Operational Programme Eastern Poland for the years 2014-2020, Action 1.2: Internationalization of SMEs. Learn more.

Privacy policy of Wojdak sp. z o.o. store. 

https://sklep.wojdak.pl

Table of contents

  1. Introductory information
  2. Glossary
  3. Information about the Controller
  4. Co-control
  5. Legal basis for the processing
  6. The rights of the data subjects
  7. Website security
  8. Cookies and profiling
  9. Final provisions

Introductory information

With a view to ensuring the highest standards of security in the processing of personal data, Wojdak sp. z o.o. would like to inform you that this privacy policy complies with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and with the standards contained in national legislation.
The information provided in this Policy will allow you to familiarize yourself in detail with the principles of personal data processing within the contact with Wojdak Sp. z o.o..

Glossary

Controller – Personal Data Controller , the entity that determines the purposes and means of the processing of personal data. The Controller of personal data is Wojdak Sp. z o.o.
Personal data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be directly or indirectly identified.
EEA – the European Economic Area, free trade area and common market, comprising the countries of the European Union and the European Free Trade Association (EFTA), except Switzerland. It is an area where the free flow of personal data takes place.
Data Recipient – a natural or legal person, an organizational unit without legal personality (without corporate status), a public authority, an entity or any other body to which personal data is disclosed, whether a third party or not.
Third countries – countries that are not part of the EEA.
Cookies – small pieces of information sent by the website you visit and stored on the end device (computer, laptop, smartphone) you use when browsing the web.
President of the Office – the President of the Office for the Protection of Personal Data, a supervisory authority within the meaning of the GDPR, which supervises compliance with the laws on the protection of personal data in Poland.
Profiling – any form of automated processing of personal data that involves the use of personal data to evaluate personal factors of an individual, in particular to analyze or predict aspects relating to the performance of that individual, his or her economic situation, health, personal preferences, interests, reliability, behavior, location or movement of the data subject – provided that such action produces legal effects in relation to that individual or similarly significantly affects him or her.
SSL protocol – a network protocol used for secure Internet connections, adopted as a standard for encryption on websites. An SSL certificate ensures the confidentiality of data transmission over the Internet.
Processing — operation or set of operations which is performed upon personal data or sets of personal data, automatically or not, such as collection, recording, organization, structure, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transfer, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
Policy — Wojdak Sp. z o.o. Privacy Policy.
GDPR — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
ESA — Polish Electronic Services Act [in Polish: ustawa o świadczeniu usług drogą elektroniczną] of 18 July 2002 (Journal of Laws No. 144, item 1204, as amended).
TL — Telecommunications Law Act of July 16, 2004 (Journal of Laws No. 171, item 1800, as amended).
User — shall mean a person, using the website and social profiles of the Controller.

Information about the Controller

The Controller of your personal data is Wojdak Sp. z o.o. with its registered office at ul. Hauke Bosaka 11, 25-217 Kielce (hereinafter the “Controller”).

The Controller can be contacted via e-mail: wojdak@wojdak.pl

Legal basis for the processing

Processing purposeLegal basisData RecipientsProcessing duration
Responding to messages sent via the contact form, e-mail, and telephone contact Article 6(1)(f), i.e., the Controller’s legitimate interest consisting of handling correspondence and telephone callsIT service providers; Internet service providers; Web hosting providers;
Microsoft Ltd.
For the period of time necessary to address the issue raised in the message.
Presentation of an offer (in the case of individuals submitting an inquiry on their own behalf, i.e., B2C)Article 6(1)(b) of the GDPR, i.e. the processing is necessary in order to take steps

prior to entering into a contract
IT service providers; Internet providers; Web hosting providers;Until an objection is filed.
Presentation of an offer ( in the case of individuals submitting an inquiry on behalf of an entity for which they provide services, i.e. B2B)Article 6(1)(f) of the GDPR, i.e. the Controller’s legitimate interest consisting of offering and establishing business cooperation.IT service providers; Internet providers; Web hosting providers;Until an objection is filed.
Marketing – main websiteArt. 6(1)(f) i.e. the Administrator’s legitimate interest in acquiring and maintaining customersIT service providers; Internet providers; Web hosting providers;Until an objection is filed.
Marketing – receiving mailings, including newsletter-type informationArticle 6(1)(f) of the GDPR, i.e. the legitimate interest consisting of carrying out own marketing activities in connection with the receipt of consent in accordance with the TA and the ESA.IT service providers; Internet providers; Web hosting providers;Until an objection is filed or the consent given under the TA and the ESA is withdrawn.
Complaints (exercise or defence of legal claims)Article 6(1)(f) GDPR
Legitimate interest to establish, assert or defend against claims.
IT service providers; Hosting providers;
Payment service providers.
Until the statute of limitations for claims under civil law.
Efforts to conclude and perform a contract (contractors)Article 6(1)(b) GDPR
To take necessary actions to conclude a contract with customers.
IT service providers; Internet providers; Hosting providers – Law firms and legal advisors;For the duration of the contract, its termination, and until the expiration of the deadline for filing potential claims
Contract performance (contractor’s employees).Art. 6(1)(f) GDPR
the Administrator’s legitimate interest in coordinating activities with the contractor.
IT service providers; Internet providers; Hosting providers – Law firms and legal advisors;For the duration of the contract, its termination, and until the expiration of the deadline for filing potential claims
Recruitment process (employees)Article 6(1)(a) and (c) GDPR, i.e. to the extent indicated in the labor laws, the Controller shall be obligated to process a specific catalog of data of job candidates;
with regard to data beyond the catalog indicated in the labor law, the legal basis for processing personal data is the candidate’s consent (Article 6(1)(a) GDPR)
IT service providers; Internet providers; Web hosting providers;3 months from the end of the recruitment process or until the withdrawal of consent in connection with expressing a willingness to participate in future recruitments
Recruitment process (contractors and collaborators)Article 6(1)(b) GDPR, i.e. the legal basis is the the intention to conclude a contract with individuals running their own business activities.IT service providers; Internet service providers; Hosting providers3 months from the date of completion of the recruitment process.
Acceptance and processing of a request under the GDPRArticle 6(1)(c), i.e. the obligation under the GDPR to provide the data subject with information about the actions taken in connection with the requestInternet providers; Hosting providers – Law firms and legal advisors;Until the statute of limitations of claims.
Statistical analysis and profilingArticle 6(1)(f) i.e. the Controller’s legitimate interest consisting of collecting and utilizing statistics to improve the scope and quality of services offered and to direct personalized marketing content using Google Analytics tool based on obtaining consent in accordance with the TAIT service providers; Internet providers; Web hosting providers;
Google Ltd.
Until an objection is filed.

The rights of the data subjects

Each person whose data is processed has a number of rights under the GDPR.

Right to request access to your personal data.
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and a range of information.

We will provide the first copy of the personal data subject to processing to you upon request free of charge. For any subsequent copies requested by the data subject, we may charge a reasonable fee based on administrative costs. If you request an electronic copy and unless you indicate otherwise, we will provide the information in a commonly used electronic form.

Right to rectify
You have the right to obtain from us without undue delay the rectification of inaccurate

personal data. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure

You  have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where

one of the following grounds applies:

  • your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdraw the consent on which the processing is based and there is no other legal ground for the processing;
  • you object to the processing and there are no overriding legitimate grounds for the processing;
  • your personal data have been unlawfully processed;
  • your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • your personal data have been collected in relation to the offer of information society services.
  • In accordance with the GDPR, your data, despite the request made and the fulfillment of the above prerequisites, may not be erased if processing is necessary:
  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as the right to erasure is likely to render impossible or

    seriously impair the achievement of the objectives of that processing;
  • for the establishment, exercise or defense of legal claims;

Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the

following applies:

  • you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  • you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing based on the controller’s legitimate interest, or to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates

compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Right of data portability

  • You have the right to receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit

    those data to another controller without hindrance from the controller to which the personal data have been provided, where:
  • processing is based on consent or on a contract; and
  • processing is carried out by automated means.
  • In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  • According to the GDPR, the exercise of your rights  shall not adversely affect the rights and freedoms of others.

Right to withdraw consent
If your data is processed based on consent, you have the right to withdraw such consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

  • If you withdraw your consent, we have the right to continue to process your data to the extent that it is necessary:
  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as the right to erasure is likely to render impossible or

    seriously impair the achievement of the objectives of that processing;
  • for the establishment, exercise or defense of legal claims;

Right to lodge a complaint
You have the right to lodge a complaint with the President of the Office for the Protection of Personal Data. As the President of the Office for the Protection of Personal Data points out, since the President of the Office is the authority that controls the correct application of the data protection regulations by the controller, the complainant should first turn to the controller to exercise his or her rights.

Direct link to the website of the Office for the Protection of Personal Data to file a complaint;

File a complaint.

Information about processing of data outside the EEA

In certain cases, your personal data may be processed outside the EEA. In the case of Wojdak Sp. z o.o. such data may be transferred to the US. In connection with the use of our website supported by Google Analytics and Microsoft 365 suite services for electronic communications, data may also be transferred to the provider’s servers in the US.
In all cases of data transfer, it is legally based on the Standard Contractual Clauses document. Each provider provides an appropriate level of security for such a transfer. More information on this below:
Google Ltd. – https://support.google.com/adspolicy/answer/10042247?hl=pl
Microsoft Ltd. – https://www.microsoft.com/pl-pl/trust-center/privacy/gdpr-faqs

Website security

Please be advised that Wojdak Sp. z o.o. employs adequate technical and organizational measures to ensure the highest level of protection for individuals using the company’s website and providing their personal data through the contact form.
In order to guarantee the highest level of security while using the websites, they are secured with SSL encryption.
The website may contain relevant links to other websites, especially for making payments for our services (websites) or other media (radio, television, press, space advertising, etc.). Accordingly, the Controller, outside of the websites managed by the Controller, shall not be responsible for the privacy policies that will apply on such websites or in such media. The Controller shall not assume responsibility for the availability of any services or goods provided through the websites or other media to which links may be found on the website.
The Controller shall also not be liable for any damages arising, or that may arise, in connection with the use of such websites or media.

Cookies and profiling

Data from cookies are processed on our website.
In connection with the use of Google Analytics tool (including Google Signals and User ID system) in our systems, we use cookies for the following purposes:

  • to maintain and correct operation of the site’s services;
  • to analyze a user’s web traffic while using the Controller’s website;
    – to personalize marketing content made available on the Controller’s website;
  • to keep statistics on users visiting the site
    Data collected through cookies by Google Analytics (user ID and IP address) are transferred to and stored by Google on servers in the United States. If the Websites anonymize IP addresses, your IP address will be truncated by Google in the territory of a member state of the European Union or another country of the European Economic Area before the address is sent to the United States. Only in exceptional situations will your full IP address be sent to Google’s servers in the United States and truncated on site. Google will use this information to evaluate your use of the Sites, to create reports on site traffic for site operators, and to provide other services related to site traffic and Internet use. Google will not link your IP address with any other data in its possession.
    Like many other services, the Google Analytics tool and Facebook use their own cookies to analyze Users’ activities. These files are used to store information, such as the start time of your current visit and whether you have been to the site address before, what site you came to our site from, what screen resolution your device is, what information you were interested in on our site, etc. By using the site, you consent to the processing of your data by Google in the manner and for the purposes specified above.
    Information on profiling
    The Controller uses your personal data in such a way that it profiles them, i.e. processes your personal data in an automated manner, to assess certain personal factors. The purpose of profiling is to provide you with the most tailored marketing content possible, so that you receive information that may actually interest you and fit your profile and needs. Profiling is therefore intended to better tailor content, especially marketing content, so that you receive marketing and commercial information that interests you.
    Please be advised that the implementation of the restrictions on the use of technology specified above may adversely affect the operation of the site. For detailed information on the Google Analytics solution used, please click on the link below:
    https://support.google.com/analytics/answer/6004245

If you wish to restrict the use of marketing content personalization, you can follow the steps indicated in the link below in addition to reconfiguring cookies on our website.

The legal basis for data transfer outside the EEA is the standard contractual clauses.

You can configure your browser to receive information about the use of cookies and have the option to accept or reject them in specific cases or altogether. If you do not accept the use of certain cookies, the functionality of our website may not be displayed correctly.

Below, we provide instructions for configuring each browser.

Final provisions

Using the Controller’s website and providing personal data in forms is completely voluntary. In some cases, providing data may be necessary for a specific purpose.


Wojdak sp. z o.o. reserves the right to amend the Policy at any time due to the scope of services offered and to adapt the amended law. In each case, whenever possible, we will try to inform you about the Policy update before its implementation.

Last privacy policy update: 15/06/2023.