Privacy Policy
Below, you will find information regarding the processing of your personal data in connection with your use of the website available at the address: heatpex.pl (“website”), as well as the processing of your personal data in other cases. In this Privacy Policy, you will also find information about the cookies used on the website.
Data Controller and Contact with the Controller
Your personal data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”). The Data Controller, i.e., the entity that determines the purposes and means of processing your personal data, is HEATPEX Spółka z ograniczoną odpowiedzialnością, located in Gdańsk (80-044) at Trakt Św. Wojciecha 29, registered in the Register of Entrepreneurs of the National Court Register maintained by the District Court Gdańsk – Północ in Gdańsk, 7th Commercial Division of the National Court Register under the KRS number 0000204309, using the NIP number 5832853709, REGON 1930313387. For matters regarding the processing of your personal data, you can contact us by writing to the email address: biuro@heatpex.pl
How Personal Data is Collected
We collect your personal data through various forms of communication. This may occur in particular during:
– email or telephone contact, as a result of using the contact form on our website,
– correspondence with us, for example, in order to answer your questions and requests,
– browsing our website,
– using our services, establishing a business relationship with us.
Processing of Data of Persons Contacting the Controller
When you contact the Controller via email, telephone, or through the contact form, your personal data is received directly from you and is processed for the following purposes and on the following legal bases:
responding to your inquiries – which constitutes the legitimate interest of the Controller in accordance with Article 6(1)(f) GDPR;
taking actions prior to entering into a contract at your request, e.g., sending offers at your request – based on Article 6(1)(b) GDPR;
establishing, pursuing, and defending claims, which constitutes the legitimate interest of the Controller in accordance with Article 6(1)(f) GDPR.
Providing personal data is voluntary but necessary to achieve the above purposes, particularly to respond to an inquiry or send an offer. Your personal data is processed for the period necessary to achieve the above purposes or until you effectively object to the processing of personal data. In the case of entering into a contract with you, personal data collected during correspondence is stored in accordance with the principles indicated in the “Processing of Client Personal Data” section. If no contract is concluded, personal data will be deleted no later than 5 years after the initial contact.
Processing of Client Personal Data
If a contract is concluded for the provision of services by the Controller on your behalf, when you create an account on the Store website, or make a purchase in the Store, the Controller receives personal data directly from you and processes it for the following purposes and on the following legal bases:
entering into and performing a contract with you – based on Article 6(1)(b) GDPR;
providing services electronically through the website, including enabling the use of an online account, identifying the person registering/logging into an online account – based on Article 6(1)(b) GDPR (processing of data is necessary to perform the contract for the provision of electronic services);
ongoing contact regarding the provision of services, handling potential complaints, preventing fraud, which constitutes the legitimate interest of the Controller in accordance with Article 6(1)(f) GDPR;
fulfilling the Controller’s legal obligations regarding taxes and accounting, in particular: issuing invoices or other accounting documents, keeping accounts, settling taxes, archiving data for accounting purposes – based on Article 6(1)(c) GDPR in connection with tax law and accounting regulations;
establishing, pursuing, and defending claims, which constitutes the legitimate interest of the Controller in accordance with Article 6(1)(f) GDPR;
for marketing purposes, i.e., sending you commercial information electronically if you consent to it – based on Article 6(1)(a) GDPR and in accordance with Article 10 of the Act on Providing Electronic Services or Article 172 of the Telecommunications Law.
Providing personal data to the extent necessary for the Controller to fulfill its legal obligations is mandatory and arises from tax and accounting regulations. Providing personal data to enter into a contract is voluntary but necessary to conclude and perform that contract. Providing personal data in other respects is voluntary and is not a condition for concluding and performing the contract. Personal data is stored for the duration of the contract and then until the statutory data retention obligation ceases (5 years from the end of the tax year) and until the limitation period for claims expires. Personal data processed based on consent is stored until consent is withdrawn. In the case of an online account, data processed on that account will be stored until the account is deleted (except for transactional data that the Controller is obliged to store in accordance with statutory deadlines).
Joint Controllers
The Controller may use so-called “social media plugins,” i.e., banners of Facebook, LinkedIn, and YouTube services placed on its website, which redirect respectively to:
– the Controller’s page on Facebook: https://www.facebook.com/HeatpexPL
– the Controller’s page on LinkedIn: https://www.linkedin.com/uas/login?session_redirect=%2Fcompany%2F67878920
– the Controller’s page on YouTube: https://www.youtube.com/channel/UC8BUHcXc0-KtgzCAUksDvWQ
When the Controller uses a Facebook Profile, LinkedIn Profile, YouTube Profile, and places social media plugins on its websites, the joint controller of user data is also:
– Meta Platforms Ireland Limited, based in Dublin (Ireland), address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland,
– LinkedIn Ireland Unlimited Company, based in Dublin (Ireland), address: Wilton Place, Dublin 2, Ireland,
– Google Ireland Limited z siedzibą w Dublinie, Gordon House, Barrow Street, DUBLIN 4, D04 E5W5, CO DUBLIN, IRELAND.
Joint administration includes aggregate data analysis aimed at displaying user activity statistics on the Facebook, LinkedIn, or YouTube Profile and advertising activities using available tools. According to these services, Meta Platforms Ireland Ltd. has assumed primary responsibility under GDPR for processing data for statistical purposes and for fulfilling all relevant GDPR obligations. Tracking activity on websites may occur regardless of whether you are logged in or registered on the social media platform. The Controller has no influence over the internet activity tracking used by the social media platform and cannot, for example, disable it.
Detailed information on activity tracking can be found in the privacy policies of the social media operators. As for statistics, the Controller has limited influence over them and can only prevent their transmission to a limited extent. If you are a logged-in/registered user of the social media platform, verify your privacy settings to match your preferences.
Providing personal data is voluntary. Personal data collected by the social media platform, such as the history of posts, activity, and messages, is subject to storage according to the social media platform’s terms and conditions.
Processing of Data in Connection with Submitting Requests for the Exercise of Rights Under GDPR
Given that you have specific rights related to the processing of your personal data, you may send correspondence to the Controller regarding the exercise of these rights. Accordingly, we process your identification data, contact information, and other data provided in correspondence with you or another person who submits a request on your behalf regarding the exercise of your rights under GDPR. If the request is not submitted directly by you but by an attorney or legal representative, we also process additional data related to this attorney or representative, i.e., their identification data, contact information, and data concerning the type of authorization. The personal data of applicants is processed by the Controller for the following purposes and on the following legal bases:
to maintain contact and correspondence regarding the submitted request concerning the exercise of rights under GDPR – based on Article 6(1)(c) GDPR, as processing personal data is necessary to fulfill the legal obligation of the Controller under Article 12(1)-(3) GDPR;
for the purpose of archiving correspondence conducted regarding the handling of the submitted request concerning the exercise of rights under GDPR, for evidence purposes and to demonstrate that the Controller responded to the submitted request within the statutory period, which constitutes the legitimate interest of the Controller in accordance with Article 6(1)(f) GDPR.
Providing personal data is necessary to fulfill the submitted request.
Personal data is processed for the period of correspondence and then archived for evidence purposes until the limitation period for claims expires. Recipients of Personal Data Your personal data may be disclosed by the Controller to other entities, i.e.:
subcontractors, contractors, particularly entities providing legal, training, accounting, marketing, and IT services (in most cases, these are processors with whom the Controller has entered into personal data processing agreements);
banks or institutions facilitating payments in the online store;
couriers, postal services;
entities authorized by law;
Cookies
To provide services at the highest level, the Controller uses cookies (“cookies”). Using our websites means that they may be placed on your device. Cookies that are necessary to use the Controller’s website serve, among other things, to ensure its stable operation (they measure traffic, protecting us from overload), remember your selected privacy preferences, and fill out forms provided by us online. These cookies are used by default, meaning they are saved on your device during your visit to our website. We only use other cookies if you consent to it. We use the following types of cookies:
Essential cookies – ensure the proper functioning of our website and its basic functions.
Analytical cookies – allow tracking the number and sources of visits, so we can measure and improve the performance of our website. This type of cookie helps us understand which subpages are most or least visited and how visitors navigate our website. If you refuse to save analytical cookies on your device, your visit will not be counted in our statistics, but it will not limit any functionality on our website for you.
Marketing cookies – we use these cookies to personalize the content displayed to you. Marketing cookies may be used in our advertising campaigns, which are conducted on third-party websites. If you consent to the use of marketing cookies, you may receive information about the websites of our trusted partners on which you responded to our ads. If you refuse marketing cookies, you will be shown general and non-personalized ads. Similar to analytical cookies, if you refuse to save marketing cookies on your computer or smartphone, it will not limit any functionality on our website for you. Advertising-related cookies and their recipients, which may include third-party cookies, require your prior consent. These third parties have access to information collected by their cookies. These entities are:
Google Inc. (through the Google Analytics and Google Doubleclick services and, where applicable, through the Google Plus plugin);
Facebook, LinkedIn, YouTube (through plugins).
Advertising-related cookies and their recipients may include profiling cookies, which create user profiles to deliver ads consistent with the preferences shown by users during their Internet use for advertising purposes, and retargeting cookies, which are used to deliver ads related to products similar to those you have shown interest in (e.g., they display pages about products you visited on my website when you browse related pages) or to measure the effectiveness of marketing campaigns (mine or third parties). Social media cookies, which allow social media operators to install their own cookies through their plugins, require your prior consent. These cookies are managed directly by third parties and may also be used when you browse other websites to deliver ads consistent with your preferences. Using other cookies than necessary requires your consent. Therefore, when you first visit our website, a banner with information about cookies is displayed. In the future, during subsequent visits to the website, it should no longer appear, as necessary cookies will save your preferences. During your visit to our website, a banner will appear informing you that it uses cookies. If you choose the option: “Allow all,” it will mean that you accept all cookies placed on our website and confirm that you have read the information about cookies and their purposes, as well as the cases in which data collected with cookies is transferred to our partners. “Settings” will allow you to manage your cookie preferences in detail by selecting the field on the displayed cookie banner. “Reject all” will mean that you do not want our cookies to be saved on your device. By choosing this option, you will reject all but technically necessary cookies that we use on our website. We emphasize that accepting cookies is not a mandatory condition for using our websites. You can also change your cookie settings at any time by clicking on the “Manage Granted Consents (Cookies)” content placed in the bottom left corner of the website.
Data Transfer Outside the EEA
As a rule, your personal data will not be transferred outside the European Economic Area. However, considering the services and tasks performed by our subcontractors in supporting IT services and IT infrastructure, we may entrust certain activities to reputable subcontractors operating outside the EEA, which may result in the transfer of this data outside the EEA. In such cases, data is transferred to a third country based on a decision of the European Commission determining an adequate level of protection, and in the absence of such a determination, appropriate safeguards are applied in accordance with applicable legal regulations to create an adequate level of data protection – these include, in particular, standard contractual clauses issued by the European Commission under Article 46(2)(c) GDPR. The method of securing data used is in line with the principles set out in Chapter V of GDPR “Transfer of personal data to third countries or international organizations.” In connection with the Controller’s use of Google Analytics, email, and potentially other service providers, your personal data may also be transferred to a third country, exclusively based on appropriate safeguards provided for by GDPR, particularly based on the EU Standard Contractual Clauses. For the Google Analytics service, anonymous IP address recording (so-called IP masking) has been implemented on the website through the “gat._anonymizelp();” code. This means that the user’s IP address is shortened by Google within the territory of the EU and EEA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. You can read more about the processing of information within the Google Analytics service here: https://policies.google.com/privacy
Rights of Data Subjects
In accordance with applicable regulations (Articles 12-23 GDPR), every person whose data is processed by the Controller has the right to:
– access their data and receive a copy of it,
– rectify (correct) their data,
– delete their data,
– restrict the processing of their data,
– transfer their data – if the legal basis for their processing is consent (Article 6(1)(a) or Article 9(2)(a) GDPR) and a contract (Article 6(1)(b) GDPR),
– object to the processing of their personal data – if the legal basis for their processing is a legitimate interest (Article 6(1)(f) GDPR).
– withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. To exercise the above rights, you should contact the Data Controller at the addresses indicated in the “Data Controller and Contact with the Controller” section. In addition, you have the right to lodge a complaint with the President of the Office for Personal Data Protection if you believe that the processing of personal data violates the applicable data protection regulations. For jointly administered personal data processed within services, including social media services, you can exercise your rights with the operator of that service in accordance with the rules established by those operators:
Facebook: https://www.facebook.com/privacy/explanation,
LinkedIn:https://pl.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other#other,
YouTube: https://policies.google.com/privacy?hl=pl
Automated Decision-Making
Your personal data will not be used for automated decision-making, including profiling, which could result in any decisions that would have legal effects or similarly affect any consequences for clients, contractors, their employees, or collaborators.
Personal Data Security
With the goal of protecting your personal data, we have implemented appropriate technical and organizational measures to ensure an adequate level of data security, including: training our staff and building awareness in the area of data protection, allowing data processing only by individuals with appropriate authorization, while also requiring them to sign a confidentiality statement, implementing systems and safeguards to ensure data confidentiality, integrity, and availability, supervising personal data processing processes, particularly controlling which data and to what extent we collect, as well as who we may eventually share it with, and cooperating with business partners who provide sufficient guarantees of implementing appropriate security standards.
Privacy Policy Update
We reserve the right to update this Privacy Policy in the future – in case of changes to applicable data protection laws and in the case of the development of functionalities or electronic services, as well as in connection with the implementation of new technological or technical solutions that impact data processing. Last updated: 30 January 2024.