The privacy policy describes the rules for our processing of information about you, including personal data and cookies.

1. General information

  1. This policy applies to the website operating at the URL: metalowedekoracje.pl
  2. The operator of the website and the Data Controller is: DKS PRO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, Klonowa 36, 42-233 Antoniów, Poland, KRS 0001132111, NIP 5732957036, REGON 529892730
  3. Contact email address of the operator: biuro@metalowedekoracje.pl
  4. The operator is the Data Controller of your personal data provided voluntarily on the Website.
  5. The Website uses personal data for the following purposes:
    • Running a newsletter
    • Running SMS campaigns
    • Operating a comments system
    • Operating online chat conversations
    • Handling inquiries via form
    • Preparing, packing, shipping goods
    • Fulfillment of ordered services
    • Presentation of offers or information
  6. The Website collects information about users and their behavior in the following ways:
    1. Through data voluntarily entered in forms, which are then entered into the Operator’s systems.
    2. By saving cookies on end devices.
    3. Through edrone tracking codes.

2. Selected data protection methods used by the Operator

  1. Login areas and places for entering personal data are protected at the transmission layer (SSL certificate). This ensures personal and login data entered on the site are encrypted on the user’s computer and can only be read on the destination server.
  2. User passwords are stored in hashed form. The hashing function is one-way – it cannot be reversed, which is the current standard for storing user passwords.
  3. The Operator periodically changes its administrative passwords.
  4. For data protection, the Operator regularly performs backups.
  5. An important element of data protection is regular updating of all software used by the Operator to process personal data, which in particular means regular updates of software components.

3. Hosting

  1. The Website is hosted (technically maintained) on the operator’s servers: hekko.pl
  2. Registration details of the hosting company: cyber_Folks S.A. based in Poznań, Franklina Roosevelta 22, 60-829 Poznań, entered into the National Court Register by the District Court Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS 0000612359, REGON 364261632, NIP 7822622168, share capital 225,541 PLN fully paid.
  3. At https://cyberfolks.pl/ you can learn more about hosting and check the hosting company’s privacy policy.
  4. The hosting company:
    • applies measures to protect against data loss (e.g. disk arrays, regular backups),
    • applies adequate protection measures for processing locations in case of fire (e.g. special fire suppression systems),
    • applies adequate protection measures for processing systems in case of sudden power failure (e.g. redundant power feeds, generators, UPS systems),
    • applies physical access protection measures to processing locations (e.g. access control, monitoring),
    • applies measures to ensure appropriate environmental conditions for servers as elements of the data processing system (e.g. environmental condition control, specialized air conditioning systems),
    • applies organizational solutions to ensure the highest possible level of protection and confidentiality (training, internal regulations, password policies, etc.),
    • has appointed a Data Protection Officer.
  5. The hosting company, to ensure technical reliability, maintains logs at the server level. The following may be logged:
    • resources identified by URL (addresses of requested resources – pages, files),
    • time of request arrival,
    • time of sending the response,
    • client station name – identification done via HTTP protocol,
    • information about errors that occurred while processing the HTTP transaction,
    • URL of the page previously visited by the user (referrer link) – if the transition to the Website occurred via a link,
    • information about the user’s browser,
    • information about the IP address,
    • diagnostic information related to the process of self-ordering services via registrars on the site,
    • information related to handling email directed to the Operator and sent by the Operator.

4. Your rights and additional information on how data is used

  1. To fulfill obligations arising from data protection laws and to ensure real data protection, the Operator has appointed a Data Protection Officer.
  2. The Data Protection Officer is: Agnieszka Szematowicz address: Klonowa 36, Antoniów 42-233 Mykanów electronic contact: biuro@metalowedekoracje.pl
  3. In some situations the Controller has the right to transfer your personal data to other recipients if necessary to perform a contract with you or to fulfill obligations incumbent on the Controller. This concerns the following groups of recipients:
    • hosting company on the basis of entrustment
    • couriers
    • postal operators
    • payment operators
    • operators of the comments system
    • operators of online chat solutions
    • authorized employees and collaborators who use the data to achieve the website’s purpose
    • companies providing marketing services on behalf of the Controller
  4. The Controller informs Users that it entrusts the processing of personal data to the following entities:
    • Edrone Sp. z o.o., ul. Lekarska 1, 31-203 Kraków, NIP: 676-248-20-64, KRS: 0000537197 – for using the edrone.me mailing system for sending the newsletter,
    • Edrone Sp. z o.o., ul. Lekarska 1, 31-203 Kraków, NIP: 676-248-20-64, KRS: 0000537197 – for marketing purposes solely for email, SMS, social media campaigns launched or indicated by the Controller via the edrone system,
    • Ceneo.pl sp. z o.o., ul. Legnicka 48a, 54-202 Wrocław, NIP: 5252674781, KRS: 0000634928 – for marketing purposes – email address – solely to survey satisfaction regarding a purchase made in our store.
  5. Your personal data processed by the Controller will not be kept longer than necessary to perform duties associated with them defined by separate regulations (e.g., accounting). With respect to marketing data, they will not be processed for longer than 3 years.
  6. You have the right to request from the Controller:
    • access to your personal data,
    • their rectification,
    • deletion,
    • restriction of processing,
    • and data portability.
  7. You have the right to object to processing indicated in item 3.3 c) regarding processing of personal data for the purposes of the Controller’s legitimate interests, including profiling, however the right to object cannot be exercised if there are legally valid grounds for processing that override your interests, rights and freedoms, in particular for establishment, pursuit or defense of claims.
  8. You may file a complaint regarding the Controller’s actions to the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
  9. Providing personal data is voluntary but necessary to operate the Website.
  10. Automated decision-making, including profiling, may be performed regarding you for the purpose of providing services under a concluded contract and for the Controller’s direct marketing.
  11. Personal data are transferred from third countries within the meaning of data protection regulations. This means we transfer them outside the European Union.

5. Information in forms

  1. The Website collects information provided voluntarily by the user, including personal data if provided. In registration, contact forms and when placing an order (online store based on WooCommerce) the following data may be processed:
    • First and last name
    • Email address
    • Phone number
    • Home address
    • Billing data (e.g., invoice address)
    • Delivery address
  2. The Website may store information about connection parameters (timestamp, IP address).
  3. The Website, in some cases, may store information that facilitates linking form data with the email address of the user filling out the form. In such a case, the user’s email address appears inside the URL of the page containing the form.
  4. Data provided in a form are processed for the purpose resulting from the function of that specific form, e.g., to handle a service request or commercial contact, register services, etc. Each time the context and description of the form clearly explain its purpose.

6. Administrator logs

  1. Information about user behavior on the site may be logged. These data are used for site administration.

7. Significant marketing techniques

  1. The Operator uses statistical analysis of site traffic via Google Analytics (Google Inc. based in the USA). The Operator does not provide personal data to the provider of this service, only anonymized information. The service relies on the use of cookies on the user’s end device. Regarding information about user preferences collected by Google’s advertising network, the user can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/
  2. The Operator uses remarketing techniques to tailor advertising messages to user behavior on the site, which may create the impression that the user’s personal data are used to track them; however, in practice no personal data are transferred from the Operator to advertising operators. A technological condition for such actions is enabled cookie support.
  3. The Operator uses the Facebook pixel. This technology causes Facebook (Facebook Inc. based in the USA) to know that a person registered there uses the Website. It is based on data for which Facebook itself is the controller; the Operator does not provide any additional personal data to Facebook. The service relies on the use of cookies on the user’s end device.
  4. The Operator uses a solution that studies user behavior by creating heatmaps and recording behavior on the site. This information is anonymized before being sent to the service provider so that it cannot be linked to a natural person. In particular, entered passwords and other personal data are not recorded.
  5. The Operator uses a solution automating Website actions toward users, e.g., it may send an email to a user after visiting a specific subpage, provided they have consented to receive commercial correspondence from the Operator.
  6. The Operator uses edrone tracking codes – for analyzing the online store’s website statistics and for marketing purposes solely for email, SMS, social media campaigns launched or indicated by the Controller via the edrone system.

8. Information about cookies

  1. The Website uses cookies.
  2. Cookies are IT data, in particular text files, which are stored on the end device of the Website User and intended for using the Website. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.
  3. The entity placing cookies on the User’s end device and accessing them is the Website operator.
  4. Cookies are used for the following purposes:
    1. maintaining the user’s session on the Website (after logging in), so the user does not have to re-enter login and password on each subpage;
    2. implementing the objectives specified above in the “Significant marketing techniques” section;
  5. The Website uses two main types of cookies: “session” cookies and “persistent” cookies. Session cookies are temporary files stored on the User’s end device until logout, leaving the website or closing the browser. Persistent cookies are stored on the User’s device for the period specified in the cookie parameters or until deleted by the User.
  6. Web browsing software (browser) usually allows cookies to be stored by default. Users can change settings in this regard. The browser allows removal of cookies. It is also possible to automatically block cookies. Detailed information is available in the browser’s help or documentation.
  7. Restrictions on the use of cookies may affect some functionalities available on the Website’s pages.
  8. Cookies placed on the User’s end device may also be used by entities cooperating with the Website operator, in particular companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).

9. Managing cookies – how to give and withdraw consent in practice?

  1. If the user does not want to receive cookies, they can change browser settings. We note that disabling cookies required for authentication, security, and maintaining user preferences may hinder, and in extreme cases prevent, use of the website.
  2. To manage cookie settings, choose the browser you use from the list below and follow the instructions:

    Mobile devices: