§ 1. General Provisions
1. This Privacy Policy sets out the rules for collecting and processing the personal data of Clients and Contractors of the www.labtar.pl website, hereinafter referred to as the Service, by the company LABTAR sp. z o.o., headquartered in Tarnów Opolski, at ul. Świętego Jacka 12, NIP: 7540016327, REGON: 271981077, registered in the National Court Register (KRS) under number: 0000109304, with a share capital of PLN 3,300,000.
2. The Data Controller of the Clients’ and Contractors’ personal data is LABTAR sp. z o.o., headquartered in Tarnów Opolski, at ul. Świętego Jacka 12, NIP: 7540016327, REGON: 271981077, registered in the National Court Register under number: 0000109304, with a share capital of PLN 3,300,000, hereinafter referred to as the Controller.
3. The Controller, in concern for the privacy of Clients and Contractors, complies with applicable legal provisions, including the General Data Protection Regulation (GDPR) of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as GDPR. In particular, the Controller adheres to the following principles specified in Article 5 of the GDPR:
a) Lawfulness – The Controller processes personal data only on a legally established basis.
b) Fairness and Transparency – The Controller strives to ensure that the collected personal data is accurate and up-to-date, and its processing is carried out without disruption. This includes implementing technical and organizational measures to correct data, reduce error risks, and remove inaccurate data.
c) Purpose Limitation – The Controller collects and processes personal data for specific, explicit, and legitimate purposes.
d) Data Minimization – The Controller collects and processes only the personal data necessary for the purposes for which it is processed.
e) Accuracy – The Controller ensures that data is accurate and updated where necessary.
f) Storage Limitation – The Controller stores personal data for no longer than necessary for the purposes for which it is processed.
g) Accountability – The Controller implements measures (including internal procedures and documentation) to ensure compliance with data protection regulations and to demonstrate what measures have been taken to comply with data protection laws.
h) Security – The Controller processes personal data in a manner that ensures adequate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical and organizational measures.
4. The Controller has designated a contact person for personal data protection, who can be reached at the following email address: odo@labtar.pl.
§ 2. Purpose, Basis, and Duration of Personal Data Processing
1. The Controller processes the personal data of Clients and Contractors to the extent necessary for the use of the Service by Clients and Contractors.
2. Personal data of Clients and Contractors is processed by LABTAR, particularly for the provision of electronic services, including the fulfillment of orders (Article 6(1)(b) of the GDPR), and if the Client consents, for marketing purposes (Article 6(1)(a) of the GDPR).
3. Additionally, data is processed by the Controller for the following purposes and periods:
a) Sending commercial information via electronic communication means and using telecommunication end devices and automated calling systems, in accordance with Article 172 of the Telecommunications Act of July 16, 2004, including information on offers, products, and services provided by LABTAR (for individuals who have given their consent) – on the basis of Article 6(1)(a) of the GDPR, for no longer than until consent is withdrawn.
b) Ensuring the handling of orders placed with LABTAR, particularly the delivery of ordered goods and the resolution of any complaints, as well as fulfilling tax and accounting obligations required by law (for individuals who have placed orders) – on the basis of Article 6(1)(b) and (c) of the GDPR, for no longer than until the expiration of claims related to the completed order.
c) Ensuring the security and proper functioning of the Service and enabling the provision of electronic services free of charge by the Controller – which is our legitimate interest under Article 6(1)(f) of the GDPR, for no longer than the period necessary to achieve the above purpose.
d) Handling inquiries not directly related to ordered services or products – on the basis of consent (Article 6(1)(a) of the GDPR) until a response is sent.
e) Monitoring users’ activity on the Service to tailor and optimize the content displayed to their needs – which is our legitimate interest under Article 6(1)(f) of the GDPR, for no longer than until an objection is raised in this regard. In some cases, profiling is used for this purpose.
§ 3. Rules for Collecting and Processing Personal Data and Information
1. Personal data is processed automatically, including profiling, to adjust the content of the Service to personal preferences and interests. Automated processing or profiling will not have any legal effects or significantly impact the user’s situation.
2. While browsing and using the Service, information about the use of the Service by Clients and Contractors, such as the type of browser, type of operating system, date and time of visits, number of connections, viewed content, and others, is automatically collected.
3. Personal data is processed based on expressed consent. Consent for data processing is granted by, among other things, selecting the indicated checkbox.
4. Browsing the content of the Service does not require the provision of personal data.
5. Placing an order for goods requires the provision of personal data.
6. The personal data of Clients and Contractors will be processed for the period necessary to achieve the processing purposes.
7. The provision of personal data is also necessary to participate in contests organized within the Service or to use the contact form.
8. Some functionalities of the Service require the voluntary provision of personal data.
9. The recipients of the data are email service providers and entities involved in the fulfillment of orders, which process personal data on behalf of the Controller under authorizations and/or data processing agreements.
10. Personal data is not transferred to a third country or international organization (i.e., outside the European Economic Area).
§ 4. User Rights
1. The user has the right to control the processing of personal data concerning them, in particular, they have the right to:
a) Access their data (Article 15 of the GDPR);
b) Rectify their data (Article 16 of the GDPR);
c) Delete their data (Article 17 of the GDPR);
d) Restrict the processing of their data (Article 18 of the GDPR);
e) Transfer their data (Article 20 of the GDPR);
f) Object to the processing of their data (Article 21 of the GDPR).
2. In cases where the processing of the user’s data is based on Article 6(1)(a) of the GDPR, i.e., consent for the processing of personal data, the user has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
3. The user has the right to obtain information on whether and to what extent their personal data is processed, as well as information on the purpose and scope of the processing.
4. The user may exercise the rights described above by submitting a declaration electronically or by post to the Controller’s or Data Protection Officer’s address.
5. The Controller reserves the right to refuse to delete the user’s data if its retention is necessary for the realization of claims or required by applicable law.
6. If a Client believes that LABTAR’s processing of personal data violates GDPR, the Client has the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office.
§ 5. Security and Protection of Personal Data
1. The Controller declares that it processes the personal data of Service users in accordance with the GDPR and applies technical and organizational measures ensuring the protection of processed data adequate to the risks and the categories of data protected. In particular, it secures the data of Service users against unauthorized access.
2. The personal data collected by the Controller is accessible only to authorized employees or collaborators of the Controller and authorized persons responsible for operating the Service.
3. The personal data of users may be disclosed to entities authorized to receive them by law, in particular, judicial authorities.
§ 6. Final Provisions
1. The Controller reserves the right to amend this Privacy Policy only for important technical, legal, or organizational reasons. Changes to the Privacy Policy become effective and enter into force at the date indicated by the Controller, but no earlier than 14 calendar days from the moment the information about the change is posted on the Service’s website.
2. Any questions regarding the processing and protection of personal data of the Service users should be directed to the following address: LABTAR Sp. z o.o., ul. Świętego Jacka 12, Tarnów Opolski, or via email: odo@labtar.pl.
This post is also available in: Polish