Privacy Policy

PRIVACY POLICY

We consider the security of personal data a priority. We ensure that all our activities comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”). To fulfill our information obligations and maintain transparency and clarity regarding the principles we apply to protect your personal data, we present this privacy policy.

GENERAL INFORMATION

The controller of the personal data of users (hereinafter “User”) of the ZigZak.com.pl website available at https://zigzak.com.pl/ is Tomasz Rybka, operating under the business name Vitrintec Tomasz Rybka, with its registered office in Kielce, at ul. Olszewskiego 23, 25-663 Kielce, NIP: 9591967051, REGON: 363072320, email address: rodo@zigzak.com.pl (hereinafter referred to as “Administrator”).

PRIVACY PROTECTION PRINCIPLES

As the Administrator of personal data, we place great importance on protecting the privacy and confidentiality of personal data provided to us by Users.

We and our cooperating companies carefully select and apply appropriate technical and organizational measures to ensure the protection of processed personal data. Only persons properly authorized by the Administrator have full access to the database.

We collect only the data necessary for handling the matter and do not collect or process excessive data.

The collected data is protected against unauthorized access and processing in violation of applicable laws.

The Administrator processes Users’ personal data:

• Using the website for analytical and statistical purposes. The legal basis for processing is the Administrator’s legitimate interest (Art. 6(1)(f) GDPR) in analyzing user activity and preferences to improve functionalities;

• Interacting with the Administrator via social media profiles:

  • To manage the Administrator’s profile on social media platforms (Facebook/LinkedIn) by responding to messages, comments, and reactions, as well as for statistical and advertising purposes through tools provided by these platforms;

  • Based on the Administrator’s legitimate interest (Art. 6(1)(f) GDPR), which includes business communication with social media users, marketing of the Administrator’s own services and products, and brand building.

The Administrator processes publicly available User personal data on the Service, such as name, surname, image, and, in the case of messages sent, data voluntarily provided in the message content.

Additionally, your personal data may be processed to establish, pursue, or defend legal claims—the legal basis for processing is the Administrator’s legitimate interest (Art. 6(1)(f) GDPR) in protecting its rights.

The Administrator processes Users’ personal data for marketing purposes, including displaying advertisements. The legal basis for processing is the Administrator’s legitimate interest (Art. 6(1)(f) GDPR).

PURPOSES OF PERSONAL DATA PROCESSING

The Administrator processes Users’ personal data for:

• Analytical and statistical purposes—the legal basis is the Administrator’s legitimate interest (Art. 6(1)(f) GDPR) in analyzing activity and preferences to improve functionalities and services;

• Entering and executing a sales contract or taking action at the User’s request leading to contract conclusion, as well as handling complaints or contract withdrawals. The legal basis for processing is the necessity of processing to perform the contract (Art. 6(1)(b) GDPR) and consent for voluntarily provided data (Art. 6(1)(a) GDPR);

• Fulfilling legal obligations, such as accounting and VAT invoice issuance, handling complaints, or returns (Art. 6(1)(c) GDPR).

SCOPE OF PERSONAL DATA PROCESSING

The Administrator processes personal data entered by the User in the contact form, such as name, surname, email address, phone number, and other voluntarily provided data.

The Administrator processes User data for:

• Contacting the Administrator via the contact form for service and response purposes—the legal basis is contract performance (Art. 6(1)(b) GDPR) and consent (Art. 6(1)(a) GDPR) for voluntarily provided data;

• Obtaining a service offer from the Administrator—the legal basis is the Administrator’s legitimate interest in marketing its services (Art. 6(1)(f) GDPR);

• Sending commercial information about the Administrator and its business partners via email—the legal basis is the Administrator’s legitimate interest in marketing (Art. 6(1)(f) GDPR) with User consent;

• Processing User data provided in reviews—the legal basis is User consent (Art. 6(1)(a) GDPR).

VOLUNTARINESS OF PROVIDING PERSONAL DATA

Providing your personal data is always voluntary. However, it is necessary for communication and contract execution.

Consent for marketing and contact purposes is entirely voluntary and does not affect service provision. However, without consent, we cannot contact you with our current offer.

PERSONAL DATA RETENTION PERIOD

Your personal data will be stored as necessary to fulfill the contract and afterward until the expiration of limitation periods.

For VAT invoices, personal data will be retained for at least 5 years due to tax and accounting regulations.

Personal data processed based on consent is stored until consent is withdrawn or an objection is raised.

Personal data processed on social media platforms will be retained for as long as the Administrator’s legitimate interest, the platform’s data policy, or your account exists.

DATA SUBJECT RIGHTS

Users whose personal data is processed by the Administrator have the right to:

• Request information on whether we store their personal data;

• Access, supplement, update, or rectify their data;

• Temporarily or permanently stop processing;

• Request data transfer or deletion;

• Object to processing or request restriction;

• Lodge a complaint with the President of the Personal Data Protection Office.

If personal data is processed based on consent, it can be withdrawn at any time without affecting prior processing.

To exercise these rights, send an email to rodo@zigzak.com.pl.

DATA RECIPIENTS

Your personal data may be shared with authorized entities, including judicial authorities, under applicable law.

Data recipients may include:

• Product suppliers and installers;

• Service providers maintaining and developing this website;

• Hosting service providers;

• Email service providers;

• Electronic message delivery providers;

• Invoice issuance systems providers;

• Customer service providers;

• Accounting service providers;

• Courier companies;

• Payment intermediaries;

• Legal service providers;

• Facebook and LinkedIn platform operators.

DATA TRANSFER OUTSIDE THE EEA

The Administrator transfers personal data outside the European Economic Area only for specific purposes to:

• Meta Platforms Inc. (USA) for managing the Administrator’s Facebook page;

• Google LLC (USA) for website traffic analysis;

• LinkedIn Corporation (USA) for managing the Administrator’s LinkedIn account.

AUTOMATED DECISION-MAKING AND PROFILING

Your personal data will not be processed in an automated manner that results in decisions affecting you.

Your data may be profiled to personalize content and offers, without negatively impacting your rights and freedoms.

CO-ADMINISTRATORS

The Administrator utilizes social media plugins, specifically banners for Facebook and LinkedIn, which redirect users to:

• The Administrator’s Facebook page: https://www.facebook.com/pprzedsiebiorcy/ (hereinafter: “Facebook Profile”);

• The Administrator’s LinkedIn page: https://www.linkedin.com/company/poradnikprzedsiebiorcy-pl/ (hereinafter: “LinkedIn Profile”).

As the Administrator operates the Facebook Profile and LinkedIn Profile and has embedded social media plugins on the website, the co-administrators of the User’s data are also:

• Meta Platforms Ireland Limited, headquartered in Dublin, Ireland, address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland (hereinafter: “Facebook”);

• LinkedIn Ireland Unlimited Company, headquartered in Dublin, Ireland, address: Wilton Place, Dublin 2, Ireland (hereinafter: “LinkedIn”);

collectively referred to as the “Co-Administrators.”

Co-administration includes aggregated data analysis aimed at displaying user activity statistics on the Facebook Profile and LinkedIn Profile, as well as conducting advertising campaigns using available tools on these platforms.

More information about Facebook and LinkedIn, as well as agreements between the Co-Administrators (including their respective responsibilities), can be found in:

• Facebook’s privacy policy: https://www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum;

• LinkedIn’s privacy policy: https://pl.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other#other.

COOKIES

Cookies are small text files stored on the User’s device while browsing websites. They store information about preferences, sessions, and user activity. Cookies help websites function more efficiently and offer personalized content.

Cookies Used on the ZigZak Website

• Google Analytics (_ga_6S1ZZY8TV1)

  • These cookies are used to analyze website traffic.

  • They track visit numbers, time spent on the site, and user interactions.

  • They are stored for 2 years or until manually deleted by the User.

• CookieYes Consent (cookieyes-consent)

  • This cookie records the User’s choices regarding cookie consent.

  • It informs the site whether the User has agreed to analytical, advertising, or functional cookies.

  • It is stored for 1 year.