Having regard to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as the “Regulation” or “GDPR” – pursuant to Article 13(1) and (2), we hereby provide the following information:
1. The Controller of personal data is EL PADRE Sp. z o.o. with its registered office in Warsaw, ul. Mesyńska 6, 02-761 Warsaw, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000300644, Tax Identification Number (NIP): 5213473972.
2. For the purpose of contacting the Controller, obtaining information regarding the processing of personal data, exercising rights, or lodging a complaint, you may contact the Controller:
– by email at: iodo@baraniewski.pl,
– by correspondence sent to: El Padre Sp. z o.o., ul. Mesyńska 6, 02-761 Warsaw.
The Data Protection Officer may also be contacted at: iodo@baraniewski.pl.
3. The provision of personal data is voluntary; however, failure to provide such data will prevent us from achieving the purposes of personal data processing.
4. The Controller processes personal data for the following purposes:
a) on the basis of consent granted, for the purposes and within the scope resulting therefrom – if consent has been granted (legal basis: Article 6(1)(a) GDPR),
b) for the purposes of correspondence, responding to inquiries addressed to the Controller, and providing advice via the contact form available on the website (legal basis: Article 6(1)(f) GDPR),
c) for the purposes of considering complaints or grievances (legal basis: Article 6(1)(f) GDPR),
d) for the purposes of establishing, pursuing or defending against claims (legal basis: Article 6(1)(f) GDPR),
e) for the purpose of creating customer databases by the Controller (legal basis: Article 6(1)(f) GDPR).
5. Decisions concerning personal data are not made by automated means and are not subject to profiling. Personal data will not be transferred outside the European Economic Area.
6. Where personal data is processed pursuant to Article 6(1)(a) GDPR, the Controller shall retain the data for the period of validity of the consent or as long as is necessary for the fulfilment of the purposes of the consent (whichever occurs first). Where personal data is processed pursuant to Article 6(1)(f) GDPR, the Controller shall process the data for as long as the Controller’s legitimate interest exists, but no longer than the limitation period for potential claims arising under the provisions of the Civil Code and other applicable laws on limitation of claims.
7. The Controller does not transfer personal data outside the European Economic Area.
8. The Controller stores the personal data of data subjects as follows:
a) where processing is based on consent pursuant to Article 6(1)(a) GDPR – until the expiry or withdrawal of consent (whichever occurs first),
b) for the purpose of responding to inquiries submitted via the website contact form and conducting further correspondence – for the period necessary to carry out and conclude such correspondence, and subsequently for the limitation period arising from the provisions of the Civil Code,
c) for the purposes of establishing, pursuing and defending against claims, as well as for evidentiary purposes – until the expiry of the limitation period specified in the Civil Code,
d) for the purpose of creating customer databases by the Controller – for the duration of the Controller’s legitimate interest.
9. The Controller may make personal data available to the following categories of recipients: authorized employees of the Controller; data processors (e.g. IT service providers); subcontractors of the Controller.
10. The data subject has the following rights:
a) to request access to their personal data (Article 15 GDPR),
b) to request rectification of data (Article 16 GDPR), or erasure or restriction of processing in the cases specified in Articles 17 and 18 GDPR,
c) to object to processing pursuant to Article 21 GDPR,
d) to data portability in the cases specified in Article 20 GDPR,
e) to withdraw consent at any time, where processing is based on consent. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.
The Controller informs that the above rights may be subject to limitations and may not apply in relation to all processing activities of personal data. Detailed provisions in this respect can be found in the text of the Regulation.
11. If you consider that the processing of personal data by the Controller infringes the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority competent for data protection.