Privacy Policy

I. Personal data administrator

  1. The administrator of personal data within the meaning of Art. 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016/95/46 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 21/05/EC (GDPR) is Grzegorz Niewiński, running a business under the name Gizo Rental Sp. z o. o. Sp. k. at ul. Sadowa 850, 9661983895-0000660124 Jawczyce, NIP: 200257158, KRS: XNUMX, REGON: XNUMX
  2. E-mail address of the data administrator: czesci@gizo.pl.
  3. Administrator pursuant to Art. 32 section 1 GDPR complies with the principle of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data processed in connection with the business.
  4. Providing personal data by the customer is voluntary, but necessary in order to conclude a contract with the data administrator.
  5. The data controller processes personal data to the extent necessary to perform the contract or provide services to the data subject.

II. Purpose and basis for processing personal data

  • preparation of a commercial offer in response to the customer's interest, which is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);
  • concluding and implementing sales contracts with customers, based on the concluded contract (Article 6(1)(b) of the GDPR);
  • provision of services electronically via the Online Store, based on the concluded contract (Article 6(1)(b) of the GDPR);
  • handling the complaint process, based on the obligation imposed on the data controller in connection with applicable law (Article 6(1)(c) of the GDPR);
  • accounting related to issuing and accepting settlement documents, pursuant to tax law provisions (Article 6(1)(c) of the GDPR);
  • archiving data for the purpose of establishing, investigating or defending against claims or the need to prove facts, which is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);
  • contact by telephone or via e-mail, in particular in response to inquiries addressed to the data controller, which is the legitimate interest of the data controller (Article 6(1)(f) of the GDPR);
  • sending technical information regarding the functioning of the Online Store and the services used by the customer, which is the legitimate interest of the data administrator (Article 6(1)(f) of the GDPR);
  • marketing of the data controller's own products, which is his legitimate interest (Article 6(1)(f) of the GDPR) or is based on previously granted consent (Article 6(1)(a) of the GDPR).
  • The scope of personal data processed (e.g. name and surname, address, telephone number).
    • “The Administrator, via the Website and other forms of communication, collects and processes the following personal data of Users provided during the registration processes on the Website: name and surname, residential address, e-mail address, telephone number, ... etc.”

III. Data recipients. Transfer of data to third countries

  1. The recipients of personal data processed by the data controller may be entities cooperating with the data controller when it is necessary for the performance of the contract concluded with the data subject.
  2. The recipients of personal data processed by the data controller may also be subcontractors - entities whose services the data controller uses to process data, e.g. accounting offices, law firms, entities providing IT services (including hosting services).
  3. The data administrator may be obliged to provide personal data under applicable law, in particular to provide personal data to authorized state authorities or institutions.
  4. Personal data will not be transferred to an entity based outside the European Economic Area.

IV. Personal data storage period

  1. The data controller stores personal data for the duration of the contract concluded with the data subject and after its termination for purposes related to pursuing claims related to the contract, fulfilling obligations arising from applicable legal provisions, but for a period not longer than the limitation period in accordance with the provisions of law. Civil Code.
  2. The data administrator stores personal data contained in settlement documents for the period of time specified in the provisions of the Goods and Services Tax Act and the Accounting Act.
  3. The data administrator stores personal data processed for marketing purposes for a period of 10 years, but no longer than until the consent to data processing is withdrawn or an objection to data processing is raised.
  4. The data controller stores personal data for purposes other than those indicated in section. 1-3 for a period of 3 years, unless consent to data processing has been withdrawn earlier and data processing cannot be continued on a basis other than the consent of the data subject.

V. Rights of the data subject

  1. Every data subject has the right:
    • access – obtaining confirmation from the administrator whether her personal data is being processed. If data about a person is processed, he or she is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, information about the recipients or categories of recipients to whom the data have been or will be disclosed, about the period of data storage or about the criteria for their processing. determining the right to request rectification, deletion or limitation of the processing of personal data of the data subject, and to object to such processing (Article 15 of the GDPR);
    • to receive a copy of the data - to obtain a copy of the data subject to processing, the first copy is free of charge, and for subsequent copies the administrator may impose a reasonable fee resulting from administrative costs (Article 15(3) of the GDPR);
    • to rectify - request the rectification of incorrect personal data or the completion of incomplete data (Article 16 of the GDPR);
    • to delete data - request the deletion of personal data if the administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR);
    • to limit processing - request to limit the processing of personal data (Article 18 of the GDPR), when:
      • the data subject disputes the accuracy of the personal data - for a period enabling the controller to check the accuracy of the data,
      • the processing is unlawful and the data subject objects to their deletion and requests restriction of their use,
      • the controller no longer needs this data, but it is needed by the data subject to establish, pursue or defend claims,
      • the data subject has objected to the processing - until it is determined whether the legitimate grounds of the controller override the grounds for the data subject's objection;
    • to transfer data - to receive personal data concerning him or her in a structured, commonly used and machine-readable format, which he or she has provided to the controller, and to request that these data be sent to another controller if the data is processed on the basis of the data subject's consent or a contract concluded with him or her and if the data is processed in an automated manner (Article 20 of the GDPR);
    • to object - to object to the processing of her personal data for the legally justified purposes of the administrator, for reasons related to her particular situation, including profiling. The controller then assesses the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of data subjects, or grounds for establishing, pursuing or defending claims. If, according to the assessment, the interests of the data subject are more important than the interests of the controller, the controller will be obliged to stop processing data for these purposes (Article 21 of the GDPR).
  2. To exercise the above-mentioned rights, the data subject should contact the controller using the provided contact details and inform him which right he wants to exercise and to what extent.
  3. The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office in Warsaw.

VI. Profiling

  • Personal data obtained by the data administrator will not be processed automatically, including through profiling.