Privacy Policy

version valid from 04.10.2021

WHAT IS A PRIVACY POLICY?

 

We would like to familiarize you with the details concerning the processing of your personal data by us in order to provide you with complete knowledge and comfort in using our website.

 

Due to the fact that we ourselves operate in the internet industry, we know how important it is to protect your personal data. Therefore, we take special care to protect your privacy and the information you provide.

 

We carefully select and apply proper technical means, especially those of a programming and organizational nature, ensuring the protection of processed personal data. Our website takes advantage of encrypted data transmission (SSL), which ensures the protection of your identifying data.

 

In our Privacy Policy you will find the most important information concerning the processing of your personal data by us. We kindly ask you to read it and we promise that it will not take more than a few minutes.

 

Who is the administrator of the b2bgrenton.abstore.pl website and the www.grenton.pl/com/al/ch/de/es/hu/it/lt/ro/se/sk/uk website?

The website administrator is GRENTON SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Kraków at ul. Na Wierzchowinach 3, 30-222 Kraków, registered by the District Court for Kraków – Śródmieście in Kraków, 11th Commercial Division of the National Court Register, KRS number 0000374071, NIP 6793054754, REGON 121424344, with share capital in the amount of: PLN 1 004 700,00 (meaning: us).

 

 

PERSONAL DATA

 

What legal act regulates the processing of your personal data?

Your personal data is collected and processed by us in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and repeal of Directive 95/46/EC (general regulation on data protection) (OJ UE L 119, p. 1), commonly known as: GDPR. In the extent not regulated by GDPR, the processing of personal data is regulated by the Personal Data Protection Act of May 10, 2018.

 

Who is the controller of your personal data?

The administrator of your personal data is GRENTON SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Kraków, ul. Na Wierzchowinach 3, 30-222 Kraków, registered by the District Court for Kraków – Śródmieście in Kraków, 11th Commercial Division of the National Court Register, KRS number 0000374071, NIP 6793054754, REGON 121424344, with share capital in the amount of: PLN 1 004 700,00.

In matters concerning your personal data, you can contact us via:

  • e-mail: RODO@grenton.com,
  • traditional mail: ul. Na Wierzchowinach 3, 30-222 Krakow,
  • phone: +48 12 200 29 98.

 

 

HOW DO WE PROCESS THE PERSONAL DATA YOU PROVIDE TO US?

 

What personal data do we process and for what purposes do we do it?

At our website we offer you many different services, for the purposes of which we process various personal data on the basis of different legal regulations.

 

Purpose: contract conclusion and performance

Personal data: name, surname, correspondence address, NIP, REGON, e-mail address, telephone number, company

Legal basis of data processing: Art. 6 paragraph 1 letter b) GDPR, i.e. processing in order to initiate actions at your request, prior to signing a contract and processing necessary for the performance of a contract to which you are a party

Duration of data retention: until the expiry of the limitation period for claims relating to performing the contract

 

Purpose: creating and maintaining an account

Personal data: company, e-mail address, contact details

Legal basis of data processing: Art. 6 paragraph 1 letter b) GDPR, i.e. processing in order to initiate actions at your request, prior to signing a contract and processing necessary for the performance of a contract to which you are a party

Duration of data retention: until the expiry of the limitation period for claims relating to performing the contract

 

Purpose: contact form

Personal data: name, surname, email address, phone number

Legal basis of data processing: Art. 6 paragraph 1 letter f) GDPR, i.e. processing in order to implement our legally valid interest, consisting in maintaining the continuity of communication and enabling contact with us in matters of business activity

Duration of data retention: until objecting to the processing of personal data

 

Purpose: newsletter

Personal data: e-mail address

Legal basis of data processing: Art. 6 paragraph 1 letter a) GDPR, i.e. processing based on your consent to the processing of your personal data

Duration of data retention: until the day you withdraw your consent to the processing of personal data

 

Purpose: pricing calculator

Personal data: e-mail address, phone number

Legal basis of data processing: Art. 6 paragraph 1 letter b) GDPR, i.e. processing in order to initiate actions at your request, prior to signing a contract and processing necessary for the performance of a contract to which you are a party

Duration of data retention: until the expiry of the limitation period for claims relating to performing the contract

 

Purpose: the “Call me now” form

Personal data: phone number

Legal basis of data processing: Art. 6 paragraph 1 letter f) GDPR, i.e. processing in order to implement our legally valid interest, consisting in maintaining the continuity of communication and enabling contact with us in matters of business activity

Duration of data retention: until objecting to the processing of personal data

 

Purpose: the “Call me later” form

Personal data: phone number, name, e-mail address

Legal basis of data processing: Art. 6 paragraph 1 letter f) GDPR, i.e. processing in order to implement our legally valid interest, consisting in maintaining the continuity of communication and enabling contact with us in matters of business activity

Duration of data retention: until objecting to the processing of personal data

 

Purpose: direct marketing of own goods and services

Personal data: company, name and surname, e-mail address, phone number, correspondence address

Legal basis of data processing: Art. 6 paragraph 1 letter f) GDPR, i.e. processing in order to carry out our legally valid interest, consisting in direct marketing of own services.

Duration of data retention: until objecting to the processing of personal data

 

Purpose: analyzing traffic on the online store website

Personal data: fcompany, name and surname, e-mail address, phone number, correspondence address

Legal basis of data processing: Art. 6 paragraph 1 letter f) GDPR, i.e. processing to implement our legally valid interest in analyzing customer traffic on the store’s website

Duration of data retention: until objecting to the processing of personal data

 

Purpose: determining, pursuing, and enforcing claims as well as defending against claims in proceedings before courts and other state authorities

Personal data: name, surname, address, PESEL, NIP, REGON, e-mail address, telephone number, IP number, bank account number, payment card number

Legal basis of data processing: Art. 6 paragraph 1 letter f) GDPR, i.e. processing for the purposes our legally valid interest, consisting in determining, pursuing, and enforcing claims as well as defending against claims in proceedings before courts and other state authorities

Duration of data retention: until the expiry of the limitation period for claims relating to performing the contract

 

Purpose: fulfilling the legal obligations resulting from legal provisions, especially tax and accounting regulations

Personal data: name, surname, company, PESEL, NIP or REGON, e-mail address, phone number, correspondence address, payment card number

Legal basis of data processing: Art. 6 paragraph 1 letter c) GDPR, i.e. processing is necessary to fulfill our legally valid obligations and resulting from legal provisions, especially tax and accounting regulations

Duration of data retention: until the expiration of legal obligations incumbent on the Administrator, which justified the processing of personal data

 

Voluntarily providing personal data

Providing the required personal data by you is voluntary, but is required for us to provide services to you (e.g. using the contact form).

Recipients of personal data

We disclose your personal data to the following categories of recipients:

  • banking sector entities, payment processors -> purpose: handling and carrying out payments
  • forwarding entities that execute and handle orders -> purpose: handling orders, deliveries
  • entities handling teleinformation and remote systems -> purpose: taking advantage of IT services
  • providers of marketing services -> purpose: website popularization

 

Automated decision making (including profiling)

We do not make automated decisions concerning you and we do not use profiling.

 

Will we transfer your personal data outside the EEA or to an international organization?

In order to take advantage of HubSpot’s analytical and marketing tools, your personal data may be transferred outside the EEA, including to the United States.

HubSpot, Inc. is included on the list of entities participating in the Privacy Shield program (link: https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active). HubSpot also offers a data processing contract that includes model clauses.

Due to the Controller’s cooperation with business partners from all over the world, your personal data may be transferred outside the EEA, including to the United States. Business partners take advantage of model data security contractual clauses approved by the European Commission.

 

 

WHAT RIGHTS DO YOU HAVE IN REGARDS TO THE PROCESSING OF YOUR DATA BY US?

 

Based on the GDPR, you have the right to:

  • request access to your personal data,
  • request rectifying your personal data,
  • request removing your personal data,
  • request limiting the processing of your personal data,
  • object the processing of personal data;
  • request the transfer of your personal data.

The right to access, rectify, delete, limit, object, and transfer data – the data subject has the right to request the Administrator to access that person’s personal data, rectify it, delete it (“the right to be forgotten”), or limit the processing, and has the right to object to data processing, and has the right to transfer personal data. The detailed conditions for carrying out the above-mentioned rights are set out in Art. 15–21 of the GDPR.

 

If you want to take advantage of the rights referred to above, please submit your request to the following address: RODO@grenton.com.

 

If any of the above-mentioned requests are submitted to us, the Administrator provides information concerning the actions taken in connection with your request, on the basis of transparent communication, specified in art. 12 paragraph 3 of GDPR.

 

Complaint with the supervisory authority

If you believe that the processing of your personal data violates the GDPR, you have the right to submit a complaint to the supervisory authority, especially in the Member State of your habitual residence, your place of work, or the place of the alleged violation.

In Poland, the supervisory authority for GDPR is the President of the Office of Personal Data Protection, which, as of 25 May 2018, superseded the GIODO.

More information can be found at https://uodo.gov.pl/pl/134/233.

 


 

 

„COOKIES”

 

General information

When browsing the Administrator’s websites cookie files are used, hereinafter called Cookies, which are small text information saved on your end device in association with you using the Website. Their purpose is to improve the operation of websites.

Cookies allow to identify the software you use and adjust websites to your individual needs.

Cookies usually include the name of the domain they originate from, the time of storing them in the device and the assigned value.

 

Safety

The Cookies we use are safe for your devices. In particular, it is impossible for Cookies to transfer viruses or other unwanted or malicious software to your device.

 

Types of Cookies

We use two types of Cookies:

  • Session cookies: are stored on your device and remain there until ending the session of a given browser. The stored information is then deleted from your device. The mechanism of session Cookies does not allow collecting any personal data or any confidential information from your device.
  • Persistent Cookies: are stored on your device and remain there until they are deleted. Ending the session of a given browser or turning off the device does not delete them from your device. The mechanism of persistent Cookies does not allow collecting any personal data or any confidential information from your device.

 

Purposes

We also take advantage of cookies of external entities for the following purposes:

  • website configuration;
  • analyzing user activity, in order for the displayed content to match their profile, which allows improving managing of advertising campaigns through the DoubleClick analytical tools, the administrator of which is Google Inc. based in the USA, Google’s privacy policy is available at the following links: http://www.google.com/intl/pl/policies/privacy/, http://www.google.com/intl/pl/policies/privacy/partners/;
  • Website popularization using YouTube.com, the administrator of which is Google Ireland Ltd. based in Ireland, the Privacy Policy is available at the following link: https://policies.google.com/privacy?hl=pl&gl=pl;
  • creating statistics that help to understand how users use websites, which allows improving their structure and content through the Google Analytics analytical tools, the administrator of which is Google Ireland Ltd. based in Ireland, the Google Privacy Policy is available at the following link: https://policies.google.com/privacy?fg=1;
  • determining the Customer’s profile in order to display to that person matched content in advertising networks, using the Google Ads online advertising tool, the administrator of which is Google Ireland based in Ireland, the Google Privacy Policy is available at the following link: https://policies.google.com/privacy?fg=1;
  • collecting information concerning the User’s behavior using the Facebook Pixel tool, the administrator of which is Facebook Ireland Ltd. Based in Ireland, the Facebook Privacy Policy is available at the following link: https://www.facebook.com/help/cookies/;
  • creating statistics and content performance, through Hotjar’s tools, the administrator of which is Hotjar Ltd. based in Malta;
  • carrying out marketing activities via HubSpot, the administrator of which is HubSpot, Inc., HubSpot Privacy Policy is available at the following link: https://legal.hubspot.com/privacy-policy;
  • creating statistics that help to understand how users use websites, which allows improving their structure and content through HubSpot analytical tools, the administrator of which is HubSpot, Inc., The HubSpot Privacy Policy is available at the following link: https://legal.hubspot.com/privacy-policy.

 

In order to understand the principles of using Cookies we also recommend reading the privacy policies of the above mentioned companies.

 

Cookie files may be used by advertising networks, especially by Google, to display advertisements matching your preferences. For that purpose, information concerning the manner in which you browse the Internet or time of browsing the website may be recorded.

 

In order to browse and edit information regarding your preferences collected by Google, you may use the following tool: https://www.google.com/ads/preferences/

 

With the use of a browser or service configuration, you can change Cookie settings by defining the conditions for storing Cookies and for accessing your device through Cookies independently and at any time. You may change the settings to block automatic handling of Cookies in the web browser settings or notifying you whenever Cookies are saved on your device. Detailed information concerning the possibility and methods of handling Cookies can be found in the settings of your software (web browser).