- Administrator danych
The administrator of the personal data is: Mieczysław Wołoszyn conducting business under the name Mieczysław Wołoszyn “Wołoszyn” with its registered office in Warsaw (03-307), 35 Gersona Street, premises 3, NIP: 5240013884, REGON: 010455678, hereinafter referred to as “Entrepreneur”.
Contact telephone number: (+48) 22 811 04 47
Website address: http://sklep.woloszyn.com.pl/ and http://woloszyn.com.pl/ - General provisions
An entrepreneur attaches particular importance to protecting the privacy of customers, contractors and employees. One of its key aspects is the protection of the rights and freedoms of individuals in connection with the processing of their personal data.
This privacy policy sets out the principles for the processing and protection of personal data obtained by the Entrepreneur in connection with its operations on ordinary and sensitive data.
The data controller is responsible for the security of the personal data provided and its processing in accordance with the law, in particular with the Personal Data Protection Act of 10 May 2018. Journal of Laws. 2018, item 1000, and the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, and the provisions implementing them (in particular those contained, inter alia, in the Labour Law or the Accounting Act).
As a data controller within the meaning of Article 4(7) of the RODO, we ensure that appropriate technical and organisational measures are in place to ensure a level of security appropriate to the potential risk of infringement of the rights or freedoms of natural persons of varying probability and severity. We also develop policies and procedures and organise regular training to improve the knowledge and competence of our lawyers in this area.
We also use the services of data processors referred to in Art. 4 pt. 8 RODO, which process personal data on behalf of the controller (e.g. accounting companies, IT companies, external experts). - Categories of personal data processed by the Entrepreneur and purposes of processing
In accordance with this privacy policy, in compliance with the applicable data protection legislation and, in particular, with the technical and organisational measures and security measures and, for the purposes set out below, the Entrepreneur processes the following data of the subjects from whom they have been collected:-
- Execution of contracts and issuing of invoices:
a) Name of company/name and surname
b) Registered office address/place of residence
c) Company’s NIP/PESEL
d) Contact telephone numbers
e) E-mail addresses
f) Names of persons authorised to issue invoices,
g) Password - Payroll and personnel archiving:
a) First name
b) Surname
c) PESEL
d) Residence address
e) Telephone
f) Bank account number - Archiving of accounts:
a) KRS
b) NIP
c) REGON
d) Company address
e) Number of the bank account to which we make payments of liabilities
f) Telephone number
g) E-mail address - Archiving of contractor data:
a) KRS
b) NIP
c) REGON
d) Address
e) Account number
f) Phone number
g) E-mail address - Archiving of data of representatives:
a) First name
b) Surname
c) Telephone
d) E-mail address - Subscription to a newsletter or filling in a form – based on the consent obtained from the data subject:
a) Email address
b) First and last name
c) Company name
d) Telephone number
- Execution of contracts and issuing of invoices:
As an employer, we process the data of employees and persons who cooperate with us on a basis other than an employment relationship only for the purpose of fulfilling contracts.
The data in section 6 are processed only with the consent of the persons from whom they originate. -
- Purposes and legal basis of the processing
– Sending newsletters and commercial information (based on consent and data provided by site visitors – Article 6(1)(a) of the RODO),
– Automated processing including profiling,
– Marketing and promotional purposes, where you have consented to the use of your data for these purposes (legal basis – Article 6(1)(a) of the RODO – “consent”),
– Entering into and performing contracts (legal basis – Article 6(1)(b) of the RODO) – “performance of the contract”, – the provision of data is necessary in order for us to enter into and take action in relation to the performance of the contract,
– Contacting contractors which is the Administrator’s legitimate interest (legal basis – Article 6(1)(f) RODO),
– Settlement of sales (article 6.1 c RODO),
– Answering a question asked via the contact form (based on consent and data provided by site visitors – Article 6(1)(a) of the RODO),
– To issue and store invoices and accounting documents (Article 6(1)(c) of the DPA),
– Advertising (Article 6(1)(c) of the DPA),
– Archiving (Art. 6(1) c RODO),
– Conclusion and execution of an employment contract (legal basis – Article 6(1)(b) RODO),
– Sending commercial offers to contractors and customers, which is the legitimate interest of the Administrator (legal basis – Article 6(1)(d) RODO),
– Contacting customers, which is the legitimate interest of the Administrator (legal basis – Article 6(1)(f) RODO),
– Carrying out statistical analysis and subject to automated processing (which is the Administrator’s legitimate interest – legal basis – Article 6(1)(f) RODO). - Information on data recipients
The recipients of the data are only authorised persons working inside the Entrepreneur’s business, e.g. advisers, assistant advisers, lawyers, translators, computer graphic designer and project coordinator, as well as external entities cooperating with the Entrepreneur on the basis of various agreements and relevant provisions on personal data protection (e.g. on the basis of concluded agreements on the entrustment of processing), e.g. an accounting company, external experts, entities providing IT support for the office and the website.
We ensure that any person acting under our authority who has access to your personal data processes it only on our instructions, unless otherwise required by Union or Member State law. - Data subjects’ rights under the RODO
In accordance with the information obligations under the RODO, the controller shall inform data subjects of the controller’s rectification, erasure and restriction of processing. Each data subject has the following rights:
(a) Rectification – the possibility to request the immediate rectification of data and the completion of incomplete data by providing an additional statement,
b) Objection to processing – which is the data subject’s right to object to further processing on grounds relating to his/her particular situation (concerns only Article 6(1)(e) and (f) RODO),
c) Erasure or restriction of processing – the right to request the immediate erasure of the data of the data subject by the controller pursuant to Article 17 ROD, and the right to request the restriction of processing in the cases mentioned in Article 18 RODO,
d) Data portability – the right to receive personal data concerning him/her in a structured, commonly used and machine-readable format and to transmit such data to another controller,
e) To lodge a complaint with a supervisory authority – every data subject has the right to lodge a complaint if they consider that the processing of personal data concerning them violates the RODO,
f) To withdraw consent at any time – without affecting the lawfulness of the processing carried out on the basis of consent, especially with regard to the processing and publication of the image by the Administrator,
g) The data subject’s right of access – the right of data subjects to request access, information, and confirmation from the Controller as to whether personal data concerning them are being processed,
h) To be informed of a personal data breach incident,
i) Not to be subject to a decision based solely on automated processing (including profiling),
j) To be informed on request – about whether data is being processed and other matters set out in Article 15 of the RODO, including the right to a copy of the data,
k) The so-called “right to be forgotten” – at the request of persons who so wish, their data will have to be deleted immediately from the controller’s systems. - Principles and grounds for data processing
We take care to protect the interests of data subjects, and in particular ensure that data is:
processed lawfully, fairly and in a manner transparent to the data subject;
collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes
adequate, relevant and limited to what is necessary for the purposes for which they are processed;
accurate and, where necessary, kept up to date; we take steps to ensure that personal data which are inaccurate in light of the purposes for which they are processed are erased or rectified without delay
kept in a form which permits identification of the data subject for no longer than is necessary for the purposes;
processed in a way which ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction.
We process some data on the basis of consent, which can be withdrawn at any time. Another case is where the processing is necessary for the performance of a contract to which the personal data subject is a party or to take action at the request of the personal data subject, even before the conclusion of the contract.
In some situations, the processing is necessary for the purposes of complying with a legal obligation incumbent on the controller. Such obligations arise, for example, under the Labour Law or the Accounting Act.
Processing may also be necessary for purposes arising from our legitimate interests, an example of which is the assertion of claims from our business activities. - Time limit for complying with the request
We will endeavour to provide information without undue delay – in principle within one month of receipt of the request. If necessary, we will extend this period by a further two months due to the complexity of the request or the number of requests. However, in any case, within one month of receipt of the request, we will inform you of the action taken and (where applicable) of the extension and the reason for this delay. - Subcontractors/processors
If we work with entities that process personal data on our behalf, we only use such processors that provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the RODO and protects the rights of data subjects.
We check in detail the entities to which we entrust the processing of your data. We enter into detailed agreements with them, and we perform periodic checks on the compliance of the processing operations with the content of such agreement and the provisions of law.
Data is disclosed to third parties only with your consent or when we are obliged to do so by law. This means, among other things, that the entrustment of data processing takes place on the basis of a processing entrustment agreement compliant with RODO.
External entities cooperate with the Entrepreneur on the basis of various agreements and relevant provisions on the protection of personal data (e.g. on the basis of concluded agreements on the entrustment of processing), e.g. an accounting company, external experts, entities providing IT support for the office and the website. - How we take care of the processing of your data
To meet the requirements of the law, we have developed a security and privacy policy (this policy) – detailed procedures covering issues such as:
data protection by design and data protection by default,
Data Protection Impact Assessment,
breach notification,
logging of data processing activities,
data retention,
exercise of data subjects’ rights,
We regularly review and update our documentation to be able to demonstrate compliance with the law in accordance with the principle of accountability formulated in the RODO, but also, out of concern for the interests of data subjects, we strive to incorporate best market practices. - Data retention
We keep personal data in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed. After such a period, we either anonymise (de-identify) or erase the data. The deletion of personal data is complete and permanent. In the retention procedure we ensure:
limiting the storage period of personal data to a strict minimum,
setting a deadline for deletion of personal data and criteria for setting this deadline or periodical review.
We determine the period of data processing primarily on the basis of legal regulations (e.g. the time of storing employee records, accounting documents), as well as the justified interest of the controller (e.g. marketing activities). The retention policy covers both data processed in paper and electronic form. - Data transfer
Please be informed that the data will not be transferred to countries outside the European Economic Area. Data processing will take place only in the territory of Poland. Data shall also be transferred to third parties other than those listed in the categories of recipients. - Means of contact
We provide information in writing or by other means, including, where appropriate, electronically. We may also provide information orally upon request, provided that we otherwise confirm your identity. Where a request is made electronically, information will also be provided electronically where possible, unless another preferred form of communication is indicated.
Contact telephone number: (+48) 22 811 04 47
In order to contact us regarding the exercise of a given right, or in other matters related to the processing of personal data by the Entrepreneur, send a message to the following address: - Cookies
Please be advised that the Entrepreneur collects cookies – see cookies policy for more information.