1. DATA ADMINISTRATOR
The administrator of personal data is DEFRO R. Dziubeła Spółka komandytowa with its registered office in Ruda Strawczyńska 103 A, 26-067 Strawczyn – hereinafter DEFRO. The administrator is the entity that decides on the purposes and means of processing personal data.
In all matters related to the processing of your personal data, you can contact us by post to the address indicated above, as well as by sending e-mail correspondence to the data protection officer (DPO) appointed in our company (IOD) – firstname.lastname@example.org
2. WHEN DO WE COLLECT PERSONAL DATA?
- When you create an account in our store.
- When you choose to participate in surveys we send you.
- When you contact us, including via the contact form or chat, directing inquiries or asking for feedback or an offer.
- When you contact us for after-sales services, such as product repair or replacement.
- When you make contact with us via social media, e.g. when you post a comment or inquiry on one of our pages in social media.
- In addition, we collect, use and transfer aggregated data, such as statistical or demographic data, for various purposes. “Aggregated Data” refers to information that may be derived from your Personal Data but which does not directly or indirectly reveal your identity, such as aggregated data relating to all visitors to our website.
- If you provide us with personal data of third parties (as in the situation when you make a complaint about a product belonging to your family member), you are obliged to inform that person before you provide us with their personal data by showing them this privacy notice, which explains that their data personal information will be processed in accordance with this privacy notice and obtain her consent.
3. WHAT TYPES OF PRESONAL INFORMATION DO WE COLLECT
- If you buy a product from us or have an electronic account with us, we may collect the following information: your name, gender, billing address, delivery address, telephone number, e-mail address, username, information regarding the selected payment method
- Information about your marketing preferences, including whether you consent to sharing your data with third parties,
- Information regarding your contacts with us via the hotline, online via the form or chat and in a different way.
For example, when you contact our hotline by phone, we may collect marketing information (for example, about your habits/preferences/behavior and other information recorded during our conversations with you), details of any complaints or comments you make, information about purchases and any products that require service (including product code, defects found, repairs) and information about your situation that is relevant to the provision of our services. If you contact us to request a product replacement, we may also process your payment information. Please note that calls to our hotlines may be recorded for quality control purposes.
When you contact us via chat, the scope of processing includes the following personal data that Smartsupp may process as part of the Smartsupp service:
- Contact details: – name, surname, e-mail address, phone number or social network account contact details;
- Details of the website visit: – URL address of the pages visited, date and time of the website visit, technical information (screen resolution, device type, browser type, operating system, etc.), IP address, geolocation data (country and city from which the user viewed your site).
- Information about your purchase history, including the models and serial numbers of the products you purchased and the dates of purchase.
- Information relating to your interactions with us through our social media pages. For example, when you make inquiries about our products or post other comments on our Facebook wall, we may collect those comments and any personal information contained in those comments (e.g. your social media username or other profile information associated with the comment).
- Information we collect through cookies and similar technologies. The data we collect automatically include: type of web browser or mobile device, your operating system, your IP address, URL of the landing page and pages from which you come to us, time and date of your visit to our Sites, search terms you use to access our Sites. For more information, please see our Cookies policy.
4. PURPOSE OF DATA PROCESSING
The DEFRO company is one of the largest central heating boilers in Europe. for solid fuels. In connection with the implementation of our business purpose, we process personal data for the following purposes:
|PURPOSE OF PROCESSING||LEGAL BASIS AND PERIOD OF STORAGE OF PERSONAL DATA||STORAGE TIME|
|Conclusion and performance of a contract with a client or contractor||Article 6 par. 1 lit. b and letter f of the GDPR (the Administrator’s legitimate interest is considered to be contacting the client or employees/co-workers of the client/contractor as part of the actions taken to conclude the contract, as well as its implementation.||For the duration of the contract. After this period, until the expiry of the deadlines for claims arising from the contract in accordance with the provisions of the Civil Code and others.|
|Establishing, pursuing claims and defending against such claims||343 / 5 000|
Article 6 par. 1 lit. f of the GDPR (a legitimate interest pursued by the Administrator is considered to be taking action to pursue claims and defend against claims – in this respect, data of the client / contractor, their employees and associates are collected to the extent necessary to pursue claims or defend against them.
|Until the final conclusion of the proceedings conducted in connection with the pursuit of claims or defense against a claim, and in the case of enforcement proceedings, until the final satisfaction of the claims pursued. If the time limit for pursuing claims is shorter than the period for storing settlement documents for tax purposes, DEFRO will store such documents for the time necessary to fulfill the tax and accounting obligation (5 years from the end of the year in which the event giving rise to tax consequences took place).|
|Conducting complaints and complaint procedures||Article 6 par. 1 lit. b and f of the GDPR – the legitimate interest pursued by DEFRO is considered to be taking action in connection with the consideration of complaints, including contacting the client/contractor or his employees/co-workers, as well as recording telephone conversations for the purposes of telephone handling of telephone notifications.||1 year after the expiry of the warranty or consideration/settlement of the complaint.|
|Archiving documents regarding concluded contracts, including billing documents||Article 6 par. 1 lit. c and f GDPR||Until DEFRO fulfills individual legal obligations related to the storage of documents, and specified in individual legal provisions.|
in relation to documents, the storage of which has not been explicitly specified in legal regulations, for the time possible to pursue claims in accordance with the implementation of the Administrator’s legitimate interest.
|Conducting marketing activities without the use of electronic means of communication, as referred to in the Act on the provision of electronic services and the Telecommunications Law.||Article 6 par. 1 lit. f of the GDPR – the legitimate interest pursued by DEFRO is considered to be taking actions to promote its activities.||Until the objection referred to in Art. 21 GDPR and inform us in any way that you no longer wish to receive such information.|
|Conducting marketing activities using electronic communication means referred to in the Act on the provision of electronic services and the Telecommunications Law, including in particular via e-mail, SMS, direct telephone contact.||Article 6 par. 1 lit. and the GDPR||Until you withdraw your consent to carry out such activities for which you have previously consented. After the consent is withdrawn, these data will be processed for evidentiary purposes, to be demonstrated for the purposes of any inspections or claims in this respect – i.e. max. 6 years from the date of withdrawal of consent.|
|Quality assessment of services provided.||Article 6 par. 1 lit. a RODO – the legitimate interest of the administrator is to conduct research on the assessment of the quality of services provided, market and needs research.||Until the consent is withdrawn, no longer than 1 year from the receipt of the opinion.|
Providing personal data, depending on the purpose of processing, may be a statutory or contractual requirement or a condition necessary to conclude a contract. To the extent that you want to use the services of DEFRO, providing data will be necessary in order to conclude a contract, as well as in order for us to fulfill our legal obligations. The consequence of not providing data is the inability to conclude a contract. For all other purposes, when their processing is based on consent – their provision is voluntary. The consequence of not providing data will be that DEFRO will not be able to take appropriate action to the extent that you have not provided the data. Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.
5. DATA RECIPIENTS
We may disclose your personal data to entities that provide us with services. Examples of service providers we work with:
- business entities and natural persons conducting business activity cooperating and supporting DEFRO in the field of services provided to customers – in particular in the field of maintenance, assembly and courier services;
- business entities cooperating with DEFRO in the field of consulting services, including law firms, auditing companies, consulting companies;
- business entities supporting DEFRO in the field of business activity, in particular suppliers of external ICT systems”
- entities cooperating in marketing campaigns;
- banks in the field of settlements;
Our service providers are obliged to maintain the confidentiality of your personal data and are not allowed to use this data for any purpose other than providing the services they offer us.
Personal data may also be transferred to state authorities and other authorized bodies on the basis of relevant legal provisions and to the extent indicated in legal provisions.
6. TRANSFER OF DATA TO THIRD COUNTRIES
DEFRO processes data only in the countries of the European Union and the European Economic Area. It does not transfer them to third countries.
7. PROCESSING OF PERSONAL DATA IN AN AUTOMATED MANNER
Personal data will not be processed in an automated manner.
8. RIGHTS OF PERSONS WHOSE DATA REFER TO IN THE SCOPE OF DATA PROCESSING
Each person whose data is processed has the following rights regarding their personal data that we process, in accordance with the conditions set out in applicable regulations:
- request to see your personal data (commonly known as a “data subject request”) and to access additional information regarding our processing of your personal data referred to in this Privacy Notice,
- request correction of incorrect or incomplete personal data;
- request removal or limitation of the processing of your personal data;
- object to our processing of your personal data;
- withdraw your previously given consent;
- in certain circumstances, request data portability;
- submit a complaint to the competent data protection supervisory authority, which in Poland is the President of the Office for Personal Data Protection and challenge decisions that we make automatically that have legal effects or similarly significantly affect you. We do not usually make decisions automatically, but if we do, we will inform you when we make such decisions.
To exercise your rights, please contact us using the data from the Data Administrator section.
The website is equipped with security measures to protect personal data under the control of the Administrator against loss, misuse and modification. The Administrator ensures that it protects all disclosed information in accordance with applicable regulations and security protection standards, in particular:
- They have direct access to personal data collected by the Data Administrator in accordance with art. 29 of the GDPR, only authorized employees or associates of the Data Administrator and authorized persons dealing with the operation of the Website, who have been granted appropriate powers of attorney.
- The Administrator declares that when commissioning other entities to provide services, it requires partners in accordance with the provisions of art. 28 of the GDPR, ensuring adequately high standards of protection of entrusted personal data, signing relevant entrustment agreements in which partners confirm the application of standards and the right to control the compliance of these entities with these standards.
- In order to ensure proper protection of the services it provides electronically, the Website Administrator applies a high level of security, including cryptographic protection of personal data transmission (SSL protocol).
- Due to the public nature of the Internet, the use of services provided electronically may be associated with risks, regardless of the data Administrator’s due diligence.
10. COOKIES MECHANISM. LINKS TO OTHER SITES
Detailed information on cookies can be found in Cookies Policy.
This version was last updated on April 14, 2023. From time to time, we may change this Policy, which we will inform you about by updating this section.
and informing all registered Users about this fact by e-mail
The data administrator reserves the right to make changes, withdraw or modify the functions or properties of the Website’s websites, as well as to cease operations, transfer rights to the Website and perform any legal actions permitted by applicable law.