Privacy Policy

General provisions

To improve readability of this Privacy Policy, the term “User” has been replaced with “You”, and the term “Controller” with “We”. The term “GDPR” refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC

 

Data Controller

The Controller of your data is Florian Centrum Sp. z o.o. based in Kutno, ul. Metalowa 11A, 99-300 Kutno, NIP 7751117203, REGON 610279062, entered in the National Court Register, XX Division of the National Court Register, KRS number 0000868281.

 

Contact with the Data Controller on matters relating to data protection

You can contact the person in charge of personal data processing by e-mail at rodo@floriancentrum.com.pl or by post: marked “GDPR”, sent to Florian Centrum Spółka z ograniczoną odpowiedzialnością based in Kutno, ul. Metalowa 11A, 99-300 Kutno, Poland.

 

Data security

The security of your data is our top priority. In accordance with the GDPR, we have implemented and maintain organisational and technical measures appropriate to the level of risk identified. These measures are regularly reviewed and modified as necessary.

To ensure the integrity and confidentiality of your data, we have also introduced procedures that allow access to personal data only to authorised persons.

 

Contact form – purpose and legal basis of processing

When you complete the contact form, the personal data you provide are processed for the purpose of identifying you and responding to your enquiry. Providing the data marked as mandatory is necessary for us to receive and respond to your message. Failure to provide such information will make it impossible for us to handle your enquiry. Providing any additional data is voluntary.

The legal basis for processing is the necessity of processing for the performance of a service contract (Article 6(1)(b) GDPR); in the case of optional additional data, the legal basis is your consent (Article 6(1)(a) GDPR).

 

Correspondence by post and e-mail – purpose and basis of processing

Personal data provided by you in traditional correspondence (letters) or email correspondence unrelated to an existing contract or service (for example, enquiries about our offer) are processed solely for the purpose of communication and resolving the matter to which the correspondence relates.

The legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR) in conducting correspondence related to our business activities.

 

Telephone contact – purpose and basis of processing

If you choose to contact us by telephone regarding matters not related to an existing contract or the services we provide, we may ask you to provide certain personal data, but only where it is necessary to handle your enquiry.

The legal basis for processing such data is our legitimate interest (Article 6(1)(f) GDPR), which is the need to handle and resolve issues connected with our business activities.

 

Facebook – purpose and legal basis of processing

As the Controller, we operate a public profile on the Facebook social media platform. As a result, we process the personal data of individuals who visit our profile (including comments, likes and online identifiers). These data are processed to enable users to engage with our profile. We also process them for the purpose of providing users with information about our activities, for training purposes and to promote various events, services and products.

The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR), which consists in promoting our own brand and improving the quality of the services we provide.

Our public Facebook profile may also be used to organise competitions for users of the platform. The scope of the personal data collected is, in all cases, limited to what is necessary to conduct the competition – for tax purposes (in the case of winners) where tax obligations apply, and for marketing purposes where the participant has given consent. Providing personal data is voluntary, but necessary in order to take part in a competition.

The legal basis for processing in this case is the participant’s consent (Article 6(1)(a) GDPR).

 

Processing of personal data of employees of business partners/clients

In connection with the conclusion and performance of contracts as part of our business activities, we obtain personal data from our business partners or clients relating to the individuals involved in the execution of such contracts (for example, persons authorised to make contact, place orders or receive deliveries). The scope of the data collected is, in all cases, limited to what is necessary for the proper performance of the contract.

The legal basis for processing is the legitimate interest of both the Controller and the contractor/client (Article 6(1)(f) GDPR), namely ensuring the proper performance of the contract. In such cases, personal data may be disclosed to third parties involved in the performance of the contract, but only to the extent necessary for its execution (for example, to deliver goods).

The data are processed for the period necessary to achieve these legitimate interests and to comply with legal obligations arising from applicable law.

 

Processing of personal data in competitions and promotions

When organising competitions or promotions we may collect personal data from employees of our business partners/clients. The scope of the personal data collected is, in all cases, limited to what is necessary to conduct the competition/promotion – for tax purposes (in the case of winners) where tax obligations apply, and for marketing purposes where the participant has given consent. Providing personal data is voluntary, but necessary in order to take part in a competition/promotion.

The legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) GDPR).

The legal basis for the processing of a competition/promotion participant’s personal data for marketing purposes is their consent (Article 6(1)(a) GDPR).

 

Marketing activities

In connection with our business operations, we carry out marketing activities. In such cases, your personal data may be processed for the following purposes:

  • Sending newsletters – under Article 6(1)(f) GDPR (the Controller’s legitimate interest consisting in processing data for the purposes of direct marketing) and on the basis of your consent, pursuant to the Act on the Provision of Electronic Services.
  • Telephone contact for the purpose of presenting offers and direct marketing – under Article 6(1)(a) GDPR and Article 6(1)(f) GDPR (the Controller’s legitimate interest), if you are already our client.
  • Sending commercial offers by email, SMS or MMS – on the basis of your consent, pursuant to the Act on the Provision of Electronic Services.
  • Dissemination of your image for advertising, promotional, marketing and informational purposes related to our business activity – on the basis of your consent pursuant to Article 6(1)(a) GDPR. The consent you provide applies to photographs and video materials depicting you and includes such forms of dissemination as publication on our website, social media platforms and via the press.

 

Recipients of personal data

In the course of our business operations, your personal data may be shared with third parties, in particular with providers responsible for the maintenance of IT systems and equipment, postal and courier operators, and marketing agencies.

We may also be required to disclose your data to competent authorities or other third parties who request such information, provided that the request is based on a valid legal ground and complies with applicable law.

 

 

Transfers of personal data outside the European Economic Area (“EEA”)

We do not plan to transfer your data outside the EEA. However, if this becomes necessary, it will take place only through:

  • the use of standard contractual clauses issued by the European Commission;
  • the use of binding corporate rules approved by the competent supervisory authority;
  • cooperation with entities processing personal data in countries for which the European Commission has issued an appropriate adequacy decision confirming that an adequate level of protection of personal data is ensured.

 

Period of retention of personal data

If the basis for processing is our legitimate interest as the Controller, your personal data will be processed for a period enabling the fulfilment of that interest or until a valid objection to processing is lodged.

If the processing is based on your consent, the data will be processed until it is withdrawn.

If the basis for processing is the necessity of concluding and performing a contract, the data will be processed until the contract is terminated.

The period of processing of your personal data may be extended where processing is necessary for the establishment, exercise or defence of legal claims.

 

Your rights in relation to the processing of personal data

You have the following rights:

  • the right to receive information about the processing of personal data;
  • the right to obtain a copy of your personal data;
  • the right to have your personal data rectified;
  • the right to have your personal data erased (the right to be forgotten);
  • the right to restrict processing;
  • the right to data portability;
  • the right to object to the processing of personal data;
  • the right to withdraw consent to processing, where processing is based on consent;
  • the right to lodge a complaint with the President of the Personal Data Protection Authority.

 

How to exercise the rights

You can contact the person in charge of personal data processing by e-mail at

rodo@floriancentrum.com.pl or by post: marked “GDPR”, sent to Florian Centrum Spółka z ograniczoną odpowiedzialnością based in Kutno, ul. Metalowa 11A, 99-300 Kutno, Poland.