Home / Privacy policy

Privacy policy

DANXILS PRIVACY POLICY

  1. DEFINITIONS

1.1. Controller – DANXILS sp. z o.o. with its registered office in Swobodnia (address: Swobodnia 35, 05-180 Zakroczym), registered in the Business Register of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XIV Division of the National Court Register, under number KRS: 0001036806, REGON: 525136256, NIP: 5311719061, share capital: PLN 3,525,500.00.
1.2. Personal Data – information relating to an identified or identifiable natural person who can be identified by reference to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity, including the device’s IP address, location data, internet identifier and information gathered through cookies and any other similar technology.
1.3. Policy – this Privacy Policy.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.5. Website – website operated by the Controller under the following address: www.danxils.com
1.6. User – each natural person visiting the Website, using services or functionalities described in this Policy.

  1. DATA PROCESSING IN CONNECTION WITH THE USE OF SERVICES

2.1. In connection with the use of the Controller’s services by User, including in particular the Website, services consisting of the management of an account in the Website and other services provided electronically, the Controller gathers data within the scope necessary to provide particular services being offered, as well as information on User’s activity on the Website. The rules and purposes of processing of Personal Data gathered during the use of services by User are described below.

  1. PURPOSES AND LEGAL GROUNDS FOR PROCESSING OF DATA

USE OF THE WEBSITE AND ITS FUNCTIONALITIES

3.1. Personal Data of Website Users (including IP address or other identifiers and information gathered through cookies or other similar technologies) is processed by the Controller:
3.1.1. in order to provide services electronically with respect to making the Website functionalities available to User – in such case processing is necessary for the performance of a contract (Article 6 sec. 1 (b) of the GDPR);
3.1.2. for analytical and statistical purposes – in such case processing is necessary for the purposes of legitimate interests pursued by the Controller (Article 6 sec. 1 (f) of the GDPR), consisting of conducting analyses of Users’ activity and their preferences in order to improve the functionalities use and the services rendered.
3.2. User’s activity on the Website, including his Personal Data, is recorded in the system logs (special computer program used to store a chronological record containing information on events and activities related to the IT system used by the Controller to provide services). Information gathered in logs is processed mainly for the purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, in order to ensure the safety of the IT system and manage such system, as well as for analytical and statistical purposes – in such case processing is necessary for the purposes of legitimate interests pursued by the Controller (Article 6 sec. 1 (f) of the GDPR).
EXECUTION OF AN AGREEMENT FOR THE PROVISION OF ACCOUNT MANAGEMENT SERVICES AND THE USE OF THE ACCOUNT FUNCTIONALITIES

3.3. Any persons who expressed their willingness to execute an agreement for the provision of services consisting of the management of an account on the Website are asked to provide data necessary to create and manage the account. The provision of data marked as mandatory is required to open and manage the account, and the failure to provide it will result in the inability to open the account.
3.4. In connection with the use of the available account functionalities by User, the Controller shall process User’s Personal Data necessary to use a given functionality. The provision of such Personal Data is necessary in order for User to use a given functionality, and the failure to provide it will result in the lack of possibility to do so.
3.5. Personal Data is processed:
3.5.1. in order for the Controller to create an account and grant access to the account on the Website to User – processing is necessary in order to take steps, at the User’s request, prior to entering into a contract (legal ground: Article 6 sec. 1 (b) of the GDPR);
3.5.2. in order to provide services related to maintaining and managing an account on the Website – processing is necessary for the performance of a contract (legal ground: Article 6 sec. 1 (b) of the GDPR);
3.5.3. in order to grant access to all functionalities of the account to User, and in particular to enable the User to use such functionalities – processing is necessary for the performance of a contract (legal ground: Article 6 sec. 1 (b) of the GDPR);
3.5.4. for analytical and statistical purposes – processing is necessary for the purposes of legitimate interests pursued by the Controller (legal ground: Article 6 sec. 1 (f) of the GDPR), consisting of conducting analyses of Users’ activity on the Website and the manner of use of the account and its functionalities, as well as Users’ preferences in order to improve the functionalities.
CONTACT VIA THE CONTACT FORM

3.6. The Controller provides the possibility of contacting the Controller using an electronic contact form. In order to use the form Personal Data necessary to communicate with the User and reply to an inquiry is required to be provided. The provision of data marked as mandatory is required to make the required contact possible or to send an inquiry, and the failure to provide it will result in the inability to make the required contact possible or handle the inquiry sent. The provisions of other data is involuntary.
3.7. Personal Data obtained through the above-mentioned form shall be processed by the Controller:
3.7.1. in order to identify the sender and handle his inquiry sent through the provided form and in order to respond to the inquiry – processing is necessary for the purposes of legitimate interests pursued by the Controller (legal ground: Article 6 sec. 1 (f) of the GDPR), consisting of responding to inquiries addressed to it; to the extent of data provided optionally, processing is based on consent (Article 6 sec. 1 (a) of the GDPR);
3.7.2. in order to establish contact at User’s request – processing is necessary for the purposes of legitimate interests pursued by the Controller (legal ground: Article 6 sec. 1 (f) of the GDPR), consisting of establishing contact with User at his express request;
3.7.3. for analytical and statistical purposes – processing is necessary for the purposes of legitimate interests pursued by the Controller (Article 6 sec. 1 (f) of the GDPR), consisting of keeping statistics of inquiries submitted by Users through the contact form in order to improve its functionalities.
ELECTRONIC OR REGULAR CORRESPONDENCE

3.8. If any correspondence not related to the services provided to the sender or any other agreement concluded with him is sent to the Controller by electronic or regular mail, Personal Data included in such correspondence is processed exclusively for the purpose of communication and solving the case to which the correspondence pertains.
3.9. Processing is necessary for the purposes of legitimate interests pursued by the Controller (Article 6 sec. 1 (f) of the GDPR), consisting of conducting correspondence addressed to it in connection with its business activity.
3.10. The Controller shall only process Personal Data that is relevant for the case to which correspondence pertains. The whole correspondence shall be stored in a manner which ensures the safety of personal data (and other information) included therein and disclosed only to authorized persons.
TELEPHONE CONTACT

3.11. If the Controller is contacted by telephone regarding any matters not related to the agreement concluded or services rendered, the Controller may only request the provision of Personal Data when it is necessary to handle the matter to which the contact pertains. In such case processing is necessary for the purposes of legitimate interests pursued by the Controller (Article 6 sec. 1 (f) of the GDPR), consisting of the necessity to solve the reported case related to its business activity.
PROCESSING OF PERSONAL DATA OF THE MEMBERS OF PERSONNEL OF CONTRACT PARTNERS OR CUSTOMERS COOPERATING WITH THE CONTROLLER

3.12. In connection with the execution and performance of agreements as part of its business activity, the Controller obtains from its contract partners / customers the data of persons involved in execution and performance of such agreements (e.g. contact persons, persons executing or performing agreements on behalf of contract partners / customers, etc.). In each case the scope of data so provided is limited to the level necessary to execute and perform the agreement and usually does not include information other than the name and surname, position or function and business contact details.
3.13. Such personal data is processed for the purposes of legitimate interests of the Controller and its contract partner / customer (Article 6 sec. 1 lit. f of the GDPR), consisting of making it possible to execute and properly and effectively perform the agreement. Such data may be disclosed to third parties involved in the performance of the agreement.
3.14. Data shall be processed for a period necessary to pursue the above interests and fulfill obligations arising from the regulations.

  1. COOKIES AND SIMILAR TECHNOLOGY

4.1. The Controller uses cookies mainly to provide User with services provided electronically and improve the quality of such services. In connection with that, the Controller uses cookies, by storing information or obtaining access to information already stored in the User’s end device (computer, telephone, tablet, etc.). The use of cookies within the Website is not intended to identify Users. The Policy regulates the processing of data related to the use of own cookies.
4.2. Cookies are small text files installed in the device of the User browsing the Website. Cookies gather information making it easier to use an internet site, e.g., by remembering the User’s visits on the Website and activities performed by him.
NECESSARY COOKIES

4.3. Controller uses necessary cookies mainly to provide Users with services and functionalities of the Website which a particular User wants to use. Necessary cookies may only be installed by the Controller through the Website.
4.4. The legal ground for processing of data in connection with the use of necessary cookies is its necessity to perform a contract (Article 6 sec. 1 (b) of the GDPR).
FUNCTIONALITY COOKIES AND ANALYTICS COOKIES

4.5. Functionality cookies are used in order to remember and adjust the Website to User’s products, among others with respect to language preferences. Functionality cookies may be installed by the Controller and its partners via the Website.
4.6. Analytics cookies make it possible to obtain information such as the number of visits and source of traffic on the Website. They are used to find out what are more popular and less popular sites, and understand how Users navigate a site by keeping statistics of the traffic on the Website. The processing of data is carried out to improve the Website performance. Information gathered by such cookies is aggregated; therefore, it is not intended to establish your identity. Functionality cookies may be installed by the Controller and its partners via the Website.
4.7. The legal ground for processing of data in connection with the use of functionality and analytics cookies by the Controller for such purpose is the User’s consent (Article 6 sec. 1 (a) of the GDPR).
4.8. The processing of Personal Data in connection with the use of functionality and analytics cookies depends on the obtainment of the User’s consent for the use (separately) of functionality and analytical cookies through the consent management platform. Such consent may be withdrawn at any time through such platform.

  1. ANALYTICAL TOOLS USED BY THE CONTROLLER

5.1. Controller uses various solutions and tools used for analytical purposes. Below please basic information on such tools. Detailed information is this respect can be found in the privacy policy of the relevant partner.
GOOGLE ANALYTICS
5.2. Google Analytics cookies are files used by Google to analyze the manner of use of the Website by User, to create statistics and reports concerning the functioning of the Website. Google does not use the data gathered by it to identify the User, nor does it combine such information in order to enable identification. Detailed information on the scope and principles of collecting data in connection with such service may be found under the following link: https://www.google.com/intl/pl/policies/privacy/partners.

  1. MANAGEMENT OF COOKIE SETTINGS

6.1. The User’s consent is required to use cookies in order to collect data through such cookies, and in particular to obtain access to data saved on the User’s device. On the Website the Controller receives the User’s consent through the cookies management platform.
6.2. Consent is not required only for cookies which are necessary to provide telecommunication services (data transmission in order to view the content) – User cannot opt out of receiving such cookies if he wants to use the Website, including the User’s account.
6.3. User can withdraw his consent by changing the browser settings. Detailed information in this respect may be found under the following links:
6.3.1. Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
6.3.2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
6.3.3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
6.3.4. Opera: http://help.opera.com/Windows/12.10/pl/cookie.html/
6.3.5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB
6.3.6. Microsoft Edge: https://support.microsoft.com/pl-pl/microsoft-edge/usuwanie-plik%C3%B3w-cookie-w-przegl%C4%85darce-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09.
6.4. User may at any time verify the status of his current privacy settings for his browser using tools available under the following links:
6.4.1. http://www.youronlinechoices.com/pl/twojewybory
6.4.2. http://optout.aboutads.info/?c=2&lang=EN.
6.5. In order to exercise the right of access, rectification, erasure, restriction or data portability, or the right to object to processing of personal data, lodge a complaint or ask any other question related to cookies, an inquiry should be sent using the Controller’s contact details indicated in the Privacy Policy.

  1. PERIOD OF PROCESSING OF PERSONAL DATA

7.1. The period of processing of data by the Controller depends on the type of service provided and the purpose of processing. As a matter of principle, data is processed during the period of providing services, until consent is withdrawn or until effective objection to processing of data is raised in the case when processing is based on legitimate interests pursued by the Controller.
7.2. The period of processing of data may be extended if processing is necessary for the establishment, exercise or defense of any legal claims, and after such period only if and to the extent that it is required by the provisions of law. After the lapse of such processing period the data is irrevocably removed or anonymized.

  1. USER’S RIGHTS

8.1. User has the right of access to his data and the right to request of the Controller its rectification, erasure and restriction of processing, the right of data portability and the right to object to processing, as well as the right to lodge a complaint with a supervisory authority in charge of personal data protection.
8.2. To the extent that User’s data is processed on the basis of his consent, such consent may be withdrawn at any time by contacting the Controller by electronic mail to the following address: info@danxils.com or by regular mail to the following address: DANXILS Sp. z o.o. Swobodnia 35, 05-180 Zakroczym
8.3. User has the right to object to processing of data for marketing purposes if processing is carried out in connection with legitimate interests pursued by the Controller, as well as – on grounds relating to User’s particular situation – in other cases when processing of data is based on legitimate interests pursued by the Controller (e.g. in connection with the achievement of analytical and statistical purposes).

  1. RECIPIENTS OF DATA

9.1. In connection with the provision of services Personal Data will be disclosed to external entities, and in particular service providers responsible for maintenance of IT systems.
9.2. Controller reserves the right to disclose selected information concerning User to relevant authorities or third parties who will request such information on the basis of an appropriate legal ground and in accordance with the applicable laws.

  1. TRANSFER OF DATA OUTSIDE THE EEA

10.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from the one ensured by a European country. For this reason Controller shall only transfer Personal Data outside the EEA when it is necessary and having ensured an appropriate degree of protection, in particular through:
10.1.1. cooperation with entities processing Personal Data in countries with respect to which a relevant decision of the European Commission on the adequate level of protection of Personal Data has been issued; in some cases the European Commission further requires such processing entity to participate in programs approved by it and associating entities outside the EEA whose participants are obliged to ensure the same protection of Personal Data as is available to in the European Union (detailed information can be found here:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_pl
10.1.2. the use of standard contractual clauses issued by the European Commission; with the required additional safety measures, which ensure the same protection of Personal Data as is available to in the European Union; standard forms of agreements can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_pl
10.1.3. the use of binding corporate rules, approved by the relevant supervisory body.
10.2. Controller shall always provide information on the intention to transfer Personal Data outside the EEA at the stage of gathering such data.

  1. SAFETY OF PERSONAL DATA

11.1. Controller conducts, on an ongoing basis, risk analyses in order to ensure that Personal Data is processed by it in a safe manner, i.e., by ensuring above all that access to data is only granted to authorized persons and to the extent necessary considering the tasks carried out by them. Controller shall make sure that all operations related to Personal Data will be recorded and performed only by authorized employees and collaborators.
11.2. Controller shall take all necessary steps to ensure that its subcontractors and other entities cooperating with it will also provide sufficient guarantees to implement appropriate safety measures every time they process Personal Data at the Controller’s request.

  1. CONTACT DETAILS

12.1. You may contact the Controller at the following e-mail address: info@danxils.com or the following mailing address: DANXILS Sp. z o.o., Swobodnia 35, 05-180 Zakroczym
12.2. The Controller appointed the Data Protection Officer who may be contacted by e-mail at: iod@danxils.com regarding any matter related to processing of Personal Data.

  1. AMENDMENTS TO THE PRIVACY POLICY

13.1. The Policy shall be verified on an ongoing basis and updated if necessary.
13.2. The present version of the Policy was adopted and is in force from 27.11.2023