Privacy policy

  1. Data Controller and Definitions
      1. The Data Controller of the personal data of Customers/Users of the Online Store, also referred to as the Seller, is DRAMIŃSKI S.A., phone: +48 89 675 26 00, VAT ID: 7393855706, REGON: 281418440.
      2. You can contact the Data Controller:
        1. by mail at: ul. Wiktora Steffena 21, 11-036 Sząbruk;
        2. by email at: biuro@draminski.pl.
      3. User – a natural person visiting the pages of the Online Store or using the services or functionalities described in this Privacy and Cookies Policy.
      4. Customer – a natural person with full legal capacity, a natural person who is a Consumer, a legal entity, or an organizational unit without legal personality that has the legal capacity granted by law, who enters into a distance sales agreement with the Seller.
      5. Online Store – the website operated by the Seller, accessible at https://draminski.com/, through which the Customer/User can obtain information about the Product and its availability, purchase the Product, or order a service.
      6. Newsletter – information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2020, item 344), originating from the Seller, sent to the Customer/User electronically; its receipt is voluntary and requires the consent of the Customer/User.
      7. Account – a collection of data stored in the Online Store and in the Seller’s IT system, related to a particular Customer/User and their orders and contracts, through which the Customer/User can place orders and enter into contracts.
      8. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
    2. Purposes, Legal Bases, and Data Processing Duration
      1. To execute a distance sales agreement, the Seller processes:
        1. information regarding the User’s device to ensure the proper functioning of the services: computer IP address, information contained in cookies or other similar technologies, session data, browser data, device data, activity data on the Site, including specific subpages;
        2. geolocation data, if the User has consented to the service provider’s access to geolocation. Geolocation information is used to deliver more tailored product and service offers;
        3. personal data of Users: name, surname, company address, mailing address, email address, phone number, VAT ID, bank account number, or other personal data required by the Administrator to complete a purchase.
      2. This information does not contain data concerning the identity of Users but, when combined with other information, may constitute personal data, and thus the Administrator provides full protection as required under GDPR.
      3. These data are processed in accordance with Article 6(1)(b) of the GDPR, to provide services, i.e., the agreement for the provision of electronic services in accordance with the Terms and Conditions, and in accordance with Article 6(1)(a) of the GDPR, based on the consent given for the use of certain cookies or other similar technologies, as expressed through the appropriate browser settings in accordance with telecommunications law or consent to geolocation. Data are processed until the Customer/User stops using the Online Store.
      4. The Administrator commits to taking all measures required under Article 32 of the GDPR, i.e., taking into account the state of technical knowledge, implementation costs, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Administrator implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
    3. Administrator’s Marketing Activities
      1. On the Online Store’s site, the Data Controller may post marketing information about its products or services. Displaying these contents is performed by the Data Controller in accordance with Article 6(1)(f) of the GDPR, i.e., based on the legitimate interest of the Data Controller, consisting of the publication of content related to the services provided and promotional activities in which the Data Controller is involved. At the same time, this action does not violate the rights and freedoms of Customers/Users, who expect or even desire to receive such content, or it is their direct purpose for visiting the Online Store.
    4. Recipients of User Data
      1. The Data Controller discloses personal data of Users only to entities processing data under data processing agreements for the purpose of providing services to the Data Controller, such as hosting and site support, IT services, marketing, and PR support.
    5. Transfer of Personal Data to Third Countries
      1. Personal data will not be processed in third countries.
    6. Rights of Data Subjects
      1. Every data subject has the right to:
        1. Access (Article 15 of the GDPR) – obtain confirmation from the Data Controller whether their personal data are being processed. If the data are being processed, they have the right to access them and receive the following information: the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the retention period, or the criteria for determining it, the right to request rectification, erasure, or restriction of data processing, and the right to object to such processing;
        2. Receive a Copy of the Data (Article 15(3) of the GDPR) – obtain a copy of the data being processed, with the first copy being free of charge, and for subsequent copies, the Data Controller may charge a reasonable fee based on administrative costs;
        3. Rectification (Article 16 of the GDPR) – request the rectification of their inaccurate personal data or the completion of incomplete data;
        4. Erasure (Article 17 of the GDPR) – request the erasure of their personal data if the Data Controller no longer has a legal basis for processing them or the data are no longer necessary for the purposes of processing;
        5. Restriction of Processing (Article 18 of the GDPR) – request the restriction of the processing of personal data when:
          1. the data subject contests the accuracy of the personal data – for a period allowing the Data Controller to verify the accuracy of the data,
          2. the processing is unlawful, and the data subject opposes the erasure of the data, requesting instead the restriction of their use,
          3. the Data Controller no longer needs the data, but they are required by the data subject for the establishment, exercise, or defense of legal claims,
          4. the data subject has objected to the processing – until it is determined whether the legitimate grounds of the controller override those of the data subject;
        6. Data Portability (Article 20 of the GDPR) – receive in a structured, commonly used, and machine-readable format the personal data concerning them that they have provided to the Data Controller and request the transfer of these data to another Data Controller, if the data are processed on the basis of consent or a contract, and the processing is carried out by automated means;
        7. Objection (Article 21 of the GDPR) – object to the processing of their personal data for the legitimate interests of the controller, for reasons related to their particular situation, including profiling. In this case, the Data Controller assesses the existence of compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. If, according to the assessment, the interests of the data subject are more important than those of the controller, the Data Controller will be obliged to cease processing the data for these purposes;
        8. Withdraw consent at any time without providing a reason, but the processing of personal data performed before the withdrawal of consent remains lawful. Withdrawal of consent will result in the cessation of processing by the Data Controller of the personal data for which the consent was given.
      2. To exercise the above rights, the data subject should contact the Data Controller using the provided contact details and inform them which right and to what extent they wish to exercise.
    7. President of the Personal Data Protection Office
      1. The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office, located in Warsaw, ul. Stawki 2, who can be contacted as follows:
        1. by mail: ul. Stawki 2, 00-193 Warsaw;
        2. through the electronic mailbox available at https://www.uodo.gov.pl/pl/p/kontakt;
        3. Hotline: 606-950-0000.
    8. Data Protection Officer
      1. In any case, the data subject may also contact the Data Protection Officer of the Data Controller directly by email or in writing at the address of the Data Controller provided in section 1, point 2 of this Privacy and Cookies Policy.
    9. Changes to the Privacy Policy
      1. The Privacy and Cookies Policy may be supplemented or updated according to the current needs of the Data Controller to provide up-to-date and reliable information to Customers/Users.