PRIVACY POLICY
This Privacy Policy (hereinafter: “Policy“) contains information on the processing of your personal data in connection with the use of the “DDBIM” website, operating at the internet address www.ddbim.com (hereinafter: “Website“).
All capitalized terms that are not otherwise defined in the Policy shall have the meaning given to them in the Terms and Conditions, available at: https://ddbim.com/terms-of-sale/
Personal data Controller
The Controller of your personal data is Dawid Dyrcz, conducting business activity under the name “DDBIM Dawid Dyrcz” (address of the permanent place of business: Aleja Armii Krajowej 143, lok. 7b, 43-300 Bielsko Biała), entered the Central Registration and Information on Business kept by the minister in charge of economy, with NIP (Tax Identification Number): 5472135313, REGON number: 387820950 (hereinafter: “Controller“).
Contact with the Controller
In all matters related to the processing of personal data, you can contact the Controller using e-mail – at: dawid.dyrcz@ddbim.pl
Measures to protect personal data
The Controller uses modern organizational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR“), the Act of 10 May 2018 on the protection of personal data and other provisions on the protection of personal data.
Information about the processed personal data
Using the Website requires the processing of your personal data. Below you will find detailed information about the purposes and legal bases of processing, as well as the period of processing and the obligation or voluntariness to provide them.
Purpose of processing | Personal data processed | Legal basis | ||
Conclusion and performance of the Agreement | 1) e-mail address
2) name and surname 3) billing address 4) optionally – company and NIP (if the Buyer is an Entrepreneur or Entrepreneur with consumer rights) |
Article 6(1)(b) of the GDPR
(processing is necessary for the performance of the Agreement concluded with the data subject or to take steps to conclude it) |
||
Providing the above-mentioned personal data is a condition for the conclusion and performance of the Agreement (their provision is voluntary, but the consequence of not providing them will be the inability to conclude and perform the above-mentioned Agreement).
The Controller will process the above-mentioned personal data until the claims arising from the Agreement. |
||||
|
||||
Purpose of processing | Personal data processed | Legal basis | ||
Conclusion and performance of the Newsletter Agreement | 1) e-mail address
2) IP number of the device 3) approximate location |
Article 6(1)(b) of the GDPR
(processing is necessary for the performance of the Newsletter Subscription Agreement concluded with the data subject or to take action to conclude it)
and
Article 6(1)(f) of the GDPR
(processing is necessary to implement the legitimate interest of the Controller, in this case informing about new services and promotions available in the Website) |
||
Providing the above-mentioned personal data is voluntary, but necessary to receive the Newsletter (the consequence of not providing them will be the inability to receive the Newsletter).
The Controller will process the above-mentioned personal data, the time of effective objection or achievement of the purpose of processing or until the claims arising from the Newsletter Subscription Agreement are time-barred (whichever occurs first). |
||||
|
||||
Purpose of processing | Personal data processed | Legal basis | ||
Conducting a complaint procedure | 1) name and surname
2) e-mail address |
Article 6(1)(c) of the GDPR
(processing is necessary to fulfill a legal obligation incumbent on the Controller, in this case the obligations of: – responding to a complaint – Article 7a of the Act on consumer rights; – exercise the Service Recipient’s rights resulting from the provisions on the Controller’s liability in the event of Non-compliance of the Digital Service with the Agreement it) |
||
Providing the above-mentioned personal data is a condition for receiving a response to the complaint or exercising the Service Recipient’s rights under the provisions on the Controller’s liability in the event of Non-compliance of the Digital Services with the Agreement (their application is voluntary, but the consequence of not providing them will be the inability to receive a response to the complaint and the implementation of the above-mentioned rights).
The Controller will process the above-mentioned personal data for the duration of the complaint procedure, and in the case of the implementation of the above-mentioned rights of the Service Recipient – until they expire. |
||||
|
||||
Purpose of processing | Personal data processed | Legal basis | ||
Handling inquiries submitted by Service Recipients | 1) name
2) e-mail address 3) other data contained in the message to the Controller |
Article 6(1)(f) of the GDPR
(processing is necessary to implement the legitimate interest of the Controller, in this case to respond to the received inquiry) |
||
Providing the above-mentioned personal data is voluntary, but necessary to receive an answer to the inquiry (the consequence of not providing them will be the inability to receive an answer).
The Controller will process the above-mentioned personal data until the objection is effectively raised or the purpose of processing is achieved (whichever occurs first). |
||||
|
||||
Purpose of processing | Personal data processed | Legal basis | ||
Compliance with tax obligations (m.in issuing a VAT invoice, storing accounting documentation) | 1) Name and surname/company
2) address of residence/registered office 3) tac identification number |
Article 6(1)(c) of the GDPR
(processing is necessary to fulfill the legal obligation incumbent on the Controller, in this case obligations arising from tax law) |
||
Providing the above-mentioned personal data is voluntary, but necessary for the Controller to meet its tax obligations (the consequence of not providing them will be the Controller’s inability to meet the above-mentioned obligations).
The Controller will process the above-mentioned personal data for a period of 5 years from the end of the year in which the tax payment deadline for the previous year expired. |
||||
|
||||
Purpose of processing | Personal data processed | Legal basis | ||
Fulfillment of obligations related to the protection of personal data | 1) name and surname
2) contact details provided by you (e-mail address; correspondence address; telephone number) |
Article 6(1)(c) of the GDPR
(processing is necessary to fulfill the legal obligation incumbent on the Controller, in this case the obligations arising from the provisions on the protection of personal data) |
||
Providing the above-mentioned personal data is voluntary, but necessary for the Controller to properly perform the obligations arising from the provisions on the protection of personal data, m.in. exercise the rights granted to you by the GDPR (the consequence of not providing the above-mentioned data will be the inability to properly implement the above-mentioned rights).
The Controller will process the above-mentioned personal data until the expiry of the limitation periods for claims for violation of the provisions on the protection of personal data. |
||||
|
||||
Purpose of processing | Personal data processed | Legal basis | ||
Establishing, investigating, or defending against claims | 1) name and surname/company
2) e-mail address 3) address of residence/registered office 4) PESEL number 5) Tax identification number |
Article 6(1)(f) of the GDPR
(processing is necessary to implement the legitimate interest of the Controller, in this case to establish, investigate or defend against claims that may arise in connection with the performance of Agreemnets concluded with the Controller) |
||
Providing the above-mentioned personal data is voluntary, but necessary to establish, investigate or defend against claims that may arise in connection with the performance of the Agreements concluded with the Controller (the consequence of not providing the above-mentioned data will be the inability of the Controller to take the above-mentioned actions)
The Controller will process the above-mentioned personal data until the expiry of the limitation periods for claims that may arise in connection with the performance of the Agreements concluded with the Controller. |
||||
|
||||
Purpose of processing | Personal data processed | Legal basis | ||
Analysis of your activity on the Website | 1) Date and time of visit
2) IP number of the device 3) device operating system type 4) approximate location 5) type of web browser 6) time spent on the Website 7) visited subpages and other activities undertaken as part of the Website 8) e-mail address |
Article 6(1)(f) of the GDPR
(processing is necessary to implement the legitimate interest of the Controller, in this case obtaining information about your activity on the Website) |
||
Providing the above-mentioned personal data is voluntary, but necessary for the Controller to obtain information about your activity in the Website (the consequence of not providing them will be the Controller’s inability to obtain the above-mentioned information).
The Controller will process the above-mentioned personal data until the effective objection is raised or the purpose of processing is achieved. |
||||
|
||||
Purpose of proceeding | Personal data processed | Legal basis | ||
Website administration | 1) IP address
2) server date and time 3) web browser information 4) operating system information
The above data is saved automatically in the so-called server logs, each time you use the Website (administering it without using server logs and automatic saving would not be possible). |
Article 6(1)(f) of the GDPR
(processing is necessary to implement the legitimate interest of the Controller, in this case to ensure the proper operation of the Website) |
||
Providing the above-mentioned personal data is voluntary, but necessary to ensure the proper operation of the Website (the consequence of not providing them will be the inability to ensure the operation of the Website in a proper manner).
The Controller will process the above-mentioned personal data until the effective objection is raised or the purpose of processing is achieved. |
||||
Profiling
To create your profile for marketing purposes and direct marketing tailored to your preferences, the Controller will process your personal data in an automated manner, including profiling them – however, this will not cause any legal effects for you or similarly significantly affect your situation.
The scope of profiled personal data corresponds to the scope indicated above in relation to the analysis of your activity on the Website.
The legal basis for the processing of personal data for the above purpose is art. 6 par. 1 lit. f GDPR, according to which the Controller may process personal data to implement his legitimate interest, in this case to conduct marketing activities tailored to the preferences of recipients. Providing the above-mentioned personal data is voluntary, but necessary to achieve the above-mentioned purpose (the consequence of not providing them will be the inability of the Controller to conduct marketing activities tailored to the preferences of recipients).
The Controller will process personal data for the purpose of profiling until an objection is effectively raised or the purpose of processing is achieved.
Recipients of personal data
The recipients of personal data will be the following external entities cooperating with the Controller:
- hosting company;
- provider of a chat service (Livechat);
- provider of online payment system (Stripe);
- companies providing tools for analyzing activity in the Website (e.g. Google Analytics, Smartlook);
- companies providing tools for targeting advertisements to people using the Website (e.g. Google Ads, Meta Ads, LinkedIn Ads);
- a company providing accounting services.
In addition, personal data may also be transferred to public or private entities, if such an obligation results from generally applicable law, a final court judgment or a final administrative decision.
Transfer of personal data to a third country
In connection with the Controller’s use of tools such as Google Analytics, Smartlook, your personal data may be transferred to the following third countries: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the above-mentioned third countries are:
- in the case of the United Kingdom, Canada, Israel, Japan and South Korea – decisions of the European Commission stating an adequate level of protection of personal data in each of the above-mentioned third countries;
- in the case of the USA – Commission Implementing Decision EU 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework;
- in the case of the Chile, Brazil, Saudi Arabia, Qatar, India, China, Singapore, Taiwan (Republic of China), Indonesia and Australia – contractual clauses ensuring an adequate level of protection, in accordance with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to a Regulation of the European Parliament and of the Council (EU) 2016/679.
You can obtain from the Controller a copy of the data transferred to a third country.
Your rights
In connection with the processing of personal data, you have the following rights:
- the right to information about what personal data concerning you is processed by the Controller and to receive a copy of this data (the so-called right of access). Issuing the first copy of the data is free, for the next one the Controller may charge a fee;
- if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request its rectification;
- in certain situations, you can ask the Controller to delete your personal data, e.g. when:
- the data will no longer be needed by the Controller for the purposes of which he informed;
- you have effectively withdrawn your consent to the processing of data – unless the Controller has the right to process data on another legal basis;
- the processing is unlawful;
- the need to delete data results from the Controller’s legal obligation.
- if personal data are processed by the Controller on the basis of consent to processing or for the purpose of performing the Agreement concluded with him, you have the right to transfer your data to another Controller;
- if personal data is processed by the Controller on the basis of your consent to processing, you have the right to withdraw this consent at any time (withdrawal of consent does not affect the lawfulness of processing that was made on the basis of consent before its withdrawal);
- if you consider that the processed personal data is incorrect, their processing is unlawful, or the Controller no longer needs certain data, you can request that for a specific, necessary time (e.g. checking the correctness of data or pursuing claims) the Controller does not perform any operations on the data, but only Websites them;
- you have the right to object to the processing of personal data whose basis for processing is the legitimate interest of the Controller. In the event of an effective objection, the Controller will cease to process personal data for the above-mentioned purpose;
- you have the right to lodge a complaint with the President of the Office for Personal Data Protection if you believe that the processing of personal data violates the provisions of the GDPR.
Cookies
- The Controller informs that the Website uses “cookies” installed on your end device. These are small text files that can be read by the Controller’s system, as well as by systems belonging to other entities whose services are used by the Controller (e.g. Google, Smartlook).
- The Controller uses cookies for the following purposes:
- ensuring the proper operation of the Website – thanks to cookies, it is possible to operate efficiently the Website, use its functions and conveniently move between individual subpages;
- increasing the comfort of browsing the Website – thanks to cookies, it is possible to detect errors on some subpages and their constant improvement;
- creating statistics – cookies are used to analyze how users use the Website. Thanks to this, it is possible to constantly improve the Website and adapt its operation to the preferences of users;
- conducting marketing activities – thanks to cookies, the Controller may direct advertisements tailored to users’ preferences.
- Controller can place both permanent and temporary (session) files on your device. Session files are usually deleted when you close the browser, but closing the browser does not delete persistent files.
- Information about cookies used by the Controller is displayed in the panel located at the bottom of the Website’s website. Depending on your decision, you can enable or disable cookies of individual categories (except for necessary cookies) and change these settings at any time.
- Data collected using cookies do not allow the Controller to identify you.
- You can access detailed information about cookies and the cookie management panel at any time by clicking on the round button displayed on the Website.
- Through most used browsers, you can check whether cookies have been installed on your end device, as well as delete installed cookies and block them from being installed by the Website in the future. Disabling or limiting the use of cookies may, however, cause quite serious difficulties in using the Website, e.g. in the form of the need to log in to each subpage, a longer loading period of the Website’s restrictions on the use of certain functionalities.
Final provisions
To the extent not regulated by the Policy, generally applicable provisions on the protection of personal data shall apply.
This policy is effective from 29th October 2024.
.