PRIVACY POLICY
wentech-composites.com

§ 1 General Provisions

  1. The data controller for the personal data of users of the website operating under the domain www.wentech-composites.com is “WENTYLATORY WENTECH” SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office at ul. Rzemieślnicza 6, 41-407 Imielin, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court Katowice-Wschód in Katowice, 8th Commercial Division of the National Court Register, under KRS number: 0000169084, NIP number: 2220013922, REGON number: 271953069, with share capital of PLN 600,000.00, fully paid up (hereinafter: the “Controller”).
  2. The Controller has designated a single electronic point of contact for direct communication with Member State authorities, the European Commission and the European Board for Digital Services: info@wentech-composites.com. The same point of contact may be used by any Customer for direct and quick communication with the Controller.
  3. The Controller may also be contacted:
    in writing, at the address indicated above,
    via the contact form available on the website, or
    by phone at: +48 (32) 225 88 99 (the Controller’s working hours are from 8:00 a.m. to 4:00 p.m. on business days; charges apply as for a standard telephone call, in accordance with the tariff plan of the service provider used by the Customer).
  4. Communication may be conducted in Polish or English.
  5. The purpose of this Policy is to define the measures taken with respect to personal data collected through the Controller’s website and the related services and tools used by its users, as well as in connection with the conclusion and performance of agreements in communication outside the website.
  6. If necessary, the provisions of this Policy may be amended. Any amendment will be communicated to users by publishing the new wording of the Policy. In the case of a database of persons who have consented to the processing of their data by e-mail or who have provided their e-mail address in connection with the performance of agreements, such persons will also be notified of the amendment by e-mail.

§ 2 Legal Bases for Processing, Purposes and Retention of Personal Data

  1. Users personal data are processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act and the Act on the Provision of Electronic Services of 18 July 2002, as amended. For the purposes of submitting a notice under Article 16(1) of Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act) (OJ EU L 2022.277.1, as amended; the “DSA”), personal data are also processed on the basis of Article 3(h) of the DSA.

  2. The Controller may collect the following data for the following purposes:
  1. To the extent necessary for the proper operation of the website, its functionalities and the proper processing of payment transactions, if such transactions are carried out through the website, the website uses the User’s technical metadata. For the purposes of this Policy, metadata means data read and recognised by the website’s IT system concerning the configuration and components of the computer used by the User, in order to adapt the website to the User’s technical capabilities and to establish a secure connection between the User’s computer and the website.

    Importantly, such metadata cannot lead to the identification of the User and is not in any way harmful to the data stored on the User’s computer. Nevertheless, the User has the right to withdraw consent to the processing of metadata at any time by appropriately configuring their browser or by installing an appropriate browser extension provided by the browser manufacturer. For this purpose, the User should consult the software manufacturer’s instructions and recommendations.

  2. The Controller may use profiling for direct marketing purposes. However, decisions made by the Controller on the basis of such profiling do not concern the conclusion or refusal to conclude an agreement, nor do they affect the possibility of using electronic services.

    The use of profiling may result, for example, in granting a person a discount, sending them a discount code, reminding them of unfinished purchases, sending them a product proposal that may correspond to their interests or preferences, or offering them more favourable terms compared to the standard offer.

    Despite the use of profiling, the person concerned freely decides whether they wish to use the discount or more favourable terms received in this way and make a purchase.

    Profiling consists of the automated analysis or prediction of a person’s behaviour on the Controller’s website, for example by adding a specific product to the cart, viewing a specific product page, or analysing the previous history of activity on the website.

    A condition for such profiling is that the Controller has the personal data of the person concerned in order to subsequently send them, for example, a discount code.

  3. To the extent necessary for the proper operation of the website and its functionalities, the website may collect other information while it is being used by the User, including in particular:

    • IP address;
    • information about the device, hardware and software, such as hardware identifiers and mobile device identifiers, for example Apple Identifier for Advertising (“IDFA”) or the advertising identifier on an Android device (“AAID”);
    • platform type;
    • settings and components;
    • web browser data, including browser type and preferred language.
  4. Taking into account the nature, scope, context and purposes of processing, as well as the risk of infringement of the rights or freedoms of natural persons of varying likelihood and severity, the Controller implements appropriate technical and organisational measures to ensure that processing is carried out in accordance with the Regulation and to be able to demonstrate such compliance.These measures are reviewed and updated where necessary. The Controller applies technical measures to prevent unauthorised persons from obtaining and modifying personal data transmitted electronically.

§ 3 Data Sharing

  1. The Controller ensures that all personal data collected are used to fulfil its obligations towards users. Such information will not be disclosed to third parties, except where:
    • the persons to whom the data relate have given their prior explicit consent to such disclosure; or
    • the obligation to disclose such data results, or will result, from applicable law, for example to law enforcement authorities.
  2. In addition, the personal data of service users and customers may be disclosed to the following recipients or categories of recipients:

    • service providers supplying the Controller with technical, IT and organisational solutions enabling the Controller to conduct its business activity, including the operation of the website and the provision of electronic services through it, in particular providers of computer software, marketing agencies, e-mail and hosting providers, providers of business management software and technical support for the Controller, as well as product delivery operators. The Controller discloses the Customer’s collected personal data to a selected provider acting on its behalf only where, and to the extent, necessary to achieve a specific purpose of data processing in accordance with this Privacy Policy;
    • providers of accounting, legal and advisory services that provide the Controller with accounting, legal or advisory support, in particular accounting offices, law firms or debt collection companies. The Controller discloses the Customer’s collected personal data to a selected provider acting on its behalf only where, and to the extent, necessary to achieve a specific purpose of data processing in accordance with this Privacy Policy;
    • Albacross, with its registered office at Warszawska 20, 31-155 Kraków, Poland, for the purposes of analytical tools used to analyse website statistics and track actions taken by users on the website.
  3. The Controller may disclose anonymised data, i.e. data that do not identify specific Users, to external service providers in order to better understand the attractiveness of advertisements and services to users. In this respect, due to the location of software providers, data may be transferred, while maintaining appropriate data protection standards, to third countries which ensure the use of standard contractual clauses approved by the European Commission for the processing of personal data, or which have appropriate authorisations for such processing on the basis of bilateral data processing agreements between the European Union and a given third country that is not a member of the European Economic Area.

    In the case of the Controller, such entities include:

    • Google LLC, with its registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the purposes of Google Analytics, used to analyse website statistics; Google Search Console; Google Tag Manager, used to manage scripts by easily adding code snippets to a website or application and to track actions taken by users on the website; Google Ads, used to display sponsored links in Google search results and on websites participating in the Google AdSense programme; and Google Workspace, enabling comprehensive website editing and coordination of work by persons involved in the website, including Google Drive, Gmail, Google Sheets, Google Forms and Google Looker Studio;
    • WordPress, with its registered office at CT Corporation System, 330 N Brand Blvd., Glendale, California 91023-2336, for the purposes of hosting and building the website, as well as analysing website statistics and tracking actions taken by users on the website.
  4. The Controller conducts ongoing risk analysis to ensure that personal data are processed securely, in particular to ensure that access to data is granted only to authorised persons and only to the extent necessary for the performance of their tasks. The Controller ensures that all operations performed on personal data are recorded and carried out only by authorised employees and co-workers.
  5. The Controller takes all necessary measures to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Controller.
  6. Third-party analytics technologies integrated with the Controller’s services, including SDKs (Software Development Kits) and APIs (Application Programming Interfaces), may combine data collected in connection with the user’s use of the Controller’s website with information that they have collected separately over time and/or across different platforms. Many of these companies collect and use information on the basis of their own privacy policies, which can be found on their websites. The Controller encourages users to read those policies.
  7. The Controller’s website may use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies to help website operators analyse how visitors use their websites.

    The information generated by cookies about visitors’ use of the website is usually transmitted to Google and stored by Google on servers in the United States. In accordance with current IT standards, the IP addresses of users visiting the Controller’s website are shortened. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and shortened there.

    On behalf of the Controller, Google will use this information to evaluate the website for its users, prepare reports on website traffic and provide website operators with other services related to website traffic and Internet use. Google will not combine the IP address transmitted as part of Google Analytics with any other data held by Google.

    More information on how Google Analytics collects and uses data can be found on Google’s official website at: www.google.com/policies/privacy/partners. In addition, each User may prevent Google from collecting and processing data relating to their use of the website by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout.

  8. When disclosing data to third parties, the Controller makes every effort to ensure that such disclosure is made only to entities that meet the criteria and requirements set out in Article 46 or Article 49 of the GDPR. Where applicable, the Controller will rely on the EU Standard Contractual Clauses and other safeguards to enable transfers outside the EEA.

    In accordance with the judgment of the Court of Justice of the European Union of 16 July 2020, the Controller continues to assess the legal systems of the countries to which data are transferred and, where necessary, updates the measures aimed at ensuring an adequate level of protection.

  9. With respect to data transferred to the United States, when disclosing data to third parties, the Controller makes every effort to ensure that, in accordance with the European Commission decision of 10 July 2023, such disclosure is made only to entities and organisations in the USA that ensure compliance with the new EU-U.S. Data Privacy Framework. The list of such organisations has been published by the U.S. Department of Commerce.

    The transfer of personal data from the EEA to organisations that have joined the EU-U.S. Data Privacy Framework and are included on that list is possible without the need to obtain additional authorisations or to use legal instruments such as Standard Contractual Clauses or Binding Corporate Rules.

    However, where a given data importer in the USA has not joined the EU-U.S. Data Privacy Framework, the transfer of personal data to that importer is possible and will be carried out after the conditions set out in Article 46 or Article 49 of the GDPR have been met. In such cases, the Controller will rely on the EU Standard Contractual Clauses and other safeguards to enable transfers outside the EEA.

§ 4 User Rights

  1. A User whose personal data are processed has the right to:

    • access, rectification, restriction, erasure and portability of data. The data subject has the right to request from the Controller access to their personal data, rectification or erasure of such data (“right to be forgotten”), or restriction of processing, and has the right to object to processing, as well as the right to data portability. The detailed conditions for exercising the above rights are set out in Articles 15-21 of the GDPR;
    • withdraw consent at any time. Where the Controller processes personal data on the basis of consent, pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal;
    • lodge a complaint with a supervisory authority. The data subject has the right to lodge a complaint with a supervisory authority in the manner and according to the procedure specified in the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office in Warsaw;
    • object to processing. The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them based on Article 6(1)(e) of the GDPR, i.e. public interest or official authority, or Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the Controller, including profiling based on those provisions. In such a case, the Controller may no longer process such personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, pursuit or defence of claims;
    • object to direct marketing. Where personal data are processed for direct marketing purposes, based on the legitimate interest of the Controller and not on the consent of the data subject, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.
  2. The above rights may be exercised by sending a request to the Controller’s e-mail address. Such request should include the User’s full name.
  3. The User confirms that the data provided or published by them on the website are correct.

§ 5 Cookies

  1. “Cookies” should be understood as IT data, in particular text files, stored on users’ end devices, usually on a computer hard drive or mobile device, which are used by the user’s browser to save certain settings and data for the purpose of using websites. These files allow the user’s device to be recognised and the website to be displayed properly, ensuring a more convenient user experience. The storage of cookies therefore enables the website and its offer to be adapted to the user’s preferences. The server recognises the user and remembers, among other things, preferences such as visits, clicks and previous actions.
  2. The following cookies are used on the website:
  1. Cookies contain, in particular, the domain name of the website from which they originate, the period for which they are stored on the end device, and a unique number used to identify the browser from which the connection to the website is made.
  2. Cookies are used for the following purposes:
    • adapting the content of websites to the User’s preferences and optimising the use of websites;
    • creating anonymous statistics which help determine how the User uses websites and therefore make it possible to improve their structure and content;
    • providing website users with advertising content tailored to their interests.

      Cookies are not used to identify the User, and the User’s identity is not determined on their basis.

       

  3. Cookies are generally divided into the following categories
    • Strictly necessary cookies. These cookies are essential for the proper operation of the website or the functionalities which the User wishes to use, as without them we would not be able to provide many of the services we offer. Some of these cookies also ensure the security of the services we provide electronically.
    • Functional cookies. These cookies are important for the operation of the website because:
      – they enhance the functionality of websites. Without them, the website will operate correctly, but it will not be adapted to the User’s preferences;
      – they help ensure a high level of website functionality. Without them, the functionality of the website may be reduced, but their absence should not make it completely impossible to use the website;
      – they support most website functionalities. Blocking them will cause selected functions not to work properly.
    • Business cookies. These cookies enable the implementation of the business model on the basis of which the website is made available. Blocking them will not make all functionalities unavailable, but it may reduce the level of service provision due to the website owner’s inability to generate revenue supporting the operation of the website. This category includes, for example, advertising cookies.
    • Website configuration cookies. These cookies enable the configuration of functions and services on websites.
    • Security and reliability cookies. These cookies enable authentication verification and optimisation of website performance.
    • Session state cookies. These cookies make it possible to store information on how Users use the website. They may relate to the most frequently visited pages or any error messages displayed on certain pages. Cookies used to record the so-called “session state” help improve services and increase browsing convenience.
    • Process cookies. These cookies enable the efficient operation of the website and the functions available on it.
    • Analytics, research and audience measurement cookies. These cookies enable website owners to better understand users’ preferences and, through analysis, improve and develop products and services. Usually, the website owner or a research company collects information anonymously and processes data concerning trends, without identifying the personal data of individual users.
  4. The use of cookies to adapt the content of websites to the User’s preferences does not, as a rule, involve collecting any information that allows the User to be identified. However, in some cases, such information may constitute personal data, that is, data enabling certain behaviour to be attributed to a specific User.
  5. Personal data collected using cookies may be collected only for the purpose of performing specific functions for the User. Such data are encrypted in a way that prevents unauthorised persons from accessing them.
  6. The cookies used by this website are not harmful either to the User or to the end device used by the User. Therefore, in order for the website to operate properly, it is recommended that cookies are not disabled in browsers.
  7. In many cases, software used for browsing websites, namely a web browser, allows information to be stored by default in the form of cookies and other similar technologies on the User’s end device.
  8. The User may change the way in which cookies are used by their browser at any time. To do so, the User should change the browser settings. The method of changing these settings differs depending on the software used, namely the web browser. Relevant guidance can be found on the support pages of the browser used by the User.
  9. As part of cookie technologies, the Controller may use tracking pixels or clear GIFs to collect information about how the User uses the Controller’s services and how the User responds to marketing messages sent by e-mail.
  10. A pixel is a software code that enables an object, usually an image the size of a pixel, to be embedded on a website and allows the behaviour of users on the websites where it is placed to be tracked.
  11. After the User gives the relevant consent, the browser automatically establishes a direct connection with the server storing the pixel. Therefore, the processing of data collected by the pixel is carried out under the privacy policy of the partner that administers that server.
  12. The Controller may use web server logs, which contain technical data such as the User’s IP address, to monitor traffic within its services, troubleshoot technical problems, detect and prevent fraud, and enforce the provisions of the User Agreement.
  13. The Controller informs that the website does not respond to Do Not Track (“DNT”) signals. However, the User may disable certain forms of online tracking, including some analytics data and personalised advertising, by changing cookie settings in their browser or by using our cookie consent tools, where applicable.
  14. Detailed information on changing cookie settings and deleting cookies independently in the most popular web browsers is available in the help section of the relevant browser and on the following websites:
  15. Detailed information on managing cookies on a mobile phone or another mobile device should be available in the user manual of the relevant mobile device.