GDPR - privacy policy - CL Grześkowiak

Privacy policy

This Privacy Policy for the website https://grzeskowiak.com.pl serves as informational and is not binding on Service Recipients or Customers. The Privacy Policy primarily outlines the principles of personal data processed by the Administrator, including the legal bases, purposes, and duration of personal data processing, as well as the rights of individuals whose data is processed. Additionally, it provides information about the use of Cookies and analytical tools on the website.

The administrator of this website is CENTRUM LOGISTYCZNE GRZEŚKOWIAK SP. Z O.O. SP. K., with registered office at 64-100 Leszno, ul. Luksemburska 5, and the place of business operations at 64-100 Leszno, ul. Jana Dekana 3B, Tel. +48 65 525 91 91. The company is registered in the Entrepreneurs’ Register maintained by the District Court of Poznań Nowe Miasto i Wilda in Poznań, IX Economic Division of the National Court Register under the KRS number: 0000804576, with Tax Identification Number (NIP): 6972370472 and National Business Registry Number (Regon): 384413670, referred to as CL Grześkowiak.

Contact details of the Data Controller for personal data processing:
Address: 64-100 Leszno, ul. Jana Dekana 3B
Tel.: +48 65 525 91 91
Email: cl@grzeskowiak.com.pl

The processing of personal data by the Administrator is carried out in compliance with applicable legal regulations, in particular with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – referred to as “GDPR.”

Official text of the GDPR: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679

While providing services through this website, CL Grześkowiak collects and stores information about Users, using it to fulfill services requested by Users and other actions for which Users have given consent.

Data collected by the Administrator:
A. PERSONAL DATA
B. COOKIES

A. PERSONAL DATA

I. SOURCES OF PERSONAL DATA

By using the website https://grzeskowiak.com.pl, Users may provide their personal data to the Administrator by filling out special forms. This data may include: first name, last name, phone number, email address, and other personal data provided in the content of inquiries. Providing this data is not obligatory, but it is necessary for using the services or establishing contact with the Administrator.

The Administrator may also acquire personal data through activities outside the website.

II. DATA ADMINISTRATOR

CENTRUM LOGISTYCZNE GRZEŚKOWIAK SP. Z O.O. SP. K., 64-100 Leszno, ul. Luksemburska 5, and the place of business operations at 64-100 Leszno, ul. Jana Dekana 3B, Tel. +48 65 525 91 91, registered in the Entrepreneurs’ Register maintained by the District Court of Poznań Nowe Miasto i Wilda in Poznań, IX Economic Division of the National Court Register under the KRS number: 0000804576, with Tax Identification Number (NIP): 6972370472 and National Business Registry Number (Regon): 384413670, referred to as CL Grześkowiak.

III. LEGAL BASIS FOR PROCESSING PERSONAL DATA

a/ Providing personal data by the User is voluntary, although not providing the necessary data in the forms to conclude and perform a Sales Agreement or an agreement for the provision of Electronic Services will result in the inability to conclude such an agreement and establish contact with the User.

b/ The legal basis for processing User’s personal data is usually the consent of the data subject or the necessity for the performance of a contract of which the User is a party or to act at the User’s request prior to entering a contract.

c/ In the case of processing data for direct marketing of its own products or services, the legal basis is the prior consent of the User.

d/ In the case of processing data for the direct marketing of products and services of entities cooperating with the Administrator, the legal basis is the prior consent of the User.
IV. PURPOSES OF PROCESSING PERSONAL DATA

This data is processed solely for the purposes for which it was collected with the User’s consent as indicated in the form.

Possible purposes for the collection of personal data of Service Recipients or Customers by the Administrator:
a/ conducting business negotiations,
b/ providing responses to inquiries sent to the Administrator,
c/ monitoring website traffic on the Administrator’s website,

V. PERSONAL DATA PROTECTION

1. Principles of Personal Data Processing by the Data Controller

When processing personal data, the Data Controller follows the following principles:

The Data Controller takes special care to protect the interests of individuals whose personal data is processed. In particular, the Data Controller is responsible and ensures that the collected data are:
1) processed lawfully.
2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes;
3) accurate and adequate in relation to the purposes for which they are processed;
4) stored in a form enabling the identification of individuals for no longer than necessary for the purpose of processing;
5) processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Considering the nature, scope, context, and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller, CL Grześkowiak, implements appropriate technical and organizational measures to ensure processing in accordance with the GDPR and to be able to demonstrate this compliance. These measures are subject to review and updating as needed. The Data Controller employs technical measures to prevent unauthorized access to and modification of electronically transmitted personal data.

2. Informational Obligations of the Data Controller

Depending on whether the Data Controller collects data from the data subject or from a source other than the data subject, the EU Regulation on Data Protection imposes separate informational requirements on the Data Controller for these data.

Common informational obligations of the Data Controller for both situations, whether data was collected from the data subject or indirectly:

1) Obligation to provide the identity of the data controller, contact details, and the identity and contact details of the data controller’s representative.
2) Obligation to provide the contact details of the data protection officer (if appointed).
3) Obligation to specify the purposes of processing personal data and the legal basis for processing.
4) Obligation to provide information about recipients of personal data or categories of recipients to whom the data will be disclosed.
5) Obligation to inform about the intention to transfer personal data to a third country or international organization, if applicable.
6) Obligation to indicate the retention period for personal data, or if not possible, the criteria used to determine this period.
7) Obligation to provide information about the rights of data subjects.
8) Obligation to inform about the right to lodge a complaint with the supervisory authority (providing the full name and address of the authority).
9) Obligation to inform the data subject whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter a contract, and whether the data subject is obliged to provide the data and what the consequences of not providing the data are.
10) Obligation to inform about automated decision-making, including profiling.
11) Obligation to inform about a new purpose of processing data other than the one originally provided in the initial information.

VI. DATA RECIPIENTS

1. For the proper functioning of the website, including the execution of concluded Sales Agreements, the Administrator needs to utilize services of external entities (such as software providers or couriers). The Administrator exclusively engages processing services of such external entities that ensure sufficient guarantees for the implementation of appropriate technical and organizational measures to fulfill GDPR requirements and protect the rights of individuals whose data is processed.

2. Personal data may be transferred by the Administrator to third countries, with the assurance that such transfers will take place to countries providing an adequate level of protection consistent with the GDPR. In cases involving other countries, data transfers will occur based on standard data protection clauses. The Administrator ensures that the individual whose data is processed can obtain a copy of their data. The Administrator only shares collected personal data in cases and to the extent necessary to fulfill a specific purpose of data processing in accordance with this privacy policy.

3. Data transfer by the Administrator does not occur in all cases or to all recipients or categories of recipients mentioned in the privacy policy. The Administrator shares data only when necessary to achieve the purpose of processing and only to the extent necessary to achieve it. For example, if a customer opts for personal pickup, their data will not be shared with the carrier cooperating with the Administrator.

4. Personal data of Service Recipients and Customers may be shared with the following recipients or categories of recipients:

4.1. carriers / freight forwarders / courier brokers / entities handling warehousing and/or shipping processes – in the case of a customer who uses the website and chooses the delivery method of their Product by postal or courier service, the Administrator provides the collected personal data of the Customer to the selected carrier, freight forwarder, or intermediary handling shipments on behalf of the Administrator. If shipping originates from an external warehouse, the data may be shared with the entity responsible for warehousing and/or the shipping process, but only to the extent necessary for delivering the Product to the Customer.

4.2. suppliers of services providing the Administrator with technical, IT, and organizational solutions enabling the Administrator’s business operations, including the website and the Electronic Services offered through it (especially providers of software for website management, email and hosting services, and software for business management and technical support) – the Administrator shares collected personal data of the Customer with the selected supplier acting on its behalf only when necessary and to the extent necessary to fulfill the purpose of data processing in accordance with this privacy policy.

4.3. providers of accounting, legal, and advisory services supporting the Administrator with accounting, legal, or advisory services (such as accounting firms, law firms, or debt collection agencies) – the Administrator shares collected personal data of the Customer with the selected supplier acting on its behalf only when necessary and to the extent necessary to fulfill the purpose of data processing in accordance with this privacy policy.

4.4. providers of social media plugins, scripts, and other similar tools placed on the website enabling the browser of the website visitor to retrieve content from the providers of those plugins (e.g., login using social media credentials) and transmit personal data of the visitor for this purpose, including:

Products of Meta Platforms Ireland Limited (Facebook and Instagram) – The Administrator uses social media plugins from Facebook and Instagram (such as the “Share” button) on the website, and therefore collects and shares personal data of Service Recipients using the website to Facebook and Instagram. (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland) in the scope and according to the privacy principles available here: https://www.facebook.com/privacy/explanation (these data include information about actions on the website – including information about the device, visited pages, purchases, displayed ads, and how the services are used – regardless of whether the Service Recipient has a Facebook account and whether they are logged in to Facebook or Instagram).

Google Ireland Ltd. (YouTube plugin) – The Administrator uses the YouTube.com plugin on the website and therefore collects and shares personal data of Service Recipients using the website with Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the scope and according to the privacy principles available here: https://policies.google.com/privacy?hl=en (these data include information about actions on the website – including information about the device, visited pages, purchases, displayed ads, and how the services are used) – regardless of whether the Service Recipient has a Google account and whether they are logged in to that account.

Google Ireland Ltd. (Google Maps plugin) – The Administrator uses the Google Maps service on the website (e.g., displaying the locations of service and assembly companies) and therefore collects and shares personal data of Service Recipients using the website with Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the scope and according to the privacy principles available here: https://policies.google.com/privacy?hl=en (these data include IP address and location data of the device on which the website is displayed) – regardless of whether the Service Recipient has a Google account and whether they are logged in to that account.

Google Ireland Ltd. (reCAPTCHA plugin) – The Administrator uses the reCAPTCHA anti-spam system on the website and therefore collects and shares personal data of Service Recipients using the website with Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the scope and according to the privacy principles available here: https://policies.google.com/privacy?hl=en (these data include IP address of the Service Recipient’s device, Service Recipient’s actions on the website, including browsing actions and time) – regardless of whether the Service Recipient has a Google account and whether they are logged in to that account.

LinkedIn Ireland Unlimited Company – The Administrator uses social media plugins from LinkedIn (such as the “Share” button) on the website, and therefore collects and shares personal data of Service Recipients using the website with LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland) in the scope and according to the privacy principles available here: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv (these data include information about actions on the website – including information about the device, visited pages, purchases, displayed ads, and how the services are used – regardless of whether the Service Recipient has a LinkedIn account and whether they are logged in to

VII. RIGHTS OF THE DATA SUBJECT

1. Right of Access, Rectification, Restriction, Erasure, and Portability – The individual whose data is processed has the right to request access to their personal data from the Administrator, its rectification, erasure (“right to be forgotten”), or restriction of processing. They also have the right to object to processing and the right to data portability. The detailed conditions for exercising these rights are specified in Articles 15-21 of the GDPR.

2. Right to Withdraw Consent at Any Time – If an individual’s data is processed by the Administrator based on their consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR), they have the right to withdraw their consent at any time without it affecting the lawfulness of processing based on consent before its withdrawal.

3. Right to Lodge a Complaint with a Supervisory Authority – The individual whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure defined in the provisions of the GDPR and Polish law, particularly the Act on the Protection of Personal Data. The supervisory authority in Poland is the President of the Personal Data Protection Office.

4. Right to Object – The individual whose data is concerned has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or official authority) or (f) (legitimate interests of the data controller) of the GDPR, including profiling based on those provisions. In such cases, the Administrator is no longer allowed to process that personal data unless they demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

5. Right to Object to Direct Marketing – If personal data is processed for direct marketing purposes, the individual whose data is concerned has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that it is related to such direct marketing.

6. To exercise the rights mentioned in this privacy policy section, individuals can contact the Administrator by sending an appropriate message in writing or by email to the Administrator’s address stated at the beginning of the privacy policy.

B. COOKIES

I. WHAT ARE COOKIES?

Cookies are computer data, particularly text files, that are saved and stored on Users’ end devices, intended for use on websites.

The cookies used by the Administrator are safe for the User’s device and usually contain: the domain name from which they originate, the duration of storage on the device, and a unique number. It is not possible for unwanted software or viruses to be transmitted in this way. Cookies do not have the ability to download any personal data or confidential information from the User’s devices.

II. TYPES OF COOKIES USED

1. Session Cookies – stored on the User’s device until the end of the browser session. The information stored in them is deleted from the device’s memory at the end of the session.

2. Long-term Cookies – stored on the User’s device for the time specified in their parameters or until they are deleted. Ending the session does not result in their deletion.

III. PURPOSES OF USING COOKIES

1. First-party Cookies (placed by the Administrator) are used for:

a/ authenticating and maintaining the User’s session on the website (so they do not have to log in again after navigating to another page – these are known as necessary Cookies),

b/ optimizing and improving the performance of provided services – performance Cookies that collect data on how users use the website services,

c/ enhancing the functionality and reliability of the website and accessing its full functionality, as well as proper configuration of selected features – functional Cookies that allow the User’s selected settings to be remembered and interface personalization, such as preferred language, font size, appearance of the website, etc.,

d/ ensuring the security of the website, e.g., detecting abuses in the authentication process within the Service.

2. Third-party Cookies placed by the Administrator’s Partners for:

a/ collecting general, anonymous statistical data through available analytical tools (e.g., Cookies used by Google Analytics – privacy policy: www.google.com/intl/en/policies),

b/ advertising purposes, serving content that matches interests based on frequently searched content, as well as controlling the frequency of displayed ads.

IV. REMOVING COOKIES

1. By default, software used to browse websites allows for the placement of Cookies on the end device. Users have the option to limit or disable access to Cookies on their device using the available functions of the internet browser.

Limiting the use of Cookies may affect some functionalities available on the website.

2. Users can independently change the default browser settings. These settings can be adjusted to block the automatic handling of Cookies in the browser settings or to notify about the placement of Cookies on the User’s device every time.

3. Detailed information on the options and methods of managing Cookies are available in the software settings (internet browser).

4. Failure to change browser settings implies acceptance of placing Cookies on the User’s device.

V. PROFILING AND ONLINE TRACKING

The Administrator profiles the data of Users of its website and tracks the activities of these Users on its website. The gathered information is then used for purposes such as creating personalized advertisements and optimizing the website to enhance its usability.

The Administrator profiles the data of Users of its website using the following tools:

– services: Google Search Console.

These tools allow the Administrator to deliver targeted advertising to Users who have previously visited its website or to Users similar to them. Additionally, the Administrator can provide suitable messages to them, such as information about products or services they showed interest in during their visit.

The Administrator provides a detailed description of how tools such as Google Ads, including Remarketing and Similar Audiences, work:

a) Description of how remarketing or Similar Audiences are used in the Administrator’s online advertisements.

The Administrator uses remarketing tools to track Users’ online activities and deliver personalized advertisements to them based on their preferences and previous indications of interest in specific services or products offered on the Administrator’s website. This approach enables the Administrator to inform Users about ongoing promotions, special offers, or products and services that they have previously shown interest in.

Similar Audiences refer to individuals who have not visited the Administrator’s website but share similar characteristics with Users who have visited it. Google categorizes these similar users based on their online actions and likeness to the Administrator’s users. Google may send ads from the Administrator to Users similar to those who have visited its website, based on a separate instruction from the Administrator.

Information on how third-party providers, including Google, display the Administrator’s ads on the internet.

The Administrator’s ads are displayed by third-party providers, including Google, on websites such as the Google Display Network, which facilitates the display of ad boxes through Google Ads.

b) Information on how third-party providers, including Google, use cookies to display ads based on users’ previous visits to the Administrator’s website.

An auction for ad space takes place on external advertising provider websites. Multiple advertisers, including the Administrator, compete for space in specific ad boxes. To compete, the Administrator uses its own list of recipients based on cookies collected by the Administrator.

c) Opting out of cookies

Users of the Administrator’s websites can opt out of Google’s cookie use by using the following link to change the settings for ads displayed by Google on their devices: https://adssettings.google.com/authenticated.

Profiling of User data using Google Analytics

The Administrator employs the Google Analytics system to track website traffic, create market and statistical analyses, and improve the quality of information presented on its website. Additionally, the Administrator uses Google Analytics to create marketing lists based on specific actions taken by Users on its website.

The Google Analytics tool used by the Administrator stores data for 50 months from the date of collection. This retention period applies to user-level and event-level data associated with cookies, user identifiers (e.g., User-ID), and ad identifiers (e.g., DoubleClick cookies, Android advertising ID, Apple ID for advertisers).

Users can provide consent for using cookies (regarding profiling) by clicking the “Accept” button or by adjusting cookie settings allowed by the user, using the information/tools displayed on the grzeskowiak.com.pl website.

Consent for profiling can be withdrawn at any time, although this will not affect the legality of processing activities carried out before its withdrawal.

How will the Administrator’s websites function without consent for cookie use?

If Users do not provide consent for the use of cookies for profiling purposes, only cookies necessary to ensure the proper functioning of the Administrator’s website (e.g., related to preferred language settings, form submissions, etc.) will be stored on their devices. Users can modify these settings within their internet browsers; however, some parts of the Administrator’s website may not function correctly in this case.

This privacy policy of the website https://grzeskowiak.com.pl is informative, which means that it is not a source of obligations for Service Users or Customers. The privacy policy contains mainly rules regarding the processing of personal data by the Administrator, including the grounds, purposes and period of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools on the website.

The administrator of this website is CENTRUM LOGISTYCZNE GRZEŚKOWIAK SP. Z O.O. SP. K., 64-100 Leszno, ul. Luksemburska 5, place of business 64-100 Leszno, ul. Jana Dekana 3B, Tel. 65 525 91 91, entered into the Register of Entrepreneurs kept by the District Court Poznań Nowe Miasto i Wilda in Poznań, IX Commercial Division of the National Court Register under KRS number: 0000804576, with NIP number: 6972370472 and REGON: 384413670, hereinafter referred to as CL Grześkowiak.

The Administrator’s contact details for the processing of personal data:
Address: 64-100 Leszno, ul. John Dekan 3B
phone: +48 65 525 91 91
e-mail: cl@grzeskowiak.com.pl

Personal data is processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation”.
The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

When providing services as part of this website, CL Grześkowiak collects and stores data about website Users, uses them to provide services at the User’s request or other activities for which he has consented.

Data collected by the Administrator.
A. PERSONAL DATA
B. COOKIES

A. PERSONAL DATA

I. PLACES OF OBTAINING PERSONAL DATA

By using the website https://grzeskowiak.com.pl, Users can provide the Administrator with their personal data, such as: name, surname, telephone number, e-mail address and other personal data provided in the content of the inquiry. Providing this data is not obligatory, however, it determines the use of services or establishing contact with the Administrator.

The administrator may also obtain personal data outside the websites as part of other activities.

II. PERSONAL DATA ADMINISTRATOR

CENTRUM LOGISTYCZNE GRZEŚKOWIAK SP. Z O.O. SP. K., 64-100 Leszno, ul. Luksemburska 5, place of business 64-100 Leszno, ul. Jana Dekana 3B, Tel. 65 525 91 91, entered into the Register of Entrepreneurs kept by the District Court Poznań Nowe Miasto i Wilda in Poznań, IX Commercial Division of the National Court Register under KRS number: 0000804576, with NIP number: 6972370472 and REGON: 384413670, hereinafter referred to as CL Grześkowiak.

III. THE BASIS FOR THE PROCESSING OF PERSONAL DATA

a / Providing personal data by the User is voluntary, but failure to provide the personal data indicated in the forms necessary for the conclusion and implementation of the Sales Agreement or contract for the provision of Electronic Services results in the inability to conclude this contract and the inability to contact the User.

b / The basis for the processing of the User’s personal data is in most cases the consent of the data subject, as well as the need to perform the contract to which he is a party or to take action at his request before its conclusion.

c / In the case of data processing for direct marketing of own products
or the Administrator’s services, the basis for such processing is the User’s prior consent.

d / In the case of data processing for direct marketing of products and services of entities cooperating with the Administrator, the basis for processing is the User’s prior consent.

IV. PURPOSES OF THE PROCESSING OF PERSONAL DATA

These data are processed only for the purposes for which they were collected with the consent of the User indicated in the form.

Possible purposes of collecting personal data of Service Users or Customers by the Administrator:
a / conducting trade negotiations,
b / answering questions sent to the Administrator,
c / traffic monitoring on the Administrator’s website,

V. PROTECTION OF PERSONAL DATA

1. Principles of personal data processing by the Personal Data Administrator

The Personal Data Administrator observes the following rules when processing personal data:

The administrator takes special care to protect the interests of persons to whom the personal data processed by him relates, and in particular is responsible and ensures that the data collected by him are:
1) processed in accordance with the law;
2) collected for

Cookie	Duration	Description
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
wpml_current_language	12 month	This cookie is related to WPML language plugin and allow to rememebr language.