Privacy Policy
1. Introduction
This Privacy Policy describes the principles governing the collection, storage, and processing of personal data by ELMIRO Spółka z ograniczoną odpowiedzialnością [ELMIRO Limited Liability Company], with its registered office in Jaktorów, 96-313, ul. Ketlinga 3, entered in the Register of Entrepreneurs of the National Court Register (KRS) under number KRS 0001055010, Tax Identification Number (NIP) 5291849084, National Business Registry Number (REGON) 526221739 (hereinafter: the "Administrator," "we").
This is an important document from the perspective of protecting the personal data of our Clients and the users of our website, and we therefore ask that you familiarize yourself with its content.
2. Data Administrator and Contact
The Administrator of your personal data is ELMIRO Sp. z o.o. In all matters relating to the protection of personal data, you may contact us:
- in writing, at the address of the registered office indicated above,
- by electronic mail: info@elmiro.pl.
3. Type of Data Collected
We collect and process the following categories of personal data provided by Clients and users:
- Contact data, such as: first name, surname, address, e-mail address, telephone number.
- Data related to the use of our website (including cookie data, IP address, and data about the browser and device).
- Data provided via the forms placed on our website.
- Data provided in the content of messages sent by electronic mail.
- Information concerning the projects and services we provide to the Client.
- Other information provided voluntarily when contacting us.
4. Purposes and Legal Bases for Data Processing
We process your personal data for the following purposes and on the following legal bases:
| Purpose of processing | Legal basis (GDPR) |
|---|---|
| Conclusion and performance of contracts and projects with Clients | Art. 6(1)(b) GDPR — necessity for the performance of a contract |
| Providing technical support and consultations | Art. 6(1)(b) GDPR — necessity for the performance of a contract / taking steps prior to entering into it |
| Handling correspondence and inquiries addressed to us | Art. 6(1)(f) GDPR — our legitimate interest consisting in providing responses and maintaining communication |
| Conducting analyses and statistics regarding the use of the website | Art. 6(1)(a) GDPR — your consent (e.g., expressed in the cookie management tool) or Art. 6(1)(f) — our legitimate interest |
| Fulfilling legal obligations (e.g., tax, accounting) | Art. 6(1)(c) GDPR — a legal obligation incumbent on the Administrator |
| Establishing, pursuing, or defending against claims | Art. 6(1)(f) GDPR — our legitimate interest |
| Marketing of our own services | Art. 6(1)(a) GDPR — your consent or Art. 6(1)(f) — legitimate interest |
To the extent that we process data on the basis of our legitimate interest (Art. 6(1)(f) GDPR), that interest consists in particular of: maintaining communication with Clients, ensuring the security of our website and IT systems, conducting statistics, marketing our own services, and establishing and pursuing claims or defending against them.
5. Voluntary Provision of Data
Providing personal data is voluntary; however, in certain cases it may be a condition for concluding or performing a contract or may result from legal provisions (e.g., data required on an invoice). Failure to provide the data necessary to achieve a given purpose may make it impossible to achieve that purpose — for example, concluding a contract or responding to an inquiry.
6. Data Recipients
We do not sell personal data and do not transfer it to third parties for purposes inconsistent with this Policy. Your data may be disclosed only to:
- entities that process data on our behalf and in accordance with our instructions (including providers of hosting and IT services, providers of analytics tools, the accounting office, law firms, and subcontractors involved in carrying out projects),
- entities authorized to receive data on the basis of applicable legal provisions (e.g., state authorities),
- where it is necessary to establish, pursue, or defend our rights.
7. Transfer of Data Outside the European Economic Area (EEA)
As a rule, we do not transfer personal data outside the European Economic Area.
8. Data Retention Period
We store personal data for the period necessary to achieve the purposes for which it was collected, and subsequently for the period resulting from legal provisions or for the purpose of securing potential claims. In particular:
- data processed for the purpose of performing a contract — for the duration of the contract, and after its termination for the period of limitation of claims;
- data processed for the purpose of fulfilling legal obligations (e.g., settlement-related) — for the period required by legal provisions (e.g., tax and accounting regulations);
- data processed on the basis of consent — until consent is withdrawn;
- data processed on the basis of legitimate interest — until an objection is effectively raised or that interest ceases to exist.
9. Rights of Data Subjects
In connection with the processing of personal data, you have the following rights:
- the right to access your data and to obtain a copy of it,
- the right to rectification (correction) of your data,
- the right to erasure of your data (the "right to be forgotten"),
- the right to restriction of processing,
- the right to data portability,
- the right to object to processing based on legitimate interest, and — in the case of processing for direct marketing purposes — at any time,
- the right to withdraw consent at any time — without affecting the lawfulness of processing carried out before its withdrawal.
To exercise the above rights, please contact us at info@elmiro.pl.
10. Right to Lodge a Complaint
If you consider that the processing of personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
11. Automated Decision-Making and Profiling
Your data is not used for automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.
12. Cookies and Tracking Technologies
Our website uses cookies and similar technologies. We use cookies necessary for the proper functioning of the website (e.g., those that maintain a session) without the need to obtain consent. We use the remaining cookies — in particular analytical and marketing cookies — only after obtaining your consent, expressed via the consent management mechanism available on the website (the cookie banner).
The consent given may be withdrawn at any time, or its scope changed, in the settings of this mechanism. Independently of this, cookie settings can also be managed in your web browser; however, this does not replace the required consent.
13. Data Security
We protect the personal data of our Clients and users against unauthorized access, loss, or damage. We apply appropriate technical and organizational measures to protect data, adequate to the risk.
14. Changes to the Privacy Policy
This Privacy Policy is subject to periodic updates. Each change will be published on our website together with the date of the last update.