Dear Sir or Madam,
We ask you to read the following information concerning the principles of personal data processing, the rights related to it, and the way of exercising them. The above implements the requirements of the Regulation of the European Parliament and of the Council (EU) No 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC generally known as the General Data Protection Regulation (GDPR).
1. In line with the GDPR, in order to ensure adequate protection of personal data, the data subject must be provided with information concerning the processing of their personal data referred to in Article 13 or 14 of the GDPR, depending on whether it was obtained directly from the data subject or from other sources.
2. Therefore, we would like to inform you that:
The Controller of your personal data is:
The Controller of your personal data is:
PURENET spółka z o.o. (formerly Exiniti Sp. z o.o.) with its registered office at ul. Janusza 14 in Szczecin (71-116) entered under No KRS 0000546537 into the National Court Register maintained by the District Court in Szczecin, XIII Commercial Division of the National Court Register, statistical number (REGON) 360924751, VAT number (NIP) PL8522612290
(hereinafter referred to as: the “Controller”).
You can contact the Controller by writing to their address
as above or to the e-mail address: firstname.lastname@example.org
3. Purposes of personal data processing
The Controller processes personal data for the following purposes:
- Concluding and performing contracts of sales, performance or service and other business contracts to which you are a party or taking action before concluding a contract, including selling goods or services, providing services electronically, e.g. newsletter, loyalty programs, expressing opinions, evaluations or comments, using various applications (e.g. an online contact form), as well as ongoing contact with you in this respect,
- bookkeeping, including issuing invoices, Business cooperation and business contacts,
- correspondence with persons asking questions,
- establishing, investigating or defending claims that may be raised by the Controller or that may be raised against the Controller,
- providing information to subcontractors – entities used in the performance of the contracts mentioned above,
- providing information to business partners with an offer complementing our offer.
Your data is also processed based on your consent – for purposes consistent with the content of the consent, including commercial and marketing purposes.
4. Is the provision of data mandatory:
The provision of personal data is voluntary, but it may be necessary in some cases.
It is necessary to provide data when concluding and performing contracts with the Controller. Moreover, in a situation when it is required by the law imposing on the Controller the obligation to process personal data (e.g. NIP number, PESEL for the purpose of bookkeeping).
5. Legal basis of data processing:
- Article 6(1)(a) of the GDPR – if the data subject gives their consent to process data for one or more specific purposes,
- Article 6(1)(b) of GDPR – if processing is necessary for the performance of a contract to which the data subject is a party or to take contractual action at the request of the data subject before the conclusion of a contract,
- Article 6(1)(c) of GDPR – if processing is necessary for the fulfilment of a legal obligation imposed on the Controller (in particular: issuing and storing invoices and bookkeeping documents, processing complaints, making the data available to the national authorities within the limits and on the basis of the legal provisions,
- Article 6(1)(f) of GDPR – if processing is necessary for the purposes resulting from the legitimate interests performed by the Controller or a third party, except the situations when such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is a child. The Controller’s legitimate interest consists in providing information within the scope of the offered products and services, for purposes of improving the quality of the offered/sold goods or services by consulting or measuring satisfaction; supporting payment, credit or insurance services for the purchased goods; managing activity on the Controller’s websites by monitoring it in terms of improving the functionality of the service, analysis of needs, matching advertisements according to the previously viewed content; handling messages, opinions or requests when they are not related to the performance of the contract; detecting and preventing abuse, investigating or defending against claims, as well as conducting proceedings before public authorities or courts; protecting property, health and life by registering an image (monitoring) of the workplace/restaurant/shop area and the area around such premises, depending on the Controller’s business profile; statistical; preparing analyses, summaries, statistics and archiving, including ensuring accountability.
6. Scope of data processing:
for the purposes set out in point 5.1 of the above information, the scope of data processing: in line with the consent and purpose for which the consent was given;
for the purposes set out in points 5.2 and 5.3, the scope of data processing: first and last name or name of the company conducting the business activity; e-mail address; contact number (stationary phone/cell phone); delivery or contract performance address or place of residence (street, number of the house/office, postcode, town, country, address of residence/business), date of birth, PESEL or NIP.
the scope of data processed for the purposes of point 5.4 and marketing: first name, last name, e-mail address.
7. Retention period for the personal data:
Data is processed for the period necessary to achieve the purposes indicated in point 5 above and depending on that purposes.
personal data is processed for the duration of the contract concluded, and thereafter for the period and to the extent required by law, and the period after which the claims arising from the contract become prescribed.
for bookkeeping, the data is stored for the period required by law for which the Controller is obliged to keep the accounts (5 years from the beginning of the year following the financial year to which the data relate),
if personal data is processed on the basis of a legitimate interest and direct marketing, it is stored until an objection is raised to such processing,
To establish, assert or defend claims, data is stored for the duration of a legitimate interest of the Controller, however, not longer than for the period of limitation of claims against the data subject on account of the Controller’s business activity. The limitation period is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to conducting business activity is 3 years, and 2 years in case of a sales contract).
First of all:
8. Data recipients – who has access to your personal data:
In relation to data processing for the purposes and on the basis described above (point 5), personal data may be made available to the following categories of recipients:
entities involved in the processes necessary to achieve the purpose for which the consent was granted or to perform the contract, including the transport of goods, payment services, electronic services, advertising agencies; carriers/freight forwarders who deliver mail or courier services,
entities operating our IT systems or supporting our systems,
entities providing consulting or auditing services,
entities providing IT or technical services, in particular computer software providers for operating the Internet shop, electronic mail and hosting providers, business management software providers.
entities related to the Controller within the scope of capital or personnel,
public authorities or entities performing public tasks on the basis and within the limits of the applicable law,
entities providing bookkeeping services for the Controller, operators of payment systems providing payment services,
other entities if they are entitled to obtain data under applicable law.
9. Data transfer to a third country or international organisation
Currently, we do not plan to transfer your Personal Data outside the European Economic Area (comprising the European Union, Norway, Liechtenstein and Iceland), (“EEA”).
10. Rights of the data subject
You have the following rights with respect to your data processing:
the right to access data, including the right to obtain a copy of your data,
the right to request the rectification of your data,
the right to delete your data (in certain situations),
the right to limit the processing of your data,
the right to object to the processing of your data,
the right to transfer your data to another controller or to you (on the principles set out in Article 20 of the GDPR),
the right to lodge a complaint with the supervisory authority for data protection if you consider that the processing of your data violates the applicable data protection regulations,
the right to withdraw your consent at any time if you have given your consent to data processing (e.g. to receive commercial information and further data processing is not necessary for the performance of the obligations arising from the contract concluded with the person who gave the consent). This consent may be withdrawn at any time by means of a written or electronic declaration. The consent withdrawal does not affect the lawfulness of the processing that was carried out based on your consent before it was withdrawn.
11. Cookies and other technologies
Cookies are tiny portions of information saved by the browser. Cookies have NO impact on software or hardware. Cookies are associated only with the browser of a particular device, without providing the name or surname of the user (an anonymous user). This is the information stored by the server on the user’s device, which the server can read every time it connects to the user’s device.
Cookies used on our website do not collect any information making it possible to identify the user.
The Controller uses session cookies, which contain the data necessary to log in correctly and control this process on the website. They identify the computer and browser data used to view websites – for example, they make it possible to find out whether the computer has already visited the website;
12. Social media Plug-ins
Information supporting functions, providing important information and content in line with the needs of individual users, from the servers of the following service providers:
How to manage cookies
If you do not want to receive cookies, you can change your browser settings. You can disable the cookies’ mechanism at any time by changing the settings in your browser. Restricting the possibility to set cookies may impair the overall quality of the website use.
The Controller collects data for defined, lawful purposes, processes them in accordance with the law and does not subject them to further processing incompatible with these purposes. Data shall be collected only to the adequate, necessary and not excessive extent in relation to the purposes for which they are processed.
The Controller shall not process special categories of data. On the website of the Controller’s company, i.e. www.purenet.pl, no personal data of the Internet users visiting the website are collected and stored or used.
Considering the nature, scope, context and purposes of the processing, as well as the risk of infringing the rights or freedoms of natural persons of varying degrees of likelihood and seriousness, the Controller implements appropriate technical and organisational measures to ensure and to demonstrate that the processing is carried out under this Regulation. These measures shall be reviewed and updated as necessary.