We are at your disposal | Mon–Fri 8:00–17:00 | Sat 8:00–12:00

Phone +48 77 451 98 88 hurt@latexopony.eu
Register at xpartner Log in
LG
EN
PL
Go to xpartner Log in
xpartner

Privacy and Cookies Policy of the website www.latexopony.pl
Last updated: ………………………

This Privacy and Cookies Policy governs the processing of personal data and the use of cookies on the website www.latexopony.pl operated by LATEX OPONY Sp. z o.o. with its registered office in Opole, ul. Krapkowicka 21, 45-760 Opole, KRS: 0000955942, NIP: 7543058869, REGON: 161436072 (hereinafter referred to as the “Controller”, “we”).

We process data in accordance with the GDPR, the Personal Data Protection Act, and other applicable laws.

§1. Definitions
Website – the website www.latexopony.pl.
User – a natural person visiting the Website or using its functionalities. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
Personal data – any information relating to an identified or identifiable natural person.
Controller – the entity specified in the introduction to this document, responsible for the processing of personal data.
Cookies – text files stored on the User’s end device, enabling, among other things, remembering User preferences and maintaining statistics.

§2. Controller’s Data
Contact with the Controller is available at:
Correspondence address: ul. Krapkowicka 21, 45-760 Opole
Email: sekretariat@latexopony.pl
Telephone: +48 77 451 98 00

§3. Scope of personal data processed
The Controller may process, among other things: identification data, data regarding the device and activity on the Website, data regarding the use of contact and complaint forms, and other functionalities of the Website.

§4. Purposes and legal basis of processing
The Controller may process the following categories of personal data and information concerning Users:

1) information about the User’s device to ensure the correct provision of services: computer IP address, domain name, information contained in cookies or other similar technologies, session data, browser type and data, operating system type, device data, and activity data on the Website, including individual subpages;

2) geolocation information, if the User has consented to the Administrator’s access to the User’s geolocation; geolocation information is used to provide information and offers more tailored to the User’s needs and capabilities;

3) Users’ personal data: first name, last name, email address, telephone number, and mailing address, which the Administrator requires to contact the Administrator or its representatives via the electronic form available under the “Contact” tab and the procedures established therein, or for the purposes of initiating and conducting the complaint process described in the Terms and Conditions.

Although not all information may be considered Users’ personal data, due to the fact that it may be classified as such when combined with other information, the Administrator provides it with the full protection afforded to personal data under the GDPR.

Personal data may be processed for the following purposes and on the legal bases indicated below:

1) for the conclusion and performance of a contract for the provision of electronic services (legal basis – Art. 6, paragraph 1, letter b of the GDPR) – the purpose of personal data processing is the provision of services; by using the Website and agreeing to the provisions of the Terms and Conditions and the Privacy Policy, the User concludes an agreement with the Administrator for the provision of electronic services, which consists of enabling the use of the Website’s functionalities, in particular, receiving and handling inquiries submitted by Website Users, and taking specific actions at the request of the data subject; failure to provide the required personal data may limit the User’s ability to use all the functionalities of the Website;

2) to fulfill the Controller’s legal obligations under the concluded contract for the provision of electronic services (legal basis: Art. 6.1.c GDPR in conjunction with Art. 6.1.b GDPR) – the purpose of personal data processing is for the Controller to fulfill its legal obligations under the concluded contract for the provision of electronic services, in particular, to exercise its rights and obligations regarding complaints;

3) to defend, pursue, or establish claims related to the contract for the provision of electronic services, which constitutes the Controller’s legitimate interest (legal basis: Art. 6.1.f GDPR) – the purpose of personal data processing is to secure information in the event of a legal need to prove certain events, which constitutes the Controller’s legitimate interest;

4) for purposes related to cookie technology, based on the consent of the data subject (legal basis: Art. 6.1.a and Art. 6.1.f of the GDPR) – personal data processing in this scope occurs solely on the basis of a separate consent expressed by the User to the processing of personal data, the use of cookies, or other similar technologies, expressed by a declaration made upon the first visit to the Website from the User’s device, through the appropriate functionalities of the Website, i.e., before entering into an agreement for the provision of electronic services;

5) for direct marketing purposes (legal basis: Art. 6.1.f of the GDPR) – to offer products and services of the Controller and the Controller’s partners, most often in the form of online advertising, tailored to the User’s interests, which constitutes a legitimate interest of the Controller and the Controller’s partners; the Controller may use electronic communication tools for this purpose, such as, in particular, the email address provided by the User;

6) for analytical purposes (legal basis: Art. 6 sec. 1 letter f of the GDPR) – including – opinion surveys of Website Users, contacting Website Users for analytical purposes; based on the analysis of User activity on the Website, the Controller is able to better select content and services and adapt them to the needs of Users, develop statistics related to the use of the Website, examine satisfaction with the services offered and determine their quality, as well as ensure data security in The Controller’s legitimate interest in the website will be fulfilled.

Personal data collected by the Controller will be processed for no longer than necessary for the purposes for which the personal data were collected:

1) Personal data collected for the purpose of concluding and performing a contract for the provision of electronic services will be stored and processed for the period of concluding and performing the contract, and then for the required data archiving period, as required by law.

2) Personal data collected for the purpose of fulfilling the Controller’s legal obligations in connection with concluded contracts will be processed for the period necessary to fulfill the Controller’s legal obligations.

3) Personal data collected for the purpose of defending, pursuing, or establishing claims related to concluded contracts will be processed for the period of pursuing, defending, or establishing claims, but no longer than until the statute of limitations for such claims expires.

4) Personal data collected to process inquiries submitted by Website Users will be processed for the period necessary to contact the User and resolve the matter.

5) Personal data collected for marketing and analytical purposes will be processed for the duration of the marketing campaign or until consent to their processing is withdrawn or an objection is raised.

6) Personal data collected for User opinion surveys will be processed for the duration of the survey and for the period of analysis of its results.

7) Personal data collected for purposes related to cookie technology will be processed until consent is withdrawn.

8) Personal data will also be processed until the statutory limitation periods for claims expire or the archiving obligation under applicable law expires.

The Administrator will cease processing personal data collected based on the Administrator’s legitimate interest whenever the data subject objects to the processing of their personal data, or when the consent based on which their personal data was collected and processed is withdrawn, or the Administrator determines that the data is no longer valid.

Information and personal data about Users are obtained through voluntary entry of personal data and information into the Website’s systems via electronic forms available on its pages, voluntary provision of personal data during contact with the Administrator via other methods, as well as in an automated manner, via cookies stored on end devices and by collecting web server logs by the Website’s hosting operator (necessary for the proper operation of the Website).

Users can access the Website without providing any personal data and browse the Website in this manner, subject to data collected automatically, which primarily includes IP address, domain name, browser type and type, operating system type, interests, age, and gender of the Website user. This data is collected automatically, primarily via cookies.

Although the provision of personal data is voluntary, and consent to its processing may be withdrawn at any time, in situations where the provision of personal data is necessary due to an existing legal obligation or for the purposes of concluding and performing a service contract and taking necessary steps prior to its conclusion, failure to provide the required personal data by the User may result in the inability to conclude and perform the service contract.

Personal data may be subject to automated decision-making, including profiling, for the purpose of providing services under the concluded contract and for direct marketing purposes. Profiling involves, in particular, tailoring the display of content to Users’ preferences based on their previous choices. Profiling does not have any legal consequences for Users or significantly affect their situation. The user has the right to object to profiling at any time, The Administrator will discontinue its use.

The User consents to the processing of personal data:

1) upon first accessing the Website by selecting the “I agree, I want to proceed to the page” option from the available options in the message regarding cookies and the Privacy Policy;

2) before selecting the “Send” button and thus sending an inquiry via the contact form available in the “Contact” tab of the Website, by checking the appropriate checkbox regarding consent to the processing of personal data;

3) by initiating the complaint process described in the Terms and Conditions, which requires the User to provide personal data in order to review and respond to the User’s complaint.
The Website does not use analytical and marketing cookies until the User expresses consent by selecting the appropriate option in the cookie banner. Until consent is expressed, only cookies necessary for the proper operation of the Website remain active.

§5. Data Recipients
Your personal data may be transferred to third parties whose services the Administrator uses in connection with the operation of the website.

However, I assure you that we carefully select the entities with which I cooperate or whose services I use, and we always ensure adequate data protection.

Due to the use of Google or Facebook services, your data may be transferred to the United States of America (USA) and Canada. However, I inform you that these entities guarantee an adequate level of personal data protection required by European regulations. For data transfers outside the European Economic Area, we use Standard Contractual Clauses (SCCs) approved by the European Commission and additional technical measures (e.g., encryption) to ensure an adequate level of data protection.

§6. User Rights
The Controller informs you that you have the right to:

access your personal data;

You can always contact the Controller to determine what personal data of yours is being processed and its origin.
In certain circumstances, you have the right to receive a copy of the personal data provided to the Controller in a commonly used and structured, machine-readable format or request the transfer of your personal data to any third party of your choice.
Rectification of personal data;
If you determine that the personal data held by the Controller is incorrect, outdated, incomplete, or inaccurate, you have the right to request its completion or correction.
Delete personal data;
You may request the Controller to delete stored personal data at any time. However, in some cases, this may not be possible, for example, for the defense of claims or when required by law.
Restriction of personal data processing;
You may request the restriction of the processing of your personal data at any time by contacting the Controller if it is no longer necessary for processing purposes.
Objection to personal data processing;
You have the right to object to the use of your personal data.

The Controller respects your rights under personal data protection regulations and will make every effort to facilitate their implementation.
These rights are not absolute. There may be situations in which the Controller will be forced to refuse to implement them or propose a solution other than the one you have chosen. Refusal to comply with your request may only occur after a thorough analysis and only if it is necessary to ensure compliance with the law.
You have the right to object to the processing of your personal data at any time. However, you should remember that, in accordance with the law, the Controller may refuse to uphold your objection if the Controller demonstrates that:

there are legitimate grounds for processing that override your interests, rights, and freedoms, or

there are grounds for establishing, pursuing, or defending legal claims.

You have the right to object at any time to the processing of your personal data for marketing purposes. In such a situation, we will cease processing your data for this purpose.
You can exercise your rights by:
sending an email directly to the Controller at sekretariat@latexopony.p
If you believe that your personal data is being processed in violation of applicable law, you may file a complaint with the President of the Personal Data Protection Office.

§7. Data Security
The Controller implements and maintains a comprehensive personal data protection system that takes into account the current state of technical knowledge, implementation costs, the nature and scope of processing, and the risk of violations of the rights and freedoms of data subjects. This system is constantly monitored and adapted to changing technological threats and legal requirements.

To ensure the security of personal data, the Controller employs integrated technical and organizational measures, including in particular:
a) Protection of technical infrastructure:

the use of SSL/TLS certificates to encrypt connections between the User’s device and the Controller’s servers,
the use of firewalls, intrusion detection and prevention systems (IDS/IPS), and 24/7 security monitoring,
segmentation of networks and systems to reduce the risk of unauthorized access.

b) Protection of systems and applications:

the use of multi-level authentication mechanisms, including highly complex passwords and, where possible, two-factor authentication (2FA),

ongoing software, operating systems, and application updates to eliminate known vulnerabilities,
anti-malware protection through antivirus, anti-malware, and DDoS attack protection.

c) Access and authorization control:
granting access to personal data only to authorized persons, in accordance with the principle of data minimization and need-to-know,

Maintaining registers of authorized persons and periodically reviewing granted authorizations,
using electronic systems for recording access to data and IT resources.

d) Data protection at rest and in transmission:

Encryption of databases and media on which personal data are stored,

Secure deletion of data after the retention period expires in accordance with adopted procedures.

e) Business continuity and incident response:

Creating and storing regular backups in a secure location,
Implemented contingency and business continuity plans (Business Continuity Plan, Disaster Recovery Plan),
Procedures for rapid response to data security incidents, including reporting breaches to supervisory authorities and data subjects – if required by law.

The Controller also ensures:

Regular security audits and tests, including system penetration tests,
Data Protection Impact Assessments (DPIAs) for new processing processes or technologies that may generate increased risk,
Internal procedures for reporting and handling security incidents.

Employees and associates of the Controller who have access to personal data are subject to confidentiality obligations and participate in training in data protection and information security.

The Controller, acting in accordance with the principles of “privacy by design” and “privacy by default,” implements new technologies and organizational solutions to ensure that personal data processing is carried out with the highest level of privacy and security, even at the process design stage.

§8. Cookies
The Website collects information about Users and their behavior in the following manner:

1) through information voluntarily entered by the User into electronic forms provided on the Website and for purposes arising from the function of a specific form, or otherwise provided to the Administrator for the purpose of initiating and conducting the complaint process described in the Terms and Conditions;

2) through cookies stored on the User’s end device (so-called “cookies”) – by using the Website, the User accepts that cookies will be installed on the end device, which will enable the Administrator to provide services;

3) through the collection of web server logs by the Website’s hosting operator (necessary for the proper operation of the website).

Cookies are IT data, specifically text files, sent while browsing the Website and stored on the User’s end device, intended for use with the Website. Cookies typically contain the name of the website from which they originate, their storage time on the end device, and a unique number.

The Administrator is the entity that places cookies on the end device of the User who uses the Website and obtains access to them. The legal basis for the processing of personal data from cookies is the Controller’s legitimate interests in ensuring high quality and security of the services provided, as well as the consent of the User whose personal data relates.

The Website uses cookies after the User has provided prior consent in this regard. Consent to the use of all cookies by the Website is granted by selecting the appropriate option from the information available in the notice regarding the use of cookies by the Website, which is displayed upon first accessing the Website, by clicking the button: “I agree, I want to proceed to the page,” with the two available options being: “I agree, I want to proceed to the page” or “I do not consent.”

If a Website User does not consent to the use of cookies by the Website, they may use the option and select the “I do not consent” button available in the message regarding the use of cookies by the Website, which is displayed upon first accessing the Website, or make changes to the settings of the web browser they are currently using (however, this may result in incorrect operation of the Website).

The process of expressing or refusing consent may vary depending on the web browser they are using. For detailed information, please refer to the help or documentation of the web browser. To manage cookie settings, select the web browser/system from the list and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.

The Website uses two basic types of cookies: “session cookies” and “persistent cookies.” “Session” cookies are temporary files that are stored on the User’s end device until they leave the Website or disable the software (web browser). “Persistent” cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User. Additionally, we distinguish first-party cookies (originating directly from the Website) and third-party cookies (originating from a third-party website via the Website). In the latter case, it is recommended to review the privacy and cookie policies of the relevant third party.

Cookies are used for the following purposes:

1) cookies remember User preferences, which allows us to improve the quality of services provided and the accuracy of search results;

2) creating statistics that help us understand how Website Users use websites, which allows us to improve their structure and content;

3) defining User profiles in order to display product recommendations and tailored advertising materials, particularly those from the Google Network.

Web browsing software (web browser) typically allows cookies to be stored on the User’s end device by default. Users can change their settings in this regard. The web browser allows cookies to be deleted. It is also possible to automatically block cookies through the appropriate web browser settings.

Cookies do not cause any configuration changes to devices and software installed on the User’s devices.

Restricting the use of cookies may affect some of the functionalities available on the Website’s web pages, and in some cases, completely prevent the use of some of its features and options.

Cookies placed on the User’s end device may also be used by advertisers and partners cooperating with the Website, including in particular the “XPARTNER” website (www.xpartner.net.pl).

Cookies may be used by the Google network to display advertisements tailored to the User’s use of the Website. For this purpose, they may store information about the User’s navigation path or the duration of their stay on a given page: https://policies.google.com/technologies/partner-sites.

The Website uses Google Analytics (Google Inc., based in the USA) for statistical analysis of website traffic. The Google Analytics system, which automatically collects data about the User, is a web analytics system through which the Administrator gains insight into the Website’s data traffic and User demographics, used for marketing purposes. It is recommended that the User review the Google Analytics privacy policy to learn about the use of cookies used in statistics: The Google Analytics privacy policy can be found at: https://policies.google.com/privacy?hl=pl. To block the operation of Google Analytics, disable the use of cookies. The Website uses Google Analytics 4 (GA4) with the IP address anonymization feature (so-called IP masking) enabled. This shortens the IP address before storing it on Google servers.

With respect to information about User preferences collected by the Google advertising network, the User can view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/.

The Website contains plugins that can transmit User data to the administrators of portals such as Facebook, Google, Instagram, LinkedIn, YouTube, Salesmanago, Gemius, and others. This tool allows these portals to identify visitors to the Website as a target group, who can then be displayed with advertisements with appropriate content. To avoid transmitting this data to these portals, avoid clicking on links to these portals or log out of your account on the given portal before clicking the link. The processing of personal data by these portals is based on the principles and policies applied by these portals. The Administrator recommends that you familiarize yourself with these documents before taking the actions described in the preceding sentences.

§9. Changes to the Privacy Policy
The Administrator reserves the right to make changes to this Privacy Policy at any time, in particular in the event of:
a) changes in applicable law, including regulations on personal data protection or services provided electronically,
b) the introduction of new services or functionalities on the Website that affect the scope or method of personal data processing,
c) the development of technologies used on the Website, including analytical and marketing tools,
d) recommendations or guidelines from supervisory authorities regarding personal data protection.
Users will be notified of any significant changes to the Privacy Policy via an appropriate notice posted on the Website. If the changes require new consent from the User, the Administrator will obtain such consent before processing data in the amended scope begins.
The amended Privacy Policy is effective from the date of its publication on the Website, unless the notice of change specifies a different effective date.
The Administrator recommends that Users regularly review the Privacy Policy to be aware of any changes and their impact on the processing of personal data.