Privacy Policy

The privacy of Users is of particular importance to us. For this reason, Users of the butyotmet.eu online store (hereinafter referred to as the Online Store) are guaranteed the highest standards of privacy protection. Otmęt-Zbyt Sp. z o.o., as the administrator of personal data, ensures the security of the personal data provided by Users.

Considering the above and in response to the requirements introduced by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016) (hereinafter referred to as GDPR), Otmęt-Zbyt Sp. z o.o. has adopted this Privacy Policy to ensure the security of personal data.

This Privacy Policy defines the principles of processing and protecting personal data provided by Users in connection with their use of the Online Store and other related websites, communications, and services.

A User is any person whose data is processed and who uses the Online Store, as well as other related websites, communications, and services (hereinafter referred to as the User).

The administrator of personal data collected in the Online Store is Otmęt-Zbyt Sp. z o.o., ul. Kilińskiego 1, 47-303 Krapkowice, NIP: 7491797789, REGON: 531402807 (hereinafter referred to as the Administrator).

To the extent necessary to perform the contract concluded by the User with the Administrator, to take actions requested by the User, and to fulfill legal obligations imposed on the Administrator, the processing of the User's personal data is based on legal provisions, specifically Article 6(1)(b) and (c) of the GDPR, without the need for the User's consent for data processing.

In all other cases, providing personal data by the User is voluntary. However, where the User's consent for data processing has been given exclusively for marketing purposes, providing personal data is voluntary, but refusing or withdrawing consent will prevent the Administrator from informing the User about new offers and discounts.

I. USER CONSENT

By using the Online Store, the User accepts that the Administrator collects, uses, and shares non-personal and personal data in accordance with this Privacy Policy. However, the User retains control over how their data is used and shared, as detailed in Chapter V of this Privacy Policy, "User Rights."

If personal data is processed based on the User's consent, the User has the right to withdraw their previously given consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal. The Administrator informs the User of the possibility of withdrawing consent before the User gives it.

If this Privacy Policy is amended and the User continues to use the Online Store, such action will be deemed as consent to the updated terms of the Privacy Policy.

II. PERSONAL DATA PROCESSED BY THE ADMINISTRATOR

1. Methods of Collecting Personal Data
   1. Personal Data Obtained Directly from the User
      The Administrator collects personal data in two ways. The first method involves obtaining personal data directly from the User, through:
      • the User sending a message via the contact form provided in the Online Store;
      • the User creating a customer account in the Online Store;
      • placing an order for goods or services in the Online Store;
      • the User contacting the Administrator for technical support, filing a complaint, or other purposes.
   2. Personal Data Obtained from Other Sources
      The Administrator also collects personal data from sources other than directly from the User, such as:
      through recording how the User interacts with the Online Store via cookies and other technologies, as well as receiving error reports or usage data from software operating on the User’s device;
      • from partners with whom the Administrator offers goods and services or conducts joint marketing activities.
2. Personal Data Processed by the Administrator
   The scope of personal data collected by the Administrator regarding Users may vary depending on the purpose of the data processing.
   The Administrator collects, among others, the following personal and non-personal data:
   • Login name,
   • First and last name / company name / first and last name of the entrepreneur or entrepreneurs operating as a civil partnership,
   • Correspondence address,
   • Phone number,
   • Email address,
   • Tax Identification Number (NIP),
   • Business Identification Number (REGON),
   • Computer IP address,
   • Payment details, if the User makes a purchase in the Online Store,
   • Information contained in cookies and similar technologies regarding the User's interactions with the Administrator's Online Store.

Additionally, the Administrator collects data related to the content of files and messages from the User when required to process an order, provide customer account services, including:
the subject and content of emails, text or other content of instant messages, audio and video recordings of messages, audio recordings and transcriptions of voicemail messages received by the User or dictated by them as text messages.

The Administrator also collects information provided by the User, including reviews and ratings of goods and services, as well as information submitted for technical support purposes. Furthermore, in the case of contact, the Administrator collects the content of the messages.

III. METHOD OF DATA PROCESSING – PURPOSES OF PERSONAL DATA PROCESSING BY THE ADMINISTRATOR

The method of processing personal data concerning the User by the Administrator depends on the scope of the User's use of the Online Store.

1. Orders, Customer Account (Contract Execution)
   If the User decides to place an order for goods or services offered in the Online Store, the Administrator will process the User's personal data to the extent necessary to conclude a sales agreement or a service agreement and to ensure the proper fulfillment of the agreement concluded with the User.
   If the User creates a customer account in the Online Store, the Administrator uses the User's personal data to properly execute the agreement for the provision of electronic services, including authentication and authorization of the User's access to the customer account.
2. Communication (Contract Execution, Legitimate Interest Pursued by the Administrator)
   The Administrator uses the User's personal data to communicate with them in a personalized manner. This communication includes sending emails, posting notifications on websites, and other means within the Online Store and customer account services, including text messages and push notifications. The content communicated to the User concerns offered goods and services, such as service availability and usage instructions, personal data security, network updates, reminders, as well as suggested offers from the Administrator.
   Communication with the User also pertains to customer service. Personal data is used to assist the User, resolve issues, and respond to their complaints.
   Additionally, the Administrator uses the User's personal data to enable them to comment on the Administrator's activities, Online Store, services, and goods.
3. Advertising (Consent, Legitimate Interest Pursued by the Administrator)
   The Administrator uses the User's personal data to offer them tailored advertisements, provided the User has given consent for such actions or a business relationship has been established between the Administrator and the User. These advertisements concern both the Administrator's offers and those of collaborating entities.
   The advertisements presented to the User are individually tailored (so-called "profiling") by utilizing:
   • data provided directly by the User,
   • data collected during the User's use of the Online Store,
   • information provided by third parties,
   • data derived from advertising technologies, such as cookies,
   • web beacons, pixels, ad tags, and mobile identifiers.
   The Administrator does not share the User's personal data with third-party advertisers or advertising networks without the User's consent. However, if the User clicks on a displayed advertisement, the advertiser will be informed of this action.
4. Improving the Online Store (Legitimate Interest of the Administrator)
   The Administrator uses the User's personal data to conduct analytical and statistical activities aimed at continuously improving the Online Store, the goods and services offered by the Administrator, ensuring better solutions, adding new features, and enhancing functionalities.
   The Administrator also uses personal data concerning Users for market research, public opinion polling, and economic analysis to continuously improve the Online Store.
5. Security (Legitimate Interest of the Administrator)
   The Administrator uses the User's personal data to monitor, prevent, detect, and combat fraud and abuse, protect other Users from such misconduct, and ensure network and information security. In cases where there is reasonable suspicion of a crime, the User's personal data will be used to investigate the possible commission of a crime or other violation of this Privacy Policy by unauthorized persons.
6. Claim Pursuit (Legitimate Interest of the Administrator)
   If the User decides to use the Online Store, particularly by creating a customer account or placing an order for goods or services through it, the Administrator may process the User's personal data to the extent necessary to pursue potential claims arising from the business activity and to analyze potential violations of the rules for using the Online Store.
7. Tax Documentation (Legal Obligation)
   If the User places an order for goods or services through the Online Store, the Administrator will process the User's personal data to the extent necessary for maintaining tax documentation and for settlements related to the executed orders.

IV. SHARING OF PERSONAL DATA BY THE ADMINISTRATOR

The User's personal data is or may be shared with the following categories of recipients:

1. Entities providing certain services in the sales process, such as courier/postal service providers, payment institutions intermediating User payments for ordered goods or services;
2. Providers of advertising or marketing services, in cases where the purpose involves direct marketing of the Administrator's own services;
3. Providers of legal and advisory services supporting the Administrator in pursuing claims (in particular law firms, debt collection companies);
4. Entities processing personal data on behalf of the Administrator, e.g., providers of technical services maintaining the infrastructure necessary for operating the online store;
5. Entities authorized to obtain data under applicable law, e.g., courts or law enforcement agencies, upon request based on a valid legal basis.

V. USER RIGHTS

The User has the right to manage their personal data by making choices regarding the disclosure of specific personal information, including privacy settings. However, the User should be aware that such choices may limit their ability to fully utilize certain functionalities of the online store or services offered by the Administrator.

If the User wishes to exercise their rights as a data subject, they can contact the Administrator via email at sekretariat@otmetzbyt.com.pl. Some rights as a data subject may also be exercised through the User’s account in the online store.

1. Right of Access to Data
   The User has the right to obtain confirmation from the Administrator as to whether their personal data is being processed, and if so, they are entitled to access information regarding the details of data processing, including, in particular, the purpose of processing and the categories of data being processed.
   The User also has the right to request a copy of the personal data being processed.
2. Right to Rectify Data
   The User has the right to have their personal data corrected if it is inaccurate. They have the right to request the replacement, supplementation, or removal of errors, defects, and incorrect information within the entire dataset concerning them.
   Supplementation cannot apply to personal data that is incorrect, i.e., the User cannot request the replacement or supplementation of existing data with incorrect data.
   If the personal data being processed is incomplete, the User may provide an additional statement to complete it. Such a statement may be submitted in any form, including electronically.
3. Right to Erasure (Right to Be Forgotten)
   The User has the right to request the erasure of their personal data if any of the following circumstances occur:
   1. The User's personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
   2. The User has withdrawn consent on which the processing was based, and there is no other legal basis for processing;
   3. The User objects to the processing of their personal data;
   4. The personal data has been processed unlawfully;
   5. The personal data must be erased to comply with a legal obligation under Union law or the law of a Member State to which the Administrator is subject;
   6. The personal data was collected in connection with the offering of information society services.
   The right to be forgotten applies only if the User exercises their right to erasure of personal data and only in cases where the User's personal data has been made public by the Administrator.
4. Right to Restrict Processing
   The User has the right to request the restriction of the processing of their personal data in the following cases:
   1. The User contests the accuracy of the personal data, for a period enabling the Administrator to verify the accuracy of the data;
   2. The processing is unlawful, and the User opposes the erasure of their personal data, requesting instead the restriction of its use;
   3. The Administrator no longer needs the User’s personal data for processing purposes, but the User requires it for the establishment, exercise, or defense of legal claims;
   4. The User has objected to the processing, pending verification of whether the legitimate grounds of the Administrator override those of the User.
   If processing is restricted, the Administrator may process the personal data, except for storage, only:
   1. With the User’s consent; or
   2. For the establishment, exercise, or defense of legal claims; or
   3. For the protection of the rights of another natural or legal person; or
   4. For reasons of important public interest of the Union or a Member State.
5. Right to Data Portability
   The User has the right to receive their personal data, which they have provided to the Administrator, in a structured, commonly used format, and has the right to transmit that data to another administrator.
   The User also has the right to request that their personal data be transferred directly by the Administrator to another administrator, where technically feasible.
6. Right to Object
   The User has the right to object, at any time and for reasons related to their particular situation, to the processing of their personal data:
   1. In the public interest or in the exercise of official authority vested in the Administrator;
   2. For direct marketing purposes, including profiling to the extent that it is related to direct marketing;
   3. For the legitimate purposes of the Administrator.
   The process for considering objections and all related communications are free of charge, and objections may also be submitted electronically.
7. Right to Lodge a Complaint
   The User has the right to lodge a complaint with the Data Protection Authority, particularly in the Member State of their habitual residence, workplace, or the place of the alleged infringement.

VI. COOKIES AND OTHER TECHNOLOGIES USED BY THE ADMINISTRATOR

The Administrator uses cookies and other similar technologies to ensure optimal service during the User's visit to the online store, enable quicker and easier access to information, offer increasingly advanced functionalities of the online store, and for marketing and remarketing purposes (including necessary analytics and compiling marketing profiles based on the User’s activity on various subpages of the online store). Cookies are fragments of code that are text files corresponding to HTTP requests sent to the Administrator’s server. The online store also utilizes other available technologies, such as storing information in the browser's data storage (Session Storage, Local Storage), as well as embedding code snippets from analytical tools provided by third parties, which may save cookies in their respective domains. Stored information or access to it does not result in configuration changes on the User’s device or in the software installed on it. Information contained in cookies and similar technologies is considered personal data only when combined with other personal data available about the User. If the User does not consent to the storage and retrieval of information in cookies or similar technologies, they can modify the cookie settings via their web browser or use the so-called opt-out option on the website of the provider of the specific technological solution. Detailed information about the technologies used by the Administrator is available in the Cookie Policy.

VII. OTHER IMPORTANT INFORMATION

1. Protection of Personal Data Security
   The Administrator implements various measures to ensure the security of the User’s personal data. The services provided are safeguarded by systems and procedures designed to prevent access to and disclosure of data to unauthorized persons. Additionally, the systems and procedures used by the Administrator are regularly monitored to detect potential threats. Personal data obtained by the Administrator is stored in computer systems with strictly limited access.
2. Storage of Personal Data
   The retention period for Users' personal data may vary, as different purposes of processing may apply to different Users' personal data.
   The Administrator retains personal data for the period necessary to achieve specific purposes, namely:
   1. For analytical and statistical purposes: for the period required to achieve objectives related to the efficient operation and development of the online store;
   2. For fulfilling orders and providing services to the User: for the duration of the contract and the limitation period for claims;
   3. For the period required by law concerning tax documentation and settlements related to the concluded contracts;
   4. For marketing purposes: for the duration of the business relationship with the User, unless the User objects to the processing for these purposes earlier.
   In each of the above cases, after the necessary processing period expires, the data may be processed solely for the purposes of securing or defending against claims, and thereafter only when and to the extent required by legal regulations.
   Users' personal data is stored in the Administrator’s database, where technical and organizational measures have been implemented to ensure the protection of processed data in accordance with the requirements set out in applicable laws. Access to the database is restricted solely to the Administrator.
3. Changes to the Privacy Policy
   To update the information contained in this Privacy Policy and ensure its compliance with applicable legal regulations, this Privacy Policy may be subject to change. The date of the last update, indicated at the beginning of this Privacy Policy, will be modified accordingly. Users will be notified of any significant changes either via a notice posted on the online store's website or directly. The Administrator recommends that Users regularly review this Privacy Policy to stay informed about how their personal data is protected.
4. Contact Information
   If you have any questions related to personal data protection or wish to obtain information regarding this Privacy Policy, you can contact the Administrator via email at sekretariat@otmetzbyt.com.pl or by postal mail at the following address: Kilińskiego 1, 47-303 Krapkowice.