the whole session.
Data are stored in log files to ensure proper functioning of the website. Furthermore, these data help us optimise our website and guarantee the safety of our computer systems. In this context the analysis of data for marketing purposes does not take place.
The collection of data required to make our website available and store data in log files is absolutely necessary for operating our website.
The above data processing purposes shall then be our legitimate interest making data processing valid under Article 6(1)(f) of GDPR.
4. Storage period
Data shall be deleted once they stop being useful for meeting a purpose for which they have been collected. In the case of collecting data for making the website accessible, it shall take place following the completion of a given session.
When data are saved in log files, it shall take place after 180 days at the latest.

V. Use of Cookies

1. Description and extent of data processing
Our website uses cookies. Cookies are text files stored in a search engine or by a search engine in a user’s computer system. If a user visits the website, a cookie may be saved in the user’s computer system. A cookie contains a specific string of characters allowing you to clearly identify a search engine after the website has been opened again.
We use cookies to make our website more user-friendly. Some elements of our website require information allowing the system to recognise a user’s search engine, also when he or she has changed a website. Cookies are saved and they send the following data: (1) search behaviour. On our website we also use cookies that allow us to analyse Internet users’ behaviour. In this manner, the following data can be sent: (2) searched words( 3) frequency of visits on the website(4) use of the website functions A user’s data collected in that manner are subjected to pseudonymisation with proper technical means. Therefore, matching data to a user visiting the website is not possible. These data shall not be stored together with other personal data of a user. During a visit on our website an informational bar informs a user on the use of cookies for analytical purposes, a link to this privacy policy also appears. The information will also appear how to prevent cookies from being saved in the setting of a search engine. Having opened our website, a user shall be informed on the use of cookies for analytic purposes. In respect of that a link to this privacy policy will also appear.
2. Legal basis for data processing
Legal basis for data processing with the use of cookies required due to technical reasons shall be Article 6(1)(f) of GDPR. If a user expresses their relevant consent for saving cookies on their end device as part of the settings of software installed on a device they are using, the legal basis for processing personal data with the use of cookies shall be Article 6(1)(a) of GDPR;
3. Purpose of data processing.
The use of cookies necessary from the technical point of view is to help users take advantage of the website. However, without cookies it will not be possible to deliver some services available through our website. An option of repeated identification of a search engine also after the change of a website is necessary for this purpose.
Cookies are required for the following uses : (1) saving searched terms. A user’s data gathered by cookies necessary due to technical reasons are not used for creating a user’s profile. Analytical cookies are used to improve the functioning of our website and make its content better. Analytical cookies provide information on how a user uses the website, thus ensuring continuous optimisation of our offer.
4. Storage period of cookies, possibility of withdrawing one’s consent for saving cookies.
Cookies are stored on a user’s computer. In respect of that, a user has full control over the use of cookies. A user’s consent for saving cookies in an end telecommunications device may be withdrawn at any time by changing the settings of a search engine. Cookies already saved can be deleted at any time. It may also take place automatically, following the lapse of a relevant period specified as a “life period” of a given cookie. Should the cookies on our website be deactivated, its functionality may be limited. To disable the transmission of flash-type cookies, you do not change the setting of a search engine but the settings of Flash Player.

VI. Contact Form and Communication by Electronic Mail

1. Description and extent of data processing
A contact form is available on our website and may be used for electronic communication.
Apart from data entered into the contact form, the following data are also recorded when sending a message:
(1) a user’s IP address,
(2) date and time of registration.
Prior to entering their data into the form, a user has the right to be informed upon processing of their personal data by the Administrator. For this purpose, a user may read this Privacy Policy by clicking on the link placed in the tab “Contact”.
Alternatively, they can be contacted by email specified in item I. In this case a user’s personal data sent by email shall be processed.
3. Particulars of data recipients
Recipients of a user’s data obtained with the contact form shall be entities providing IT services for the Administrator, in particular those connected with protection, administrator and IT system maintenance, as well as entities providing services connected with maintenance of the server that is used by the Administrator’s Website and electronic mail, Recipients of a user’s data may also be public entities to which the Administrator, under generally applicable laws, shall be obliged to provide the obtained data when they are requested by these entities.
4. Legal basis for data processing.
The legal basis for processing data transferred when sending emails is Article 6(1)(f) of GDPR. If contact by electronic mail is aimed at entering into a contract, then an additional legal basis shall be Article 6(1)(f) of GDPR.
5. Purpose of data processing
Personal data collected through the contact form are processed exclusively for communicating with a data subject.
6. Storage period
Data shall be deleted once they stop being useful for meeting a purpose for which they have been collected. In respect of personal data in a data entry box on the contact form and data sent by electronic mail, it shall take place when a given communication with a user has been completed. Communication is completed when it can be inferred from the circumstances that the facts in question have finally been clarified.
Personal data additionally collected during the process of sending shall be deleted in seven days’ time at the latest.

VII. Website Traffic Service Google Analytics

Privacy policy when using Google Analytics tools
This website uses Google Analytics, The service of website traffic analysis provided by Google, Inc. (“Google”). Google Analytics uses the so-called cookies i.e. text strings placed on a user’s computer for the website to be able to analyse how users use the website. Information generated by cookies on how a user uses the website (along with their IP address) shall be transferred to Google and stored by the company on its servers in the United States. Where anonymisation of an IP address has been activated on the website, an IP address is however shortened by Google for computers located in the territory of Member States of the European Union and in the territory of other membership countries of the European Economic Area (EEA). In exceptional cases only an IP address will be sent in full to the server of Google in the United States and there shortened. At the commission of the operator of the website, Google will use this information to assess how a user uses the website, generating reports pertaining to traffic on websites for website operators and providing other services pertaining traffic on websites and the use of the Internet. Google shall not combine a user’s IP address with any other data it keeps. A user may resign from cookies, by selecting relevant settings in their search engine; however, you must be that in this case you will not be able to use all functions of the website. You can also block registration of data saved by cookies pertaining to the use of the website by users directly by Google. A plug-in to a search engine available at the following address should be downloaded and installed for this purpose. Google Optout link.
Moreover, you can prevent registration by clicking on the link below. This sets the cookie of resignation and disables future data collection when you visit the website
Deactivate Google Analytics
More information on the terms of use and privacy is available at www.google.com/analytics/terms/pl.html. We also emphasize that on the website, Google Analytics has been extended with the code “anonymizelp” to ensure anonymous detection of IP addresses (i.e. IP masking).
The Administrator shall ensure a proper level of a user’s personal data protection sent to Google with its registered office in the United States compliant with GDPR. Within this extent transfer of data is based on the EU-US Privacy Shield that protects personal data submitted to entities certified by the Department of Commerce of the United States and entered in the list available at https://www.privacyshield.gov/list

VIII. Use of the Company’s Contact Date Available in the Tab “Contact”

1. Purpose of data processing
Personal date of persons using the Company’s contact data collected by the Administrator in respect of correspondence received from a data subject shall be processed to communicate with a data subject.
2. Legal basis for data processing
Legal basis for processing personal data of correspondents shall be Article 6(1)(f) of GDPR; i.e. the execution of the Administrator’s lawfully justified interests.
3. Particulars of data recipients
Recipient of correspondents’ personal data shall be entities having business cooperation with the Administrator to whom disclosure of correspondents’ personal data will be necessary to execute the purpose of processing. In particular, they will be businesses providing postal services for the administrator. Correspondent’s personal data may also be disclosed to other entities, including public entities if under provisions of generally applicable laws the Administrator is obliged to disclose the obtained personal data to these entities.
4. Data storage period
Personal data of correspondents shall be stored through a period required to execute the purpose for which they have been obtained. Further, the execution of a purpose of data processing shall be understood as completion of communication with a data subject. Communication shall be deemed completed if based on a factual state, it can be concluded that the circumstances related to correspondence have been finally and completely clarified.

IX. Data Subjects’ Rights

1. Any person who have provided their personal data to the Company has the right to request:
a. access to their own personal data under Article 15 of GDPR i.e. to obtain confirmation from the Company whether it processes personal data and the right to get access to these data (including their copy), as well as, in particular, to the following information:
– purposes of data processing,
– categories of data processing,
– recipients or categories of recipients to whom the Company has disclosed or intends to disclose data,
– the possibility of exercising rights in respect of personal data processing and how they can be exercised,
– the right to make a complaint to the supervisory body,
– on the process of automated decision making, including profiling, as well as on its consequences;
b. data correction under Article 16 of GDPR, i.e. to request the Company to correct incorrect personal data immediately and to request that incomplete date be supplemented;
c. data deletion under Article 17 of GDPR, i.e. to demand the Company to delete personal data (known also as “the right to be forgotten”). The Company is obliged to delete personal data provided that one of the following conditions has been met:
– personal data are already not necessary for purposes for which they have been collected,
– a consent on which processing is based has been withdrawn and no other legal basis for processing exists,
– personal data have been processed against the law,
– personal data must be deleted to meet a legal obligation. The right to delete personal data may not be executed among others, in the case where the Company is obliged under applicable laws to further process personal data in an extent set out in relevant laws or for purposes necessary to establish, pursue or defend claims;
D. limit data processing, under Article 18 of GDPR, i.e. to demand the Company to limit personal data processing in the following cases:
– a user questions the correctness of personal data processed by the Company,
– personal data processing is against the law, and data deletion has been objected to,
– the Company does not require personal data any more, but they are necessary for a user to establish, pursue or defend claims. In the case of exercising the right for limitation of personal data processing, the Company may process personal data, except for their storage, exclusively with a consent or in order to establish, pursue or defend claims or to protect another natural or legal person’s rights or due to an important public interest;
e. raise an objection:
– towards processing under Article 21(1) of GDPR i.e. The right of objection at any time to data processing based on the Company’s lawfully justified interest (i.e. pursuant to Article 6(1)(f) of GPDR). In this situation the Company may not be able to further process data for these purposes unless there are lawfully justifiable grounds or data are necessary for the Company to pursue claims. You are not entitled to the right of objection towards data processing when:
• personal data processing takes place based on a consent – in this situation then a consent may be withdrawn,
• data processing is necessary to perform a contract,
• data processing is necessary for meeting a legal obligation by the Company;
– towards data processing, irrespective of the legal basis for direct marketing under Article 21(2) of GDPR. In this situation the Company shall not process data for this purpose;
F. data transfer under Article 20 of GDPR i.e. to receive personal data submitted to the Company in a structured, commonly used format, and a request to send these data to another data administrator if it is technically feasible. You are entitled to this right if and when:
– data processing is automated,
– data are processed based on a consent or pertaining to a contract.
2. The rights referred to in Subclause 1 above may be exercised by sending a relevant request:
– in writing to the address given below: Stacon TIS Duszak Sp.j., ul.Ogrodowa 5, 07-420 Kadzidło or
– by email to the address iod@stacon.pl
3. By exercising your rights, please remember that the execution of your request may require the identification of your identity so that your data do not reach an unauthorised person.
4. Within one months as of receiving your request, the Company shall let you know what actions have been taken concerning your notification. If need be, the date for execution of your request may be extended by another two months due to a complicated nature of the request or a number of filed requests.
5. Should your request turn out to be unjustified or excessive, in particular due to its repeated nature, the Company may charge an additional fee for processing your request or refuse to take any action concerning the request.
6. Should you decide that personal data processing by the Company violates legal provisions, you have the right to make a complaint to the relevant supervisory body.