INFORMATION OBLIGATION ACCORDING TO GDPR

Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union L 119/1, we hereby inform you that:

1) The administrator of your personal data is ZAKŁAD WŁÓKIENNICZY BILIŃSKI SPÓŁKA JAWNA NIP /National Tax Identification number/ 7272720924, UL. ADAMA MICKIEWICZA 29, 95-050 KONSTANTYNÓW ŁÓDZKI. The administrator has appointed a Data Protection Officer, Ms. Kamila Wałęska-Nowak, who can be contacted at the following address: iod@farbiarniabilinski.pl

2) Your personal data will be processed for the purpose of order processing, marketing activities based on your consent, and for commercial contact. We process personal data based on consent or a legally justified interest consisting of maintaining contact, responding to enquiries, providing information, as well as in cases where legal regulations impose an obligation to process such personal data or where processing is necessary for the conclusion and performance of a contract in which you are a part.

3) The categories of personal data we process depend on the purpose of contact with us and the nature of our relationship. Typically, they include: phone number, address, name, surname, position (representative or decision-maker), and email. We strive to use only the data that are necessary each time.

4) Recipients of your personal data may be entities processing data on our behalf under a contract, including our IT, accounting, legal services, and collaborating entities, as well as entities authorized to receive information based on legal provisions.

5) Your personal data will not be transferred to a third country or international organization.

6) Your personal data will be stored until the completion of order processing, marketing activities, and contact for marketing purposes, or for the time necessary for the defence or pursuit of claims, and if you have given consent for data processing, until you withdraw that consent.

7) You have the right to request access to your personal data, their rectification, erasure, or restriction of processing, as well as the right to object to processing, the right to data portability, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal, by sending an email to iod@farbiarniabilinski.pl, and we will fulfil these rights in accordance with the principles set out in the GDPR.

8) If you believe that the processing of personal data violates GDPR regulations, you have the right to lodge a complaint with the President of the Personal Data Protection Office.

9) We do not make decisions based solely on automated processing, including profiling.

10) Providing personal data is voluntary, but the consequence of not providing personal data will be the inability to process orders, conduct marketing activities, and establish contact.

 

PURPOSES OF PERSONAL DATA PROCESSING

CLIENTS

1. Establishing business relations – sales

Legal basis – processing is necessary for purposes arising from the legitimate interests pursued by the administrator (Article 6 item 1 letter f of the GDPR) – which involve the pursuit of service sales. Retention period: until effective objection / request for deletion.

2. Conclusion and performance of the sales contract

Legal basis – processing is necessary for the performance of pre-contractual measures and the execution of a contract (Article 6 item 1 letter b) of the GDPR). Retention period: until the contract is terminated.

3. Handling complaints, grievances, requests

Legal basis – processing is necessary for purposes arising from the legitimate interests pursued by the administrator (Article 6 item 1 (f) of the GDPR) – consisting in taking care of the quality and image of the entrepreneur. Retention period: one year from the submission of the complaint, grievance, request.

4. Maintaining accounting and tax documentation

Legal basis – processing is necessary to fulfil a legal obligation (Article 6 item 1, letter c of the GDPR in connection with Article 74 of the Accounting and other Taxes Act. Retention period: 5 full years from the end of the calendar year.

5. Debt collection

Legal basis – processing is necessary for purposes arising from the legitimate interests pursued by the administrator (Article 6 item 1 letter of the GDPR) – consisting in maintaining financial liquidity. Retention period: until full settlement.

6. Pursuing claims and defending against claims

Legal basis – processing is necessary for purposes arising from the legitimate interests pursued by the administrator (Article 6 item 1 letter f of the GDPR) – defence of the interests of the entrepreneur. Retention period: 6 years from the end of cooperation.

7. Marketing own services

Legal basis – processing is necessary for purposes arising from the legitimate interests pursued by the administrator (Article 6 item 1 letter f of the GDPR) – consisting in taking care of the interests and good image of the entrepreneur. Retention period: 2 years from the collection of the data or until an objection is submitted.

BUSINESS PARTNERS

1. Establishing business relations – sales with the entity represented by the individual.

Legal basis – processing is necessary for purposes arising from the legitimate interests pursued by the administrator (Article 6 item 1 letter f of the GDPR) – which involve the pursuit of service sales. Retention period: until effective objection / request for deletion.

2. Handling complaints, grievances, requests.

Legal basis – processing is necessary for purposes arising from the legitimate interests pursued by the administrator (Article 6 item 1 (f) of the GDPR) – consisting in taking care of the quality and image of the entrepreneur. Retention period: one year from the submission of the complaint, grievance, request.

3. Maintaining accounting and tax documentation.

Legal basis – processing is necessary to fulfil a legal obligation (Article 6 item 1, letter c of the GDPR in connection with Article 74 of the Accounting and other Taxes Act. Retention period: 5 full years from the end of the calendar year.

4. Debt collection.

Legal basis – processing is necessary for purposes arising from the legitimate interests pursued by the administrator (Article 6 item 1 letter of the GDPR) – consisting in maintaining financial liquidity. Retention period: until full settlement.

5. Pursuing claims and defending against claims.

Legal basis – processing is necessary for purposes arising from the legitimate interests pursued by the administrator (Article 6 item 1 letter f of the GDPR) – defence of the interests of the entrepreneur. Retention period: 6 years from the end of cooperation.

CORRESPONDENCE

1. Registration of correspondence and providing responses.

Legal basis – necessary for purposes arising from legitimate interests pursued by the administrator (Article 6 item 1 letter f of the GDPR) – ensuring timely response to letters, timely payment processing for suppliers, maintaining the quality of cooperation with contractors and other interested parties. Retention period: 10 years from sending or receiving correspondence.

2. Pursuing claims and defending against claims.

Legal basis – processing is necessary for purposes arising from the legitimate interests pursued by the administrator (Article 6 item 1 letter f of the GDPR) – defence of the interests of the entrepreneur. Retention period: 6 years from the end of cooperation.

WEBSITE

1. Using the website and ensuring its proper functioning.

Legal basis – necessary for purposes arising from legitimate interests pursued by the administrator (Article 6 item 1 letter f of the GDPR) – involving the operation of the website. Retention period: 2 years from the last visit to the site.

2. Pursuing claims and defending against claims.

Legal basis – pursuit of claims and defence against claims. Retention period: 6 years from the end of cooperation.

PROCESSING OF PERSONAL DATA FOR RECRUITMENT PURPOSES – information for candidates

Pursuant to Article 13 item 1 and 2 of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, OJEU.L.2016.119.1), we would like to inform you that:

1. The administrator of your personal data is ZAKŁAD WŁÓKIENNICZY BILIŃSKI SPÓŁKA JAWNA NIP /National Tax Identification number/ 7272720924, UL. MICKIEWICZA 29, 95-050 KONSTANTYNÓW ŁÓDZKI
2. The administrator has appointed a personal data protection officer, whom you can contact at: iod@farbiarniabilinski.pl
3. Your personal data will be processed for recruitment purposes, while the legal basis for the processing of personal data is primarily Article 6 item 1 letter c pursuant to Article 221 of the Labour Code, as well as Article 6 item 1 letter a of the GDPR, i.e. consent to the processing of personal data contained in the CV or other documents that you provide to the employer, which are not explicitly required by the provisions of labour law regulations. With regard to personal data processed on the basis of consent to data processing, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. The administrator will process your personal data, also in subsequent recruitments, if you give your consent, which can be revoked at any time. If the documents contain the data referred to in Article 9 item 1 of the GDPR, your consent for their processing will be necessary, and it can be revoked at any time.
4. Recipients of your personal data may include entities processing data on our behalf based on a data processing agreement, as well as cooperating entities and entities required to do so by legal regulations. Your personal data will not be transferred to a third country or international organisation.
5. Your personal data will be processed for the duration of the recruitment process, not longer than 3 months from the date of announcement of the start of recruitment. In the case of your consent to the use of personal data for the purposes of future recruitment, your data will be used for a period of 2 years.

6. You have the right to access your data and rectify, erase, restrict processing, or transfer personal data in cases specified in the GDPR.

7. During the processing of your personal data, there is no exclusively automated decision-making or profiling as referred to in Article 22 item 1 and 4 of the GDPR. This means that no decisions regarding the Candidate will be made solely automatically and that no profiles of the Candidate will be built.

8. If you believe that the processing of personal data violates applicable law, you have the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Data Protection Office.

9. Providing your personal data for the purpose specified in Article 221 of the Labour Code is necessary to participate in the recruitment process. Without processing this data, conducting the recruitment process and employment would not be possible. Providing other data is voluntary.

PRIVACY POLICY AND COOKIE POLICY

I. The Privacy Policy defines the rules for the processing of personal data at Zakład Włókienniczy Biliński spółka jawna with its registered office in Konstantynowo Łódzki ul. Adama Mickiewicza 29.

II. The Cookies Policy defines the rules for storing and accessing data on Users’ Devices using the Service for the purpose of providing electronic services by the Service Administrator. In addition, the Cookies Policy also serves to indicate the period of operation of these files and to determine whether third parties can access such files, which is included in Section 12.

I. Privacy Policy

§ Section 1 Definitions

• Service – the internet service operating at the address farbiarniabilinski.pl;
• External website – internet websites of the Administrator’s partners, service providers or service recipients;
• Administrator – Zakład Włókienniczy Biliński spółka jawna with its registered office in Konstantynów Łódzki ul. Adam Mickiewicza 29 as a company operating the website and storing and accessing information on the User’s devices;
• User – a natural person or a representative of a legal entity for whom the Administrator provides services electronically via the Website.

§ Section 2 Administrator, contact details

The Administrator of the User’s personal data is Zakład Włókienniczy Biliński spółka jawna, with its registered seat at ul. Adama Mickiewicza 29, Konstantynów Łódzki.
Any questions regarding the protection of personal data should be directed to the e-mail address iod@farbiarniabilinski.pl or the address of the Administrator’s registered office.

§ Section 3 Principles and purposes of personal data processing

In order to ensure compliance with the current legal regulations in the field of personal data protection and to safeguard the rights and freedoms of our clients, employees, contractors, and partners, Zakład Włókienniczy Biliński spółka jawna, with its registered office at ul. Adama Mickiewicza 29, Konstantynów Łódzki, has implemented a data protection policy and other documents within its organization, serving the principle of accountability as outlined in Article 5 of the GDPR.

Zakład Włókienniczy Biliński spółka jawna, with its registered office at ul. Mickiewicza 29, Konstantynów Łódzki, collects and processes personal data on the following legal bases and for the following purposes:

• execution of a contract or taking actions necessary for its conclusion (Article 6 item 1 letter b of the GDPR) in connection with activities related to, among others, the conclusion of a contract for the provision of services and the sale of products
• legal obligation incumbent on the administrator (Article 6 item 1 letter c of the GDPR) in connection with the implementation of tasks resulting from the acts on services provided and sales;
• pursuit of purposes arising from the legitimate interest of the Administrator or by a third party (Article 6 item 1 letter of the GDPR in connection with the analysis and response to the enquiry sent by telephone or via e-mail and in connection with activities carried out in social media).

Zakład Włókienniczy Biliński spółka jawna, with its registered office at ul. Adam Mickiewicza 29, Konstantynów Łódzki, protects personal data by applying appropriate technical and organizational security measures to prevent accidental or intentional modifications, loss, destruction or unauthorized access to such data. Personal data collected for the purposes set out above are processed for the period necessary to achieve the aforementioned goals, including contract execution and fulfilment of legal requirements. Zakład Włókienniczy Biliński spółka jawna, with its registered office at ul. Adama Mickiewicza 29, Konstantynów Łódzki, ensures transparency of data processing:

– it informs about the processing of data at the time of collection, in particular about the purpose and legal basis for the processing of personal data, unless separate regulations require otherwise;
– it ensures that data is collected only to the extent necessary for the specified purpose and processed only for the period in which it is necessary.

When processing data, the Company ensures their security and confidentiality and access to information about processing to data subjects. In the event that, despite the implemented security measures, a breach of personal data protection occurs (e.g., data breach or loss) and such breach could lead to a high risk of violation of rights or freedoms of data subjects, the Company will inform the data subjects about such an event in accordance with applicable regulations.
Zakład Włókienniczy Biliński spółka jawna, with its registered office at ul. Adama Mickiewicza 29, Konstantynów Łódzki, takes all necessary actions to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Company.The Company conducts risk analysis on an ongoing basis and monitors the adequacy of the applied data security measures to the identified threats. Additional measures to enhance data security will be implemented if necessary.

§ Section 4. Social media

Zakład Włókienniczy Biliński spółka jawna, with its registered office at ul. Adama Mickiewicza 29 has public profiles on social networks such as Facebook. Therefore, it processes data that is generated by visitors to these profiles (including comments, likes, Internet identifiers). Personal data of such persons is processed to enable them to be active on the profile, to effectively manage company profiles by providing information to users about initiatives and other activities, to promote various events, services, and products, for statistical and analytical purposes, and for the purpose of asserting claims and defence against claims. The legal basis for the processing of personal data in social media is the legitimate interest of the Administrator (Article 6 item 1 letter of the GDPR), consisting in promoting its own brand and improving the quality of services provided, and if necessary, pursuing claims and defending against claims.

§ Section 5. Data recipients, rights of data subjects

Depending on the purpose of processing, data recipients of Users’ personal data may include: courier companies, IT solution providers, banks, insurance companies, supporting companies, telecommunications service providers, document disposal companies, authorised state authorities.
Users have the right to request access to their personal data, their rectification, erasure, or restriction of processing, the right to data portability, and the right to lodge a complaint with the President of the Personal Data Protection Office if they believe that the provided personal data is processed contrary to the aforementioned Regulation.

II. Cookies Policy

Below, the User can obtain information about the various purposes for which we use cookies and give or withdraw your consent. The User can change these settings at any time, including withdrawing consent (but this will not affect the legality of the actions taken while the consent was in force). It is important to note, that the User can also use browser settings (e.g. block or delete cookies) in accordance with the options provided by the manufacturer.

§ Section 6 Types of Cookies

– Internal Cookies – files placed and read from the User’s Device by the Website’s ICT system
– External cookies – files placed and read from the User’s Device by ITC systems of External Services
– Session cookies – files placed and read from the User’s Device by the Website or External – Websites during one session of that Device. After the session ends the files are deleted from the User’s Device.
– Persistent cookies – files placed and read from the User’s Device by the Website or External – Websites until they are manually removed. These files are not deleted automatically after the end of the Device session, unless the User’s Device configuration is set to delete Cookies after the Device session ends.
– Necessary cookies – cookies necessary for the proper functioning of the website. They support basic functions (e.g. login, shopping cart) and are used to ensure security. The use of these cookies does not require consent and they are saved on your device by default. They remain active for the duration of the visit to the site or slightly longer. You can block these cookies using your browser settings, but doing so may affect the proper functioning of the service.
– Google Analytics is a tool provided by Google LLC from the USA. Google processes information on our behalf, based on your consent. Analytical cookies do not collect information that directly identifies you. The information collected concerns, among others Your device, browser, approximate location and how you use our website (e.g. from which page you visit the website, which pages you view and for how long, if you have been on our website before). For additional privacy protection, we have enabled IP anonymization. (https://support.google.com/analytics/answer/2763052?hl=en)

§ Section 7. Security

• Storage and reading mechanisms – Cookies storage and reading mechanisms do not allow for downloading any personal data or any confidential information from the User’s Device. It is virtually impossible to transfer viruses, trojans or other worms to the User’s Device.
• Internal Cookies – Internal Cookies used by the Administrator are safe for Users’ Devices

§ Section 8 Purposes for which Cookies are used

• Streamlining and facilitating access to the Website – The Administrator may store the information about User’s preferences and settings regarding the Website in the Cookie files to improve and accelerate the provision of services on the Website.

• Statistical data – the Administrator and External websites use Cookie files to gather and process statistical data, such as statistics related to user visits, user Devices or user behaviour. This data is collected in order to analyse and improve the Website.

• Delivery of multimedia services – the Administrator and external Services use Cookies to deliver multimedia services to Users.

§ Section 9 External Services

The Administrator does not cooperate with external services, and the Website does not place or use any external cookies.

§ Section 10 Possibilities of determining storage and access conditions to the User’s Devices by the Website.

• The User may at any time, independently change the settings for saving, deleting and accessing the data of saved Cookies, including withdrawing consent (however, this will not affect the legality of the actions taken at the time when the consent was in force)
• Information on how to disable cookies in the most popular computer browsers and mobile devices is available at:
Firefox
Chrome
Internet Explorer
Opera
Safari
Due to the multitude of technological solutions, it is not possible to provide precise guidelines on how to determine the conditions for storing or accessing Cookies using the settings of all available telecommunications terminal equipment and software installed on your device. However, in most cases, you should select the option “Tools” or “Settings” and there find the section related to cookie settings or managing privacy while browsing the Internet. Detailed information is usually provided by the manufacturer of the specific device or browser in the user manual or on their website.

• The User can delete all previously stored Cookie files at any time using the tools of the User’s Device through which the User uses the Service.

§ Section 11 Website requirements

Limiting the storage and access to Cookie files on the User’s Device may result in improper functioning of certain Service features.

• The Administrator does not bear any responsibility for improperly operating functions of the Website if the User restricts in any way the option of saving and reading cookies.

§ Section 12. Duration of cookies and determination of third party access

If we process personal data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or if personal data is disclosed or transmitted to third parties, this will only happen when it serves the purpose of: fulfilling our pre-contractual or contractual obligations, based on the User’s consent, based on a legal obligation, or based on our legitimate interests. Subject to legal conditions or contractual provisions, we process or transfer personal data in a third country only if the conditions and level of security specified in Articles 44-47 of the GDPR. This means that processing takes place, for example, based on special guarantees such as officially recognized establishment of a data protection level equivalent to the EU or compliance with officially recognized specific contractual obligations (so-called “standard contractual clauses”).
Therefore, the Administrator transfers personal data outside the EEA only when it is necessary and with an adequate level of protection, primarily through:
-collaboration with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued, certifying an adequate level of protection of Personal Data;
-use of standard contractual clauses issued by the European Commission;
-application of binding corporate rules, approved by the competent supervisory authority;

The administrator always informs at the collection stage about the intention to transfer personal data outside the EEA.Only in exceptional cases does the User’s full IP address reach Google’s server in the USA. In addition to Google Analytics, the client-side uses the cookie_notice_accepted cookie, which records whether the user has accepted cookies, with a validity period of 30 days.

§ Section 13 Changes to the Privacy Policy and Cookie Policy

• The Administrator reThe Administrator reserves the right to make any changes to this Privacy and Cookie Policy.
• Introduced changes will always be published on this page.
• The introduced changes come into effect on the day of publication.