This Privacy and Cookies Policy defines the rules of processing
personal data obtained through
the website www.pszczolka.pl (hereinafter referred to as: “The website”).
Personal data of the Website Users is collected automatically,
processed in compliance with the requirements of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). Users have rights granted to them in individual provisions of the GDPR.
§ 1
Data Controller
The owner of the Website and, at the same time, the Data Controller
is Fabryka Cukierków „Pszczółka” Sp. z o.o. KRS 0000370450, TIN 9462616622
§ 2
Type of data processed, purposes
and legal grounds
Users’ personal data is collected for the purposes of the contact form
via the Website.
Your data is processed on the basis of Article 6, section 1 letter b GDPR – i.e.
implementation of the services provided via the Website.
When filling out the contact form mentioned in section 1,
the User must obligatorily provide: full name, e-mail address, message content and confirmation of acceptance of the Website’s privacy policy.
§ 3
Data sharing and entrusting
The User’s personal data, which is used by the Controller when running the Website, is transferred to the service providers. Suppliers of
services to whom personal data is transferred are subject to Controller’s instructions as to the purposes and methods of processing this data (processing entities).
Processors include Industi Sp. z o. o. seated in
Lublin, ul. Narutowicza 77/3, 20-019 Lublin in order to use the Website hosting services.
In the event of a request, the Controller provides personal data
to authorized state authorities, in particular common courts,
the prosecutor’s office, the police, the President of the Personal Data Protection Office or the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communication.
§ 4
Rights of the User
The right to delete data, the so-called “right to be forgotten” (Article 17 of the GDPR).
The User has the right to request the deletion of all or some personal data if:
personal data is no longer necessary for the purposes for which they were collected or processed;
the personal data is unlawfully processed;
personal data must be removed in order to comply with a legal obligation provided for in the law of the European Union or the law of a Member State, which the Controller is subject to;
the personal data has been collected in relation to the offering of information society services.
Despite the request to delete personal data, in connection with the objection,
the Controller may keep certain personal data to the extent to which processing is necessary to establish, pursue or defend claims, as well as to comply with a legal obligation that requires processing under the EU law or the law of the Member State, which the Controller is subject to. This applies in particular to personal data including: first name, last name, e-mail address, the data which is stored for
complaints and claims processing purposes related to the use of the Controller’s services.
The right to limit data processing (Article 18 of the GDPR).
Submitting a request, pending its consideration, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request.
The user has the right to request the restriction of the use of personal data in the following cases:
when they question the correctness of their personal data – then
the Controller restricts their use for the time needed to
check the correctness of data, but not longer than 7 days;
when data processing is unlawful, and instead of deletion
of the data, the User will request the restriction of their use;
when personal data is no longer necessary for the purposes for which they were collected or used but they are needed by the User for the purpose of establishing, pursuing or defending claims;
when they objected to the use of their data – then
the restriction occurs for the time needed to consider whether – due to the special situation – protection of interests, rights and freedom of the User outweighs the interests pursued by the Controller processing the User’s personal data.
The right to access the data (Article 15 of the GDPR).
The User has the right to obtain confirmation from the Controller as to whether they are processing personal data, and if this is the case, the User has the right to:
access their personal data;
obtain information about the purposes of processing, categories of the personal data being processed, about the recipients or categories of recipients of this data, planned period of storage of the User’s data or about the criteria determining this period (when determining the planned period of processing
data is not possible), about the rights of the User under
GDPR and the right to lodge a complaint with the supervisory authority, about the source of that
data, about automated decision making, including profiling, and
about the security measures used in connection with the transfer of this data, except for
The European Union;
acquire a copy of their personal data.
The right to rectify the data (Article 16 of the GDPR).
The User has the right to request the Controller to immediately
rectify incorrect personal data concerning them. Taking into account the purposes of processing, the User has
the right to request the completion of incomplete personal data, including by
submitting an additional statement by sending a request to the email address in accordance with § 8 of the Privacy Policy.
In the event of the User withdrawing from the right resulting from
the above rights, the Controller fulfils the request or refuses to fulfil it immediately, but no later than one month after its
receipt. However, if – due to the complexity of the request or
number of requests – the Controller will not be able to fulfil the request within a
month, they will fulfil them within the next two months by informing
the User within one month from receiving the request – about
the intended extension of the deadline and its reasons.
The User may submit complaints, inquiries and requests to the Controller
regarding the processing of their personal data and implementation of
their rights.
The User has the right to request the Controller to provide a copy of
standard contractual clauses, directing the inquiry in the manner indicated in § 6 of the
Privacy Policy.
The user has the right to lodge a complaint with the President of the Office of
Personal Data Protection, in the scope of violation of their rights to protection of
personal data or other rights granted under the GDPR.