Privacy protection of all people whose data we process in the course of our activities is very important to Oknoplast Sp. z o.o. with its registered office in Ochmanów.
– of visitors to our website at oknoplast.com;
– of persons who enter into agreements with our trade partners and are interested in our products;
– representatives and employees of our trade and business partners,
Personal Data Controller
The controller of your personal data is Oknoplast Sp. z o.o. with its registered office in Ochmanów, Ochmanów 117, 32-003 Podłęże (hereinafter: “we”, “Controller” or “Oknoplast”).
– via email to the following email address: email@example.com
– via mail to the following address: Oknoplast Sp. z o.o., Ochmanów 117, 32-003 Podłęże.
In matters related to processing of personal data please write to email address: firstname.lastname@example.org
Which data do we process?
Website and profiles in social media
As you use our website we collect data necessary for provision of relevant services, and information on your online activity.
– If you use a contact form we collect your name, surname, contact data and message content.
– If you navigate through our website we collect information stored in cookies or system logs, and information such as your IP address, time you spend on our website and your interactions with content available on our website.
On our profiles in social media we collect information on your activity in relevant internet portals in connection with our site/company profile (e.g. “Like” clicks, published posts, comments, messages sent via internal messengers).
Function of distribution chain
In connection with our distribution chain we collect and process data of persons who entered into our products-related agreement with our trade partners or are interested in our products and for this purpose contacted our selected trade partner.
Within our distribution chain we collect information in form of: contact data, information on contract subject and duration, delivery or installation details, contract performance-related information and potential customer service in connection with an offer inquiry related to our products.
Moreover, in order to monitor the quality of our customer service we collect and process information provided in form of satisfaction surveys regarding the agreement performance by a trade partner.
While conducting business cooperation we collect and process personal data of entrepreneurs who are our business partners, as well as of representatives and employees of our business partners acting in form of companies (including trade partners within our distribution chain) or entities interested in such a cooperation. The scope of collected data depends on the type of cooperation. We usually collect basic information, such as: contact data, information on conducted activities, information on place of employment/represented entity, on-going communications-related informations, and information related to conclusion and performance of a contract.
Cookies and similar technology
What are cookies?
A cookie is a small text file installed on a user’s device when a user browses through our website. Cookies collect information to make the use a website easier – e.g. by remembering user’s visits on a website and what the user does, e.g. what language he/she selects.
What cookies do we collect?
– user input cookies (session identifier) for the time of session duration;
– authentication cookies used for services that require authentication for the time of session duration;
– user centric security cookie e.g. used to detect authentication abuse );
– multimedia player session cookie (e.g. flash cookie) for the time of session duration;
– user interface customization cookie for the time of session duration or a bit longer;
– cookie used to monitor website traffic i.e. data analytics, including Google Analytics cookie used by Google to analyse how the User uses the Website, to create statistics and reports on Website functioning). Google does not use data to identify the User and does not combine such information in order to make the identification possible. Detailed information on the scope and rules of this service-related data collection can be found at: https://www.google.com/intl/pl/policies/privacy/partners.
Sources of personal data
If we do not collect data directly from you, we may obtain it:
– from our trade partners you entered into agreements regarding Oknoplast products;
– publicly available sources, such as: Central Registration and Information on Business (CEiDG) pages, websites, other publicly available registers;
– from your employers or entities you work with.
Purposes and basis for processing of personal data
We process your data for various purposes and under various legal grounds described below:
Processing of data on our website
a. Provision of online services. We process your data to provide you online services for you to be able to access certain functionalities and content available on the website. The ground for processing of data is the fact that it is necessary for the performance of a contract and provision of online services (Article 6(1)(b) of GDPR).
b. Marketing. Your personal data is used for marketing purposes of Oknoplast. On our website we use behavioural advertising technology which helps us to tailor content to your preferences and expectations. With this technology we profile our users – we analyse and evaluate what content might interest you and we display adequate advertisements. In addition, if you give a separate consent to receive marketing communications, we will send you specific commercial content on Oknoplast products and services ( e.g. newsletter, information on new products, interesting promotions), including content tailored to your preferences. The legal ground for actions taken for marketing purposes is the legitimate interest of Oknoplast (Article 6(1)(f) of GDPR).
c. Analyses and statistics and service quality analysis Your personal data is used for analytical and statistical purposes which include analysis of guests activity visiting a website and preferences in terms of functionalities and content offered. To analyse quality of services offered by Oknoplast we use your contact data to obtain information on your level of satisfaction of the quality of our services (e.g. by displaying or sending you satisfaction surveys). By processing personal data for these purposes we are able to continuously improve the quality of our services and the performance our legitimate interest (Article 6(1)(f) of GDPR).
d. Protection against claims. If justified, your personal data is processed by us to determine, bring or defend against claims (e.g. claims. resulting from improper provision of services available on our website). The legal ground for processing of personal data for the above purposes is our legitimate interest (Article 6(1)(f) of GDPR).
e. Security and efficient operation of the website. The activity of users on the website is recorded in system logs (special computer programme used for storing of chronological records containing information on events and actions related to IT system used for the provision of services by Oknoplast). Information collected in logs is processed for technical and administrative purposes in order to ensure the security of website and IT systems processing your personal data and for analytical and statistical purposes to ensure efficient operation of the website. The legal ground for processing of personal data is our legitimate interest which is assurance of a secure and efficient website (Article 6(1)(f) of GDPR)..
Processing of personal data in social media
Maintenance of social media. We also process personal data of users who visit our profiles in social media (e.g. Facebook, YouTube, Instagram, Twitter). Your personal data (e.g. name and surname or nick in social media) is collected and used in connection with maintenance of Oknoplast website or its profile and in order to inform users of our activity and promote various types of events, services or products. The legal ground for processing of your personal data is our legitimate interest which is promotion of our brand and communication in social media (Article 6(1)(f) of GDPR).
Processing of data in connection with a distribution chain
a. Performance of a contract with a trade partner. If you entered into a contract related to our products with Oknoplast trade partner, we receive your personal data to ensure our partner that it is efficiently performed. For example, we need your data to deliver ordered products to a trade partner and to ensure that your contract is completed on time. The legal ground for processing of your personal data is our legitimate interest which is assurance of proper performance of agreements concluded within our distribution chain (Article 6(1)(f) of GDPR).
b. Warranty. Your personal data is processed in connection with execution of your rights under the warranty we grant for our products. In such a case the legal ground for processing of your personal data is the fact that it is necessary for the performance of a contract (Article 6(1)(b) of GDPR).
c. Service quality analysis. We use your personal data related to conclusion and performance of a contract with our trade partners to conduct our Customer service quality analysis within the distribution chain. For this purpose we process data such as information on contract performance details and information you decided to provide in satisfaction surveys you received from us. The legal ground for processing of your personal data is our legitimate interest which is monitoring of Customer service quality within our distribution chain (Article 6(1)(f) of GDPR).
d. Analytical and statistical purposes. Your personal data related to contracts regarding Oknoplast products is processed for analytical and statistical purposes. Processing of data for this purpose helps us to develop our distribution chain and improve our products. The legal ground for processing of personal data for the above purpose is our legitimate interest related to our internal business analyses (Article 6(1)(f) of GDPR).
e. Marketing activity. Your personal data is used by Oknoplast for marketing purposes. If you give a separate consent to receive marketing communications, we will use your data to send you relevant commercial communications and newsletters. The legal ground for processing of personal data is our legitimate interest which is marketing and promotion of our brand (Article 6(1)(f) of GDPR).
f. Determination, brining of and defence against claims. If justified, your personal data is processed by us to determine, bring or defend against claims (e.g. claims. resulting from failure to perform or improper performance of a contract for Oknoplast products). The legal ground for processing of personal data for the above purposes is our legitimate interest (Article 6(1)(f) of GDPR).
Processing of data for business cooperation
a. Conclusion or performance of a contract. We process your personal data to enter into or to properly perform a cooperation contract with Oknoplast. If your are self-employed, your data is processed based on the fact that is is necessary for conclusion or performance of a contract (Article 6(1)(b) of GDPR). If you are representatives, proxies or employees of an entity being a party to a contract, the legal ground for processing of your personal data is our legitimate interest being the possibility to enter into or properly perform a contract (Article 6(1)(f) of GDPR).
b. Analytical and statistical purposes. Your personal data related to business cooperation being established or pending is used for analytical and statistical purposes regarding profitability and extendibility of cooperation, optimisation of business processes. The legal ground for processing of personal data for the above purpose is our legitimate interest related to conducting business analyses (Article 6(1)(f) of GDPR).
c. Building of a contact database. We process your personal data to build a contact database. In this regard we process data collected during industry events or by exchanging business cards. The legal ground for processing of personal data for the above purpose is our legitimate interest related to building a network of business contacts (Article 6(1)(f) of GDPR).
d. Loyalty and incentive programmes. If you are employees or co-workers of our business partners we use your data to offer various loyalty and incentive programmes. In order to do this we process your contact data and other information necessary to properly provide services for loyalty or incentive programmes (for more details always refer to the content of relevant programme regulations). The legal ground for processing of your personal data is our legitimate interest which is a possibility to present to you with an option to participate in a loyalty or incentive programme (Article 6(1)(f) of GDPR). As soon as you accept the regulations of a relevant loyalty or incentive programme, your personal data is processed based on the fact that it is necessary for the performance of a contract as required by the regulations (Article 6(1)(b) of GDPR).
e. Marketing activity. We use your personal data to conduct various marketing activities. Example: We collect and use contact data of persons responsible for sale processes and establishing of business cooperation in order to reach potential business partners, contact our business partners to present new options for extension of our cooperation or send relevant commercial materials. The legal ground for processing of personal data for the above purpose is our legitimate interest related to marketing (Article 6(1)(f) of GDPR).
f. Organization of trainings or events. As part of cooperation with Oknoplast you or your employees may register to participate in trainings or other types of events organized by us. In this case the legal ground for processing of personal data of our partners is the fact that it is necessary for the performance of a contract, in compliance with general terms and conditions of cooperation with Oknoplast or a cooperation agreement with Oknoplast (Article 6(1)(f) of GDPR). If you are employees or co-workers of our business partners who registered you for participation in a training, we process your personal data based on our legitimate interest which is the fact that it is necessary for the performance of a contract binding us with your employer or it is necessary to ensure employer’s access to services offered by Oknoplast as part of business cooperation (Article 6(1)(f) of GDPR). If you are to register individually for trainings or events (i.e. you register directly on our websites or via email), we process your personal data based on your consent (Article 6(1)(a) of GDPR). You have the right to revoke your consent at any time under the applicable laws.
g. Execution of statutory obligations. We process your data in connection with the performance of our obligations under applicable law, in particular tax law and accounting law obligations. The ground for processing of data is the fact that it is necessary for compliance with a legal obligation to which the Controller is subject (Article 6(1)(c) of GDPR).
h. Determination, brining of and defence against claims. If justified, your personal data is processed by us to determine, bring or defend against claims (e.g. claims. resulting from failure to perform or improper performance of a cooperation agreement with Oknoplast). The legal ground for processing of personal data for the above purposes is our legitimate interest (Article 6(1)(f) of GDPR).
Processing of data in connection with maintained correspondence and phone communication
Correspondence and phone conversations. Your personal data contained in a contact form available on our website, sent in connection with traditional or email correspondence, and provided during phone conversations, is processed in order to communicate, file orders, respond or send information you inquired for (e.g. information indicated in the contact form). The legal ground for processing of personal data is our legitimate interest which is the need to ensure you the possibility to communicate efficiently with Oknoplast in all matters that concern you (Article 6(1)(f) of GDPR). or the need to process personal data in order to enter into or perform a contract with Oknoplast (Article 6(1)(b) of GDPR).
The need to provide data
You are not required to provide your personal data in any contact forms on our website, however such data is necessary to handle your inquiry.
We make every effort to indicate which personal data is obligatory, and which is optional. We indicate such information as appropriate on our website (e.g. using an asterisk beside specific boxes of a contact form).
Information provided in correspondence required to be signed or to perform a contract, related to participation in a training/event
In the event of correspondence, signing of contracts or participation in trainings/events you provide your personal data on a voluntary basis, however such data is required to maintain correspondence, enter into a relevant contract or participate in a training/event.
What if you do not provide your personal data
If personal data is required to provide services, enter into or perform a contract, and to maintain relevant correspondence or participate in a training/event, and you refuse to provide such required data we may not be able to provide such a service, enter into or perform a contract, maintain correspondence or you may not be able to participate in a training/event.
Data storage periods
The period for which we store your personal data may vary depending on the type of provided service and processing purpose.
As a rule we process your personal data for the time of provision of services, contract duration or order completion, until you withdraw your consent or effectively object to processing of personal data, if we process data in connection with our legitimate interests.
In Oknoplast we prepared and implemented relevant personal data processing policies which include the need to store your personal data for certain time. Our data storage policy considers data processing time-limits under the applicable tax and accounting laws and regulations, dates of prescription of claims or our legitimate interests resulting from the need to archive any correspondence.
For detailed information on time-limits for processing certain categories of personal data, please contact us as described in Contact section.
Recipients of data
Your personal data can be disclosed and transferred to external entities, in particular to suppliers responsible for technical operation of IT systems, marketing agencies supporting us in our brand promotional actions and entities providing legal, accounting, training, maintenance, mail or analytical and advisory services.
We may also transfer your personal data to entities related to the Controller, including in particular other companies belonging to Oknoplast capital group or our trade partners.
If you use a contact form your personal data such as name, phone number, email address, city/town or request content are transferred to our trade partner from Oknoplast distribution chain. As a rule we transfer your personal data to a trade partner selected in a contact form or relevant for a place indicated in the contact form. In some cases such as changes in distribution chain, the need to provide the best quality services and handling your inquiries in a timely manner, we will transfer your personal data to other trade partners conducting economic activity in an area as indicated in the form
For information on trade partners belonging to Oknoplast distribution chain, please contact us at the address you will find in Contact tab.
Since we process your personal data you have the right of access, to rectification, to erasure, to restriction of processing, and to portability of data.
If we process your personal data in connection with our legitimate interests and for marketing purposes, you also have the right to object to such processing.
If you give a separate consent to processing of personal data for a specific purpose, you may withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
If you suspect any irregularities in processing of personal data you have the right to lodge a complaint with a supervisory authority dealing with the protection of personal data.
Transfer of data outside EEA
The level of personal data protection outside the European Economic Area (EEA) differs from what is provided in the law of the European Union. Therefore, Oknoplast transfer personal data outside EEA only if it is necessary and providing adequate level of protection by:
– cooperating with entities processing personal data in states with respect to which a relevant decision of the European Commission was issued;
– use of standard contractual clauses issued by the European Commission;
– use of binding corporate rules approved by a competent supervisory authority;
– if data is transferred to USA – cooperation with members of Privacy Shield approved by the decision of the European Commission.
You may access information and copies of relevant protection measures used in connection with transfer of personal data outside EEA. For this purpose, please contact us as indicated in contact section.
Security of personal data
Security of your personal data is of utmost importance to Oknoplast. For this purpose we analyse risk on an ongoing basis to ensure that personal data is processed in a way that only authorised persons have access to data in a scope necessary to perform their tasks. Furthermore, we make sure that all personal data operations are registered and made only by authorised employees and co-workers of Oknoplast, and that IT systems used for processing of data guaranteed data accessibility, integrity and confidentiality.
We also make every effort to ensure that all our subcontractors and partners guarantee the use of relevant security measures every time they process personal data for Oknoplast.