Privacy Policy
1. General Provisions
a. This Privacy Policy sets out the rules for the processing of personal data and the use of cookies and similar technologies in connection with the use of the website available at: https://pronetkrakow.com.pl/pl/
b. The Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) and national regulations concerning the provision of electronic services and the use of cookies. The rights of data subjects and the legal bases for processing arise directly from the GDPR.
c. The website is of an informational and commercial nature and is used in particular to present the offer, enable contact with the Controller, and handle inquiries regarding products and cooperation. The site includes a contact form and elements of an online store based on PrestaShop.
2. Personal Data Controller
The controller of personal data is:
Digital IT Rafał Świerczyński
ul. B. Wallek-Walewskiego 9, 30-094 Kraków
Entered into the CEIDG register of entrepreneurs
NIP: 6772071523
REGON: 121841243
e-mail: info@digitalit.pl
tel.: + 48 12 312 41 04
In matters concerning the processing of personal data, you may contact the Controller at the above e-mail address or in writing at the registered office address.
3. Scope and Sources of Data
The Controller may process personal data voluntarily provided by the user, in particular:
first and last name,
e-mail address,
telephone number,
company details,
correspondence or delivery address,
data necessary for issuing accounting documents,
the content of a message sent via the contact form or e-mail,
technical data concerning the use of the website, including IP address, information about the device, browser, session, and activity on the website.
Data are obtained directly from the user and automatically during the use of the website through cookies and similar technologies.
4. Purposes, Legal Bases, and Data Retention Periods
4.1. Contact with the Controller
Data provided in the contact form, e-mail message, or during telephone contact are processed for the purpose of:
responding to an inquiry,
conducting correspondence,
taking steps prior to entering into a contract or performing a contract.
Legal basis:
Article 6(1)(b) GDPR – taking steps at the request of the data subject prior to entering into a contract or performance of a contract,
Article 6(1)(f) GDPR – the Controller’s legitimate interest consisting in handling correspondence and defending against claims.
Retention period:
until the correspondence is concluded, and thereafter until the limitation period for potential claims expires or for the period required by law.
4.2. Handling Quotations, Orders, and Commercial Cooperation
If the user submits a quotation request, an order, or conducts correspondence with the Controller aimed at entering into and performing a contract, personal data are processed for the purpose of:
preparing an offer,
accepting and processing the order,
contact regarding order fulfillment,
product delivery,
issuing accounting documents,
fulfilling obligations related to complaints, statutory warranty, guarantee, or conformity of goods with the contract.
Legal basis:
Article 6(1)(b) GDPR – performance of a contract or steps prior to entering into a contract,
Article 6(1)(c) GDPR – compliance with legal obligations incumbent on the Controller, in particular tax, accounting, and consumer law obligations,
Article 6(1)(f) GDPR – establishment, exercise, or defense of claims.
Retention period:
for the duration of the contract, and thereafter for the period required by law, including tax and accounting regulations, and until the limitation period for claims expires.
4.3. Direct Marketing and Newsletter
If the user gives separate consent to receive commercial information or subscribes to the newsletter, their data will be processed for the purpose of sending marketing content, information about the offer, new products, promotions, or events.
Legal basis:
Article 6(1)(a) GDPR – consent of the data subject,
Article 6(1)(f) GDPR – the Controller’s legitimate interest consisting in analyzing the effectiveness of marketing communication, provided that such analysis is carried out lawfully.
Retention period:
until consent is withdrawn or an effective objection is raised, and thereafter for the period necessary to demonstrate the lawfulness of the Controller’s actions.
Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
4.4. Website Analytics and Statistics
If analytical cookies or similar technologies are used on the website, data may be processed for the purpose of:
generating statistics,
analyzing the way the website is used,
improving the functionality and security of the site.
Legal basis:
Article 6(1)(a) GDPR – user consent, insofar as analytics are based on cookies or similar technologies requiring consent,
Article 6(1)(f) GDPR – the Controller’s legitimate interest in internal analysis and ensuring security, insofar as the processing does not require prior consent. The Polish DPA emphasizes that consent to cookies must not be forced and must be easy to withdraw.
Retention period:
until the cookies expire, are deleted by the user, or consent is withdrawn – whichever occurs first.
4.5. Establishment, Exercise, or Defense of Claims
Data may also be processed for the purpose of establishing, pursuing, or defending against claims related to the Controller’s business activity, the use of the website, or a concluded contract.
Legal basis:
Article 6(1)(f) GDPR – the Controller’s legitimate interest.
Retention period:
until the limitation period for claims expires or until proceedings are finally concluded.
5. Voluntary Provision of Data
Providing personal data is voluntary, but in some cases necessary in order to:
receive a reply to a message,
obtain a quotation,
conclude and perform a contract,
issue accounting documents,
receive a newsletter or other commercial information.
Failure to provide data may make it impossible to handle an inquiry, complete an order, or provide a specific service.
6. Recipients of Data
Personal data may be transferred to entities cooperating with the Controller only to the extent necessary to achieve the purposes of processing, in particular:
hosting and website maintenance providers,
IT support and software providers,
e-mail service providers and standard office software providers,
courier companies, carriers, and logistics operators,
accounting offices and accounting service providers,
providers of analytical or marketing tools – if used,
law firms and entities supporting the Controller in establishing or defending claims,
authorized public authorities, if the obligation to disclose data arises from legal provisions.
7. Transfer of Data Outside the European Economic Area
As a rule, the Controller does not intend to transfer personal data outside the European Economic Area.
However, if the Controller uses tools provided by suppliers established outside the EEA, in particular analytical, marketing, or cloud tools, data may be transferred to third countries only with the use of mechanisms provided for by law, such as:
a European Commission adequacy decision,
standard contractual clauses,
other appropriate safeguards permitted under the GDPR.
The European Commission indicates that transfers to third countries may be based, among other things, on adequacy decisions and standard contractual clauses. With regard to the United States, the Commission has adopted a decision regarding the EU-U.S. Data Privacy Framework.
8. Rights of Data Subjects
Every data subject has the right to:
access their data,
obtain a copy of their data,
rectify their data,
erase their data,
restrict processing,
data portability,
object to processing based on Article 6(1)(f) GDPR,
withdraw consent at any time, if processing is based on consent,
lodge a complaint with the President of the Personal Data Protection Office.
These rights arise from the GDPR, in particular Articles 15–21.
9. Data Security
The Controller applies appropriate technical and organizational measures to protect personal data against loss, destruction, disclosure, unauthorized access, or unauthorized modification.
The website uses an encrypted SSL/TLS connection. The previous policy and the current structure of the website indicate the use of a secure connection, and the site itself operates under HTTPS.
10. Cookies and Similar Technologies
a. The website uses cookies and similar technologies.
b. Cookies may be used for the following purposes:
ensuring the proper functioning of the website,
maintaining the user’s session,
remembering selected settings,
statistics and analytics,
marketing activities – only if such tools are actually used and the user has consented to them.
c. Cookies necessary for the proper functioning of the website may be used without the user’s consent, whereas analytical and marketing cookies require consent if required by applicable law. The Polish DPA emphasizes that consent should be voluntary, informed, and as easy to withdraw as it is to give.
d. The user may manage cookie settings through their browser and – if the website provides such functionality – through the consent banner or consent management panel.
e. Restricting the use of cookies may affect certain functionalities of the website.
f. The retention period of cookies depends on their type and purpose. Session cookies are stored until the session ends, and persistent cookies until they expire or are deleted by the user.
11. Links to External Websites and Social Media
The website may contain links to external websites and social media profiles, including Facebook. The use of these services is subject to the rules and privacy policies applied by their providers. The website contains links to Facebook and other related websites.
12. Changes to the Privacy Policy
The Controller may update this Privacy Policy, in particular in the event of:
changes in legal regulations,
changes in website functionality,
changes in the method of data processing or the tools used.
The current version of the Privacy Policy is published on the website.
1. General Provisions
a. This Privacy Policy sets out the rules for the processing of personal data and the use of cookies and similar technologies in connection with the use of the website available at: https://pronetkrakow.com.pl/pl/
b. The Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) and national regulations concerning the provision of electronic services and the use of cookies. The rights of data subjects and the legal bases for processing arise directly from the GDPR.
c. The website is of an informational and commercial nature and is used in particular to present the offer, enable contact with the Controller, and handle inquiries regarding products and cooperation. The site includes a contact form and elements of an online store based on PrestaShop.
2. Personal Data Controller
The controller of personal data is:
Digital IT Rafał Świerczyński
ul. B. Wallek-Walewskiego 9, 30-094 Kraków
Entered into the CEIDG register of entrepreneurs
NIP: 6772071523
REGON: 121841243
e-mail: info@digitalit.pl
tel.: + 48 12 312 41 04
In matters concerning the processing of personal data, you may contact the Controller at the above e-mail address or in writing at the registered office address.
3. Scope and Sources of Data
The Controller may process personal data voluntarily provided by the user, in particular:
first and last name,
e-mail address,
telephone number,
company details,
correspondence or delivery address,
data necessary for issuing accounting documents,
the content of a message sent via the contact form or e-mail,
technical data concerning the use of the website, including IP address, information about the device, browser, session, and activity on the website.
Data are obtained directly from the user and automatically during the use of the website through cookies and similar technologies.
4. Purposes, Legal Bases, and Data Retention Periods
4.1. Contact with the Controller
Data provided in the contact form, e-mail message, or during telephone contact are processed for the purpose of:
responding to an inquiry,
conducting correspondence,
taking steps prior to entering into a contract or performing a contract.
Legal basis:
Article 6(1)(b) GDPR – taking steps at the request of the data subject prior to entering into a contract or performance of a contract,
Article 6(1)(f) GDPR – the Controller’s legitimate interest consisting in handling correspondence and defending against claims.
Retention period:
until the correspondence is concluded, and thereafter until the limitation period for potential claims expires or for the period required by law.
4.2. Handling Quotations, Orders, and Commercial Cooperation
If the user submits a quotation request, an order, or conducts correspondence with the Controller aimed at entering into and performing a contract, personal data are processed for the purpose of:
preparing an offer,
accepting and processing the order,
contact regarding order fulfillment,
product delivery,
issuing accounting documents,
fulfilling obligations related to complaints, statutory warranty, guarantee, or conformity of goods with the contract.
Legal basis:
Article 6(1)(b) GDPR – performance of a contract or steps prior to entering into a contract,
Article 6(1)(c) GDPR – compliance with legal obligations incumbent on the Controller, in particular tax, accounting, and consumer law obligations,
Article 6(1)(f) GDPR – establishment, exercise, or defense of claims.
Retention period:
for the duration of the contract, and thereafter for the period required by law, including tax and accounting regulations, and until the limitation period for claims expires.
4.3. Direct Marketing and Newsletter
If the user gives separate consent to receive commercial information or subscribes to the newsletter, their data will be processed for the purpose of sending marketing content, information about the offer, new products, promotions, or events.
Legal basis:
Article 6(1)(a) GDPR – consent of the data subject,
Article 6(1)(f) GDPR – the Controller’s legitimate interest consisting in analyzing the effectiveness of marketing communication, provided that such analysis is carried out lawfully.
Retention period:
until consent is withdrawn or an effective objection is raised, and thereafter for the period necessary to demonstrate the lawfulness of the Controller’s actions.
Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
4.4. Website Analytics and Statistics
If analytical cookies or similar technologies are used on the website, data may be processed for the purpose of:
generating statistics,
analyzing the way the website is used,
improving the functionality and security of the site.
Legal basis:
Article 6(1)(a) GDPR – user consent, insofar as analytics are based on cookies or similar technologies requiring consent,
Article 6(1)(f) GDPR – the Controller’s legitimate interest in internal analysis and ensuring security, insofar as the processing does not require prior consent. The Polish DPA emphasizes that consent to cookies must not be forced and must be easy to withdraw.
Retention period:
until the cookies expire, are deleted by the user, or consent is withdrawn – whichever occurs first.
4.5. Establishment, Exercise, or Defense of Claims
Data may also be processed for the purpose of establishing, pursuing, or defending against claims related to the Controller’s business activity, the use of the website, or a concluded contract.
Legal basis:
Article 6(1)(f) GDPR – the Controller’s legitimate interest.
Retention period:
until the limitation period for claims expires or until proceedings are finally concluded.
5. Voluntary Provision of Data
Providing personal data is voluntary, but in some cases necessary in order to:
receive a reply to a message,
obtain a quotation,
conclude and perform a contract,
issue accounting documents,
receive a newsletter or other commercial information.
Failure to provide data may make it impossible to handle an inquiry, complete an order, or provide a specific service.
6. Recipients of Data
Personal data may be transferred to entities cooperating with the Controller only to the extent necessary to achieve the purposes of processing, in particular:
hosting and website maintenance providers,
IT support and software providers,
e-mail service providers and standard office software providers,
courier companies, carriers, and logistics operators,
accounting offices and accounting service providers,
providers of analytical or marketing tools – if used,
law firms and entities supporting the Controller in establishing or defending claims,
authorized public authorities, if the obligation to disclose data arises from legal provisions.
7. Transfer of Data Outside the European Economic Area
As a rule, the Controller does not intend to transfer personal data outside the European Economic Area.
However, if the Controller uses tools provided by suppliers established outside the EEA, in particular analytical, marketing, or cloud tools, data may be transferred to third countries only with the use of mechanisms provided for by law, such as:
a European Commission adequacy decision,
standard contractual clauses,
other appropriate safeguards permitted under the GDPR.
The European Commission indicates that transfers to third countries may be based, among other things, on adequacy decisions and standard contractual clauses. With regard to the United States, the Commission has adopted a decision regarding the EU-U.S. Data Privacy Framework.
8. Rights of Data Subjects
Every data subject has the right to:
access their data,
obtain a copy of their data,
rectify their data,
erase their data,
restrict processing,
data portability,
object to processing based on Article 6(1)(f) GDPR,
withdraw consent at any time, if processing is based on consent,
lodge a complaint with the President of the Personal Data Protection Office.
These rights arise from the GDPR, in particular Articles 15–21.
9. Data Security
The Controller applies appropriate technical and organizational measures to protect personal data against loss, destruction, disclosure, unauthorized access, or unauthorized modification.
The website uses an encrypted SSL/TLS connection. The previous policy and the current structure of the website indicate the use of a secure connection, and the site itself operates under HTTPS.
10. Cookies and Similar Technologies
a. The website uses cookies and similar technologies.
b. Cookies may be used for the following purposes:
ensuring the proper functioning of the website,
maintaining the user’s session,
remembering selected settings,
statistics and analytics,
marketing activities – only if such tools are actually used and the user has consented to them.
c. Cookies necessary for the proper functioning of the website may be used without the user’s consent, whereas analytical and marketing cookies require consent if required by applicable law. The Polish DPA emphasizes that consent should be voluntary, informed, and as easy to withdraw as it is to give.
d. The user may manage cookie settings through their browser and – if the website provides such functionality – through the consent banner or consent management panel.
e. Restricting the use of cookies may affect certain functionalities of the website.
f. The retention period of cookies depends on their type and purpose. Session cookies are stored until the session ends, and persistent cookies until they expire or are deleted by the user.
11. Links to External Websites and Social Media
The website may contain links to external websites and social media profiles, including Facebook. The use of these services is subject to the rules and privacy policies applied by their providers. The website contains links to Facebook and other related websites.
12. Changes to the Privacy Policy
The Controller may update this Privacy Policy, in particular in the event of:
changes in legal regulations,
changes in website functionality,
changes in the method of data processing or the tools used.
The current version of the Privacy Policy is published on the website.