This privacy policy of the Website has been drafted for information purposes, which means that it is not a source of any obligations for persons using the Website. The privacy policy primarily contains the terms pertaining to the processing of personal data collected by the Data Controller on the Website, including bases, purposes and periods of personal data processing and rights of data subjects, as well as information about the application of cookies, similar technologies and analytical tools on the Website.
The Data Controller of the personal data collected via the Website is BITTNER PACKAGING SPÓŁKA JAWNA with its registered office in Ożarów Mazowiecki (address of registered office: ul. Poznańska 129/133, 05-850 Ożarów Mazowiecki, Poland and correspondence address: ul. Poznańska 129/133, 05-850 Ożarów Mazowiecki, Poland) entered in the register of entrepreneurs of the National Court Register under entry No. KRS: 0000891737; registration court where the company’s documents are kept: District Court for the Capital City of Warsaw in Warsaw, 14th Economic Division of the National Court Register, VAT Reg. No. (NIP): 5340002555, State Statistical No. (REGON): 012086162, e-mail address: sprzedaz@bittner.waw.pl and telephone No.: +48 733 099 996 – hereinafter referred to as the “Data Controller” who is, at the same time, the Website Owner.
The personal data on the Website are processed by the Data Controller in line with the applicable legal provisions and in particular pursuant to Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Processing Regulation) – hereinafter referred to as the “GDPR.” Official text of the GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
Use of the Website is voluntary. Similarly, any related provision of personal data by the user of the Website is voluntary with a reservation that failure to provide specific data required for the use of some electronic services of the Website by the user (e.g. contact form) may prevent the possibility of using this functionality. In such case, provision of personal data is dictated by the legitimate interest of the Data Controller and if the data subject wishes to make use of the contact form and to receive an answer to his/ her inquiry, the data subject is required to provide the data. In each case, the scope of the data required for using the Website functionalities is indicated by the Data Controller on the Website or in the regulations.
The Data Controller exercises due diligence to protect the interests of data subjects of the data processed by it, and in particular is liable and guarantees that the data collected by it are: (1) processed in compliance with the law; (2) collected for specific and legitimate purposes and not subjected to further processing that is inconsistent with such purposes; (3) substantially correct and adequate in reference to the purposes for which they are processed; (4) archived in a form allowing for identification of the data subjects not longer than is indispensable for accomplishing the purpose of processing and (5) processed in a mode guaranteeing proper security of personal data, including protection from unauthorised or illegal processing, as well as accidental loss, destruction or damage with the use of proper technical and organisational measures.
Observing the character, the scope, the context and the purposes of processing and the risk of violation of rights or freedoms of natural persons with varying probability and weight of threat, the Data Controller implements proper technical and organisational measures to make the processing compliant with the GDPR and to be able to manifest it. If necessary, such measures are reviewed and up-dated. The Data Controller applies technical measures preventing sourcing and modification of personal data sent electronically by unauthorised persons.
All wAny capitalised words, expressions and acronyms included in this privacy policy should be understood in line with their meanings resulting from this document.
The Data Controller is authorised to process personal data in the cases and within a scope where at least one of the terms below has been fulfilled: (1) the data subject expressed his/her consent for the processing of his/ her personal data for one or a greater number of specific purposes; (2) processing is necessary for the performance of an agreement a party to which is a data subject or for taking actions at the request of a data subject before entering into the agreement; (3) the processing is indispensable for meeting the legitimate interest encumbering the Data Controller; or (4) the processing is indispensable for purposes resulting from legitimate interests pursued by the Data Controller or by a third party with the exception of situations where the interests or basic rights and freedoms of data subjects requiring protection of personal data, in particular when such data subject is a child, are overriding with respect to such interests.
The processing of personal data by the Data Controller requires, in each case, existence of at least one of the bases listed above. Specific bases of personal data processing of the users of the Website by the Data Controller are indicated in the next section of the privacy policy – in reference to a given purpose of personal data processing by the Data Controller.
Every time the purpose, the basis, the period and the recipients of personal data processed by the Data Controller result from actions taken by a given user on the Website.
IThe Data Controller may process the personal data on the Website for the following purposes, on the following bases and for periods of time compliant with the table below:
Purpose of data processing | Legal basis of data processing | Term of data storage |
---|---|---|
Use of the contact form | Article 6(1)(f) of the GDPR (legitimate interest of the Data Controller): processing is indispensable for purposes resulting from legitimate interests of the Data Controller – comprising the necessity of learning the content of an inquiry sent by the data subject with the use of a contact form available on the Website and subsequently, if this is necessary, providing an answer to this inquiry. | The data are kept for a period necessary for the Data Controller to learn the content of an inquiry of a data subject and providing the answer, however not longer than for a period of existence of a legitimate interest pursued by the Data Controller in relation to such inquiry. |
Direct marketing | Article 6(1)(f) of the GDPR (legitimate interest of the Data Controller): the processing is indispensable for purposes resulting from legitimate interests of the Data Controller – consisting in taking care of interests and good reputation of the Data Controller and striving for the provision of services. | The data are stored for a period of existence of a legitimate interest pursued by the Data Controller, however not longer than for a period of statute of limitations of claims in reference to the data subject with respect to the business activities carried out by the Data Controller. The statute of limitations is specified by legal provisions, in particular the Polish Civil Code (the basic term of the statute of limitations related to the performance of business activity amounts to three years). The Data Controller cannot process the data for the purpose of direct marketing if the data subject expressed effective objection in this respect. |
Determination, seeking or defence of claims which may be lodged by the Data Controller or which may be lodged against the Data Controller | Article 6(1)(f) of GDPR (legitimate interest of the data controller): processing is indispensable for purposes resulting from legitimate interests of the Data Controller – consisting in determination, seeking or defence of claims which may be lodged by the Data Controller or which may be lodged against the Data Controller. | The data are stored for a period of existence of a legitimate interest pursued by the Data Controller, however not longer than for a period of statute of limitations of claims in reference to the data subject with respect to the business activities carried out by the Data Controller. The statute of limitations is specified by legal provisions, in particular the Polish Civil Code (the basic term of the statute of limitations with respect to claims lodged against the Data Controller amounts to six years). |
Use of the Website and guaranteeing its correct operation | Article 6(1)(f) of the GDPR (legitimate interest of the Data Controller): the processing is indispensable for purposes resulting from legitimate interests of the Data Controller – consisting in operation and maintenance of the Website. | The data are stored for a period of existence of a legitimate interest pursued by the Data Controller, however not longer than for a period of statute of limitations of claims of the Data Controller in reference to the data subject with respect to the business activities carried out by the Data Controller. The statute of limitations is specified by legal provisions, in particular the Polish Civil Code (the basic term of the statute of limitations related to the performance of business activity amounts to three years). |
Performance of statistics and analysis of traffic on the Website | Article 6(1)(f) of the GDPR (legitimate interest of the Data Controller): the processing is indispensable for purposes resulting from legitimate interests of the Data Controller, consisting in performance of statistics and analysis of traffic on the Website with the aim of improved operation of the Website. | <!– @page { size: 21cm 29.7cm; margin: 2cm } P { margin-bottom: 0.21cm } –> The data are stored for a period of existence of a legitimate interest pursued by the Data Controller, however not longer than for a period of statute of limitations of claims of the Data Controller in reference to the data subject with respect to the business activities carried out by the Data Controller. The statute of limitations is specified by legal provisions, in particular the Polish Civil Code (the basic term of the statute of limitations related to the performance of business activity amounts to three years). |
For the proper functioning of the Website, it is necessary for the Administrator to use the services of The correct functioning of the Website requires the Data Controller’s use of services of external entities (such as, e.g., supplier of software). The Data Controller exclusively uses the services of such processors that provide sufficient guarantees for implementation of proper technical and organisational measures so that the processing fulfils the requirements of the GDPR and protects the rights of data subjects.
The personal data may be transferred by the Data Controller to a third country, while the Data Controller guarantees that in such case, the transfer shall be made to a country ensuring proper degree of protection – compliant with the GDPR and in case of other countries that the transfer shall take place on the basis of standard data protection clauses. The Data Controller guarantees that the data subject has the possibility of receiving copies of his/ her data. The Data Controller transfers the compiled personal data exclusively in case and within a scope necessary for performance of a given purpose of data processing compliant with this privacy policy.
The transfer of data by the Data Controller shall not take place in every case and not to all the recipients or categories of recipients indicted in the privacy policy – the Data Controller exclusively transfers data when it is indispensable for meeting a given purpose of personal data processing and exclusively within a scope indispensable for meeting it.
The personal data of the Website users may be transferred to the following recipients or categories of recipients:
Right to access, rectify, limit, remove or transfer data: the data subject has a right to request access to his/ her personal data from the Data Controller, data rectification, removal (“right to be forgotten”) or limitation of processing, as well as a right to file an objection against the processing of data, and a right to transfer his/ her personal data. Detailed terms of exercising the above-listed rights are specified in Art. 15-21 of the GDPR.
Right to withdraw the consent at any moment: the person whose data are processed by the Data Controller pursuant to the consent given (pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR) has a right to withdraw the consent at any moment without affecting the legitimacy of processing performed on the basis of the consent prior to its’ withdrawal.
Right to file a complaint to a supervisory authority: a person whose data are processed by the Data Controller has a right to file a complaint to a supervisory authority in a mode outlined in the GDPR provisions and the Polish law, in particular the Polish Act on Personal Data Protection. The supervisory authority in Poland is the President of the Personal Data Protection Office.
Right to object: the data subject can file an objection at any moment – due to causes related to his/ her special situation – against the processing of his/ her personal data based on Art. 6(1)(e) (public interest or tasks) or f) (legitimate interest of the Data Controller), including profiling on the basis of such provisions. In such case, the Data Controller shall not process such personal data unless the Data Controller manifests existence of legitimate bases for processing, overriding with respect to the interests, rights and freedoms of the data subject or bases for determination, seeking or defence of claims.
Right to object with respect to direct marketing: if the personal data are processed for the needs of direct marketing, the data subject has the right, at any moment, to file an objection against the processing of his/ her personal data for the purposes of such marketing, including profiling, within a scope in which the processing is related to such direct marketing.
For the purpose of exercising the rights referred to in this point of the privacy policy, you can contact the Data Controller by sending a message by post or electronic mail to the address of the Data Controller indicated in the initial section of the privacy policy.
A cookie is a small text file containing information, which is sent by the server and saved on the side of the person visiting the Website (e.g. on the hard drive of a computer, laptop, or in the memory card of a smartphone – depending on which device the user of the Website is using). Detailed information about cookies, as well as the history of cookies can be found here: https://pl.wikipedia.org/wiki/HTTP_cookie.
Cookies which can be sent by the Website are divided into various types, according to the following criteria:
On account of the supplier: 1) first-party cookies (created by the Administrator’s Website) and 2) belonging to third parties/ persons (other than the Administrator) | On account of the period of their storage on the device of a person visiting the Website: 1) persistent (archived for a specific time, defined by the parameters of every file or until manual removal) | On account of purpose of their application: 1) strictly necessary (allowing for correct functioning of the Website) 2) functional/ preference (allowing for alignment of the Website to the preferences of a person visiting the Website) 3) analytical and performance (collecting information about the mode of using the Website) |
The Administrator may process the data contained in the cookies during the use of the Website by the visitors for the following specific purposes:
Purposes of applying cookies on the Administrator’s Website
You can check which Cookies (including the period of functioning of Cookies and their supplier) are sent at a given moment by the Website by the most popular Internet browsers in the following manner:
In Chrome: (1) in the address bar, click the icon of the lock on the left hand side, (2) go to the “Cookies” tab. | In Firefox: (1) in the address bar, click the shield icon on the left hand side, (2) go to the “Permitted” or “Blocked” tab, (3) click the “Cross-site tracking cookies”, “Social media trackers” or “Tracking content” | In Internet Explorer: (1) click the “Tools” menu (2) go to the “Internet Options” tab, (3) go to the “General” tab, (4) go to the “Settings” tab, (5) click the “Display files” field. |
In Opera: (1) in the address bar, click the icon of the lock on the left hand side, (2) go to the “Cookies” tab. | In Safari: (1) click the “Preferences” menu, (2) go to the “Privacy” tab, (3) click the “Manage page data” field | Irrespective of the browser, you can also use the tools available on the website: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/ |
As a standard, the majority of Internet browsers available at the market accept saving of Cookies as a default. Everybody can determine the terms of using Cookies with the use of settings of own Internet browser. This means that it is possible to partially (e.g. temporarily) limit or completely turn off the possibility of saving Cookies – in the last case, this may affect some functionalities of the Website.
Settings of the Internet browser within the scope of Cookies are significant from the point of view of consent for the use of Cookies by our Website – in line with the provisions, such consent may also be expressed via the settings of the Internet browser. Detailed information about changes in the settings pertaining to Cookies and independent removal of Cookies in the most popular browsers is available in the help section of the Internet browser and on the websites below (click a specific link):
in Chrome
in Firefox
in Internet Explorer
in Opera
in the Safari
in the Microsoft Edge
The Administrator may use Google Analytics, Universal Analytics delivered by Google Ireland Limited on the Website (Gordon House, Barrow Street, Dublin 4, Ireland). Such services help the Administrator run statistics and analyse traffic on the Website. The compiled data are processed as part of the aforementioned services to generate statistics helpful in administering the Website and analysing traffic on the Website. Such data are collective. When using the aforementioned services on the Website, the Administrator compiles such data on the Website as sources and media for procuring visitors on the Website and the mode of their behaviour on the Website, information about devices and browsers from which they visit the Website, IP and domain, geographical data and demographical data (age, sex) and interests.
A given person can easily block the sharing of information about his/ her activities on the Website with Google Analytics – to this aim, install an add-on for the browser made available by Google Ireland Ltd. and available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
In relation to the possibility of the Administrator’s use of analytical services delivered by Google Ireland Ltd. on the Website, the Administrator indicates that full information about the principles of processing of data of persons visiting the Website (including information saved in Cookies) by Google Ireland Ltd. is contained in the privacy policy of Google available at the following address: https://policies.google.com/technologies/partner-sites.
The Website can contain links to other websites. The Administrator recommends, after being redirected to another website, to read the privacy policy applicable there. This privacy policy refers only to this Website of the Administrator and the personal data processed in relation to its use.