Below we present our privacy policy, which contains information regarding the processing of personal data after May 25, 2018.

Our website uses cookies and other similar files that are intended to collect and process data. The use of such technologies is aimed at adapting marketing content to your needs, including analyzing traffic on our website, which contributes to providing offers better tailored to your needs.

Before accessing the site, please familiarize yourself with the privacy policy, which also includes information on how to disable the acceptance of cookies.

Clicking „I agree” means that you consent to the provisions contained in the privacy policy.

Based on Article 13 paragraphs 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1) (hereinafter referred to as „GDPR” or „Regulation”) we inform that:

1. Identity and contact details of the personal data controller
   1. JACEK KOŹLAK PRODUCTION-TRADE-SERVICE PLANT FURNITURE MANUFACTURING AND SALES NIP: 6811181582 (hereinafter referred to as „Controller” or „Personal Data Controller”).
      Contact details:
      e-mail: biuro@kozlakmeble.pl
      correspondence address: Jawornik 594, 32-400 Jawornik.
   2. Representative of the Controller:
      Based on Article 27 GDPR, the Personal Data Controller has appointed its representative in the European Union.
      Data of the Personal Data Controller Representative:
      Jacek Koźlak,
      JACEK KOŹLAK PRODUCTION-TRADE-SERVICE PLANT FURNITURE MANUFACTURING AND SALES
      Jawornik 594, 32-400 Jawornik
      biuro@kozlakmeble.pl
2. Purposes and legal bases for processing personal data
   Your personal data, as well as personal data of entities authorized to act on your behalf (employees, associates, attorneys, etc.) will be processed for the purpose and on the following bases:
   1. performance of the contract concluded between you and the Controller based on Article 6 paragraph 1 letter b) GDPR, i.e., for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
   2. fulfillment by the Controller of legal obligations imposed by tax/accounting regulations in connection with business activities – based on Article 6 paragraph 1 letter c GDPR – i.e., processing is necessary for compliance with a legal obligation to which the controller is subject;
   3. establishment, pursuit and enforcement of claims and defense against claims in court proceedings and other enforcement bodies, we may process your personal data necessary to prove the existence of a claim or which result from a legal requirement, court order or other legal procedure – based on Article 6 paragraph 1 letter f GDPR – i.e., processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
3. Voluntary provision of personal data
   Providing your personal data is voluntary and constitutes a condition for concluding the contract.
4. Data processing period
   Your personal data will be stored for the period of:
   1. contract performance – data necessary for contract performance;
   2. data necessary for pursuing potential claims and defense against claims – until the expiry of the limitation period specified by generally applicable law;
   3. data processed for accounting and tax settlement purposes, as well as other data whose processing results from an obligation imposed by generally applicable law – processed for the period of their storage resulting from legal provisions;
5. Recipients of personal data
   Recipients of your personal data are in particular the following categories of entities:
   1. accounting offices, partners to whom we entrust your personal data for the purpose of providing Controller’s enterprise services;
   2. state authorities such as Tax Offices, prosecutor’s office, Police, President of UODO – if they contact us for this purpose;
   3. Third parties
      The Controller carefully selects entities with which it cooperates, including verifying links to other websites posted on the website. However, the Controller is not responsible for the standards and data protection policy that is applied by these entities. We recommend that you verify each of our partners on your own, and consequently make an independent decision whether you want to entrust them with your personal data.
      The detailed list of suppliers is continuously updated by the Controller, and you can obtain access to the specific entities to whom your data is entrusted for the purposes specified above by contacting the Controller.
      Our suppliers are mainly based in European Economic Area (EEA) countries. The Personal Data Controller may commission certain activities to recognized subcontractors operating outside the EEA territory. Your personal data transferred outside the EEA territory will be secured with appropriate legal safeguards so that our suppliers provide guarantees of a high degree of personal data protection. These guarantees result in particular from the commitment to apply standard contractual clauses adopted by the Commission (EU) or binding corporate rules appropriately approved by a supervisory authority within the meaning of GDPR. A copy of standard contractual clauses can be obtained from the Controller by contacting using the contact details indicated in this Policy. The method of data security is in accordance with the principles set out in Chapter V GDPR. The person whose personal data is processed may contact the Controller for additional information about the safeguards applied in this regard, obtain a copy of these safeguards and information about the place of their disclosure.
6. The Controller informs that personal data may be transferred to third countries, in particular:
   1. To the United Kingdom – based on Commission Implementing Decision (EU) 2021/1772 of June 28, 2021, extended until December 27, 2025, finding an adequate level of protection of personal data by the United Kingdom. The European Commission has issued a draft new adequacy decision for a period of 6 years, indicating that the UK continues to provide standards „essentially equivalent” to the EU.
   2. Google Analytics 4 – data from the EU is processed exclusively on servers located in the EU, IP addresses are not logged or stored, and geolocation takes place on EU servers before being transferred for further processing.
   3. Other tools – when using tools that transfer data outside the EU/EEA, the Controller applies appropriate legal safeguards, including Standard Contractual Clauses adopted by the European Commission or other mechanisms ensuring a high degree of personal data protection.

   The Controller will provide information about the applied safeguards and their copies upon request.

7. Rights of the data subject
   Based on GDPR you have the right to:
   1. request access to your personal data,
   2. request rectification of your personal data,
   3. request erasure of your personal data,
   4. request restriction of processing of personal data,
   5. object to the processing of personal data,
   6. request portability of personal data,
   7. withdraw consent at any time, in case when personal data processing is based on Article 6 paragraph 1 letter a) GDPR.
8. Information about automated decision-making, including profiling
   The Controller does not intend to process personal data based on automated decision-making in individual cases, including profiling within the meaning of Article 22 GDPR.
9. Complaint to supervisory authority
   You have the right to lodge a complaint with a supervisory authority, i.e., the President of the Personal Data Protection Office.
10. Cookies
    1. Controller’s cookies
       1. The Controller informs that when using the Controller’s websites, short computer data (so-called „cookies”) are installed on your device.
       2. Cookies should be understood as computer data, in particular text files, stored in Users’ end devices intended for using websites. These files allow recognizing Users’ devices and appropriately displaying the website adapted to their individual preferences. Cookies usually contain the name of the website from which they originate, the time of their storage on the end device and a unique number.
       3. Cookies are used to adapt the content of websites to the preferences of the Service Recipient and User and optimize the use of websites. They are also used to create anonymous, aggregated statistics that help understand how Users use websites, which enables improving their structure and content, excluding personal identification of the User.
       4. The Controller informs that cookies are used to:
          1. optimize displays;
          2. confirm statistics regarding the Service;
          3. enable User login to the Service and maintain the so-called session, so that it is not necessary to log in again on each subpage of the Service;
          4. confirm that the Service User has been shown a message about cookies
          5. recognize the User’s end device to display the Service in mobile version, in case the User uses a portable device (e.g., Smartphone);
          6. research the preferences of Service Users to adapt our products and services and their presentation on the website in a way that corresponds to these preferences.
       5. Within the Controller’s website, the following are used:
          1. two types of cookies distinguished by their lifetime:
             1. „Session” files, i.e., temporary ones, which are stored on the User’s end device until logging out, leaving the Website or turning off the web browser. Temporary files are necessary for the proper functioning of the Website. They enable secure login to the site, placing orders. Without these files, secure transactions would be impossible
             2. „Persistent” files stored on the User’s end device for a specified time in the cookies parameters or until they are deleted by the User.
          2. four types of cookies distinguished by the purpose they serve:
             1. functional ones that serve to store information such as: login or password, which speeds up and facilitates the use of the Website,
             2. statistical ones thanks to which the Website can optimize according to User preferences,
             3. advertising ones enabling Users to receive advertisements adapted to their individual preferences and interests,
             4. social ones that enable integration of social services used by the User with the Website.
       6. By using the Controller’s website, Users consent to the installation of cookies, their storage on their end device and access to them. They can at any time specify the conditions for storing or accessing cookies, including disabling the option of accepting cookies by changing the settings of software used to browse websites, in such a way as to block automatic handling of cookies in web browser settings or inform about their each transmission to the end device. Detailed information about the possibilities and methods of handling cookies is available in the software settings (web browser).
       7. Limiting the use of cookies may affect some functionalities available on websites.
       8. The User can at any time, after finishing website visits, delete cookies placed on their device without risk, and detailed information about the possibilities and methods of handling cookies is available in the software settings (web browser).
       9. Information on changing cookie settings in individual browsers is available on the following pages:
          1. Chrome: link;
          2. Firefox: link;
          3. Internet Explorer: link;
          4. Opera: link;
          5. Safari: link
    2. Google Analytics (cookies)
       1. The Controller informs that when using the Controller’s website, Google Analytics text files are installed on your device, aimed at analyzing traffic sources and the way Users use the service. Data obtained as a result of placing cookies files on devices are collected on Google servers, which uses this information to create reports and provide other services related to traffic and Internet use. Google may also transfer this information to third parties if it is obliged to do so under legal provisions or in case these parties process such information on behalf of Google. This data is never combined with data provided by Users referred to in point 2 of this privacy policy and constitutes only material for statistical analysis and mechanisms for correcting system errors.
       2. By using the Controller’s website, Users consent to the installation of Google cookies, their storage on their end device and access to them. They can at any time specify the conditions for storing or accessing cookies, including disabling the option of accepting Google cookies by changing the settings of software used to browse websites, in such a way as to block automatic handling of Google cookies in web browser settings or inform about their each transmission to the end device. Detailed information about the possibilities and methods of handling cookies is available in the software settings (web browser).
       3. Limiting the use of cookies may affect some functionalities available on websites.
       4. The User can at any time, after finishing website visits, delete cookies placed on their device without risk, and detailed information about the possibilities and methods of handling cookies is available in the software settings (web browser).
       5. Information on changing cookie settings in individual browsers is available on the following pages:
          1. Chrome: link;
          2. Firefox: link;
          3. Internet Explorer: link;
          4. Opera: link;
          5. Safari: link
    3. WP Full Picture tool cookie files:
       1. fp_cookie – necessary cookie file. Stores information about user’s tracking consents, list of tracking tools the user has consented to, and the date of the last update of the privacy policy page. Does not expire.
       2. fp_current_session – optional cookie file. Requires consent for statistics tracking. In the free version, it stores no values and serves only to check if a new session has started. In the Pro version, it stores the number and type of pages visited by the user during the session, traffic source domain, URL parameters of the first landing page in the session, and the user’s lead score result. Expires after 30 minutes of user inactivity.
       3. cdb_id – necessary cookie file. It is saved after accepting or rejecting tracking by the user in the consent banner. Stores a random device identifier that serves to match saved consents in the remote database to a given device. Does not expire.
       4. fp_country – necessary cookie file used when the geolocation module is enabled. The plugin uses it to apply the appropriate tracking mechanism and consent banner display mode (opt-in, opt-out, information only). Expires after the time specified by the site administrator (default 30 days).
       5. fp_recent_sessions – optional cookie file used to track user behavior across different sessions. Requires consent for statistics tracking. Stores the number and type of pages visited by the user in recent sessions. Expires 30 days after the last visit.
    4. Other tools that may also use the mentioned cookie files on this site are listed here:
       1. Google Analytics
       2. Forms App
11. Privacy policy changes
    The Controller may change this privacy policy if required by applicable law, if the Controller’s data changes, the type of services provided changes, or if the technological conditions of the site change. The Controller will inform about such a change on the website during the first entry to the website after the privacy policy change.