PRIVACY POLICY
This document explains how personal data are processed by Wielobranżowa i Projektowa spółka z ograniczoną odpowiedzialnością “Monat”, ul. Przyrodników 19, 80-298 Gdańsk.
I. Definitions
1. Controller – Wielobranżowa i Projektowa spółka z ograniczoną odpowiedzialnością “Monat”, ul. Przyrodników 19, 80-298 Gdańsk (hereinafter referred to as the PDC).
2. Personal Data – information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, psychological, economic, cultural or social identity, including device IP, location data, online identifier and information collected using cookies and other similar technology.
3. Policy – this Privacy Policy.
4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
5. Website – an online website operated by the Controller at the address: https://monat.pl/
6. User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.
II. Processing of personal data – purposes and the basis
The Controller analyses the risk on an ongoing basis to ensure that Personal Data are processed by them in a safe manner – ensuring in the first place that only authorized persons have access to data and only to the extent that necessary for the tasks performed by them. The Controller ensures that all operations on Personal Data are recorded and performed only by authorized employees and associates. The Controller takes all necessary steps to ensure that their subcontractors and other cooperating entities guarantee the use of appropriate security measures, whenever they process Personal Data at the request of the Controller.
In connection with the User’s use of the Website, the Controller collects data that are necessary to provide the services offered, and information about the User’s activity on the Website. Detailed principles and purposes for which Personal Data, collected while the User is using the Website, are processed are described below.
ü Use of the website
● Personal Data of all persons using the Website (including IP address or other identifiers and information collected using cookies or other similar technologies) are processed by the Controller:
● to provide electronic services that involve making the content collected on the Website available to Users – the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR);
● for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) that involves analysing the Users’ activities and their preferences to improve the functionalities used and the services provided;
● to establish and pursue or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) that involves the protection of the Controller’s rights;
ü Contact forms
● The Controller may be contacted via electronic contact forms. Using the form requires providing Personal Data that are necessary to contact the User and answer their inquiry. The following data must be provided: name, surname, email address, telephone number, company name.
● Personal data are processed:
● to identify the sender and handle their inquiry sent via the form provided pursuant to Article 6(1)(f) of the GDPR, where the legitimate interest is to answer the inquiry.
ü Data processed for the purpose of using products and services offered by the Controller.
The data will be processed for the following purposes:
ü implementation of a contract, if any, including the provision of services – the processing of personal data is based on Article 6(1)(b) of the GDPR;
ü using the products and services offered by the PDC – the processing of personal data is based on Article 6(1)(b) of the GDPR;
ü implementation of contracts concluded – the processing of personal data is based on Article 6(1)(b) of the GDPR;
ü issuing and keeping VAT invoices and other accounting documents – legal basis – Article 6(1)(c) of the GDPR;
ü establishing, defending against or pursuing potential claims – legal basis – Article 6(1)(f) of the GDPR, where the legitimate interest is to defend against or pursue potential claims;
ü accepting and processing the order – legal basis – Article 6(1)(b) of the GDPR;
ü contacting you – legal basis – Article 6(1)(f) of the GDPR, where the legitimate interest is to contact you and settle the matter;
ü processing service requests – legal basis – Article 6(1)(f) of the GDPR, where the legitimate interest is to process the request;
ü proper handling by the PDC, including in order to settle your matter electronically or by telephone in accordance with Article 6(1)(f) of the GDPR, where the legitimate interest is to ensure proper customer service;
ü processing complaints in accordance with Article 6(1)(f) of the GDPR, where the legitimate interest of the Controller is to process complaints;
ü responding to the data subject’s request in accordance with Article 6(1)(f) of the GDPR;
ü archiving in accordance with Article 6(1)(c) of the GDPR.
ü Direct marketing
● Services and offers may be promoted using social media such as Facebook, Linkedin or YT.
● In some cases, the Controller may also conduct direct marketing via traditional mail. The User will be notified separately of the intention to conduct this type of marketing. In this case, the basis for personal data processing will be Article 6(1)(f) of the GDPR. The User will be authorized to object to this type of marketing.
ü Collecting data as part of business contacts
● In connection with its business activities, the Controller also collects personal data in other cases – e.g. during business meetings or by exchanging business cards – for purposes related to initiating and maintaining business contacts. In this case, the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) that involves creating a network of contacts in connection with its business activities. Personal data collected in such cases are processed only for the purpose for which they were collected, and the Controller ensures their appropriate protection.
Providing personal data is voluntary but necessary to accomplish the above-mentioned purposes.
III. Cookies
ü Cookies are IT data, in particular text files, which are stored on the Website User’s end device and are intended for using the Website’s pages. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number of the User’s visit on the Website and the activities performed.
ü We use cookies for the following purposes:
● to adapt the content of the Website pages to the User’s preferences and optimize the use of website pages; in particular, cookies allow to recognize the User’s device and properly display the website page, tailored to their individual needs,
● to create statistics that help understand how the Users of the Website use website pages, which allows improving their structure and content;
IV. Period of processing of personal data
The period of retention depends on the type of services provided and the purpose of processing. As a rule, we process data for the duration of use of the Website; if you send an inquiry via the contact form, personal data will be retained for the period necessary to respond to the inquiry. If any contracts are performed, for the duration of the contract and for the period of any claims, up to a maximum of 6 years after termination. For direct marketing, personal data will be processed until an objection is raised. If the basis for the processing of personal data is consent – until it is withdrawn.
The data processing period may be extended if the processing is necessary to establish and pursue or defend against potential claims, and after this period, only if and to the extent that it is required by law. After the expiry of the processing period, the data will be irreversibly erased or anonymized.
V. Rights of data subject
The User has the right to access the data and rectify or delete them, or limit their processing, the right to transfer personal data and raise an objection to data processing.
The User has also the right to lodge a complaint with the supervisory authority, namely the Office of Personal Data Protection, ul. Stawki 2, Warszawa.
If you need more information related to personal data protection or want to exercise your rights, please contact us:
ü send correspondence to the address: Wielobranżowa i Projektowa spółka z ograniczoną odpowiedzialnością “Monat”, ul. Przyrodników 19, 80-298 Gdańsk Warszawa
ü via e-mail: monat@monat.pl
VI. To whom we transfer personal data?
Only authorized employees and associates of the Controller have access to personal data.
In connection with the provision of services, Personal Data may be disclosed to third-party entities, in particular vendors responsible for IT systems and the Controller’s affiliates.
The Controller reserves the right to disclose selected information about the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
VII. Transfer of personal data outside the EEA
The Controller does not transfer data outside the EEA, but if this is necessary the Controller will use the necessary level of protection in accordance with Chapter V of the GDPR, e.g.:
ü cooperation with processors of Personal Data in countries for which an appropriate decision has been issued by the European Commission regarding the assurance of an adequate level of protection of Personal Data;
ü the use of standard contractual clauses issued by the European Commission;
ü the use of binding corporate rules approved by the relevant supervisory authority;
The Controller always notifies of the intended transfer of Personal Data outside the EEA when the data are collected.
VIII. Privacy Policy update
The Policy is verified on an ongoing basis and updated, where necessary. Last updated 02/10/2023