PRIVACY POLICY
I. Personal data administrator
1. The controller of personal data within the meaning of Article 4(7) of the Regulation
2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of
individuals with regard to the processing of personal data and on the processing of personal data
movement of such data and repealing Directive 95/46/EC (GDPR) is a key element of the
Wincenty Furmaniak, conducting business activity under the name of Vincentpersonalny Wincenty Furmaniak, 53a m2 Graniczna Street, 93-428 Łódź, NIP: 7290113726, REGON: 100059415, conducting Self Storage (self-service warehouses), under the name VIP-BOX in the underground car park of the Port Łódź Shopping Centre, 245 Pabianicka Street, 93-457 Łódź, entered into the register of entrepreneurs of the Central Registration and Information on Business kept by the Minister of Development.
2. Contact details of the data controller:
a) phone: +48 516 042 940
b) e-mail address: kontakt@vip-box.pl
3. Pursuant to Article 32(1) of the GDPR, the Controller complies with the principle of data protection
personal data and applies appropriate technical and organisational measures to ensure that the
prevent accidental or unlawful destruction, loss,
modification, unauthorised disclosure or access to data
personal data processed in connection with the conducted activity.
4. Providing personal data is voluntary, but necessary in order to establish a
cooperation and/or conclusion of a contract with the data controller.
5. The Data Controller processes personal data only to the extent necessary for the
provision of services or to take action at the request of the data subject
Concern.
II. Purpose and grounds for the processing of personal data
The Administrator processes personal data for the following purposes:
a) preparation of a commercial offer in response to the customer's interest, which is
legitimate interest of the data controller (Article 6(1)(f) of the GDPR);
b) provision of services by electronic means via the Website,
on the basis of a concluded contract (Article 6(1)(b) of the GDPR);
c) handling the complaint process, on the basis of the obligation incumbent on the
the data controller in connection with the applicable provisions of law (Article 6(1) of the
1 lit. c of the GDPR);
d) accounting related to the issuance and receipt of documents
on the basis of tax law (Article 6(1)(c) of the Tax Code).
GDPR);
(e) archiving of data for the possible establishment, investigation or defence of
claims or the need to demonstrate facts, which is a legally justified
the interest of the data controller (Article 6(1)(f) of the GDPR);
f) contact by phone or e-mail, in particular
in response to inquiries addressed to the data controller, which is legally
legitimate interest of the data controller (Article 6(1)(f) of the GDPR);
g) sending technical information on the functioning of the Website,
services used by the customer, which is a legitimate right to ensure that the
the interest of the data controller (Article 6(1)(f) of the GDPR);
h) marketing of the data controller's own products, which is legally his
legitimate interest (Article 6(1)(f) of the GDPR) or is carried out on the basis of a
consent (Article 6(1)(a) of the GDPR).
III. Data recipients. Data transfers to third countries
1. The recipients of personal data processed by the data controller may be
entities cooperating with the data controller, when it is necessary for the implementation of the
contract with the data subject.
2. The recipients of personal data processed by the data controller may be
subcontractors – entities whose services are used by the data controller for the
data processing, e.g. entities providing development (training) services,
accounting offices, law firms, entities providing IT services (in particular
including hosting services)
3. The Data Controller may be required to provide personal data on the basis of the
applicable law, in particular to provide personal data on the basis of applicable law,
authorized state bodies or institutions.
4. Personal data will not be transferred to an entity established outside the
European Economic Area.
1. The Administrator, through the Website and other forms of communication, collects and collects
processes the personal data of Users specified below, provided to the
during the registration processes on the Website:
name, address, email address, telephone number
2. Personal data will be stored for the duration of the contract and for a period consistent with the
applicable regulations, taking into account the limitation of claims and
liabilities. Personal data for the processing of which you have given us
consent will be stored until you withdraw your consent.
3. The User has the right to inspect and change their personal data at any time, and
also to request the Administrator to immediately remove them ("the right to
oblivion").
4. Requests regarding the processing of personal data can be submitted by e-mail
to the address of the data administrator
5. Your personal data may be transferred to the payment operator and the company providing IT services (In the case of providing an additional service, the customer must be able to consent to the processing of personal data, e.g. in the form of ticking the following option:
"I consent to the processing of personal data" or "I accept the Terms and Conditions and
Privacy Policy"
6. The Administrator undertakes to make every effort to maintain proper
protection of the Client's personal data.
7. You have the right to lodge a complaint with the supervisory authority dealing with
personal data protection – the President of the Office for Personal Data Protection.
V. Period of storage of personal data
1. The data administrator stores personal data for the duration of the contract
concluded with the data subject and after its termination for the purposes of the
related to the pursuit of claims related to the contract, the performance of obligations
applicable law, but for a period not longer than the deadline for
in accordance with the provisions of the Civil Code.
2. The Data Controller stores personal data contained in documents
(e.g. invoices) for the period of time specified in the provisions of the Tax Act
on goods and services and the Accounting Act.
3. The Data Controller stores personal data processed for the purposes of
marketing activities for a period of 10 years, but not later than until the consent to the
data processing or to object to the processing of data.
4. The data administrator stores personal data for purposes other than those indicated in para.
1-3 for a period of 3 years, unless the consent to data processing has been withdrawn earlier,
and the processing of the data may not be continued on any basis other than consent
data subject.
VI. Rights of the data subject
1. Each data subject has the right to:
a) access – obtain confirmation from the administrator whether its data is being processed
personal data. If data about a person is processed, he or she is entitled to
access to them and to obtain the following information: about the purposes of the
categories of personal data, information on recipients or information on the
categories of recipients to whom the data have been or will be disclosed, of the period of
storage of data or the criteria for determining them, the right to request a
rectify, delete or restrict the processing of personal data
data subject and to object to the protection of the data subject's rights in the
such processing (Article 15 of the GDPR);
(b) to receive a copy of the data, to obtain a copy of the data subject to
processing, with the first copy being free of charge and subsequent copies being
administrator may impose a reasonable fee based on the costs of the
administrative matters (Article 15(3) of the GDPR);
c) to rectify – to request the rectification of personal data concerning him/her,
that are incorrect or complete incomplete data (Art. 16 GDPR);
d) to delete data – to request the deletion of their personal data, if
The controller no longer has a legal basis to process them or the data are no longer
necessary for the purposes of the processing (Art. 17 GDPR);
e) to restriction of processing – request restriction of data processing
(Article 18 of the GDPR) when:
- the accuracy of the personal data is contested by the data subject – for a period of
allowing the controller to verify the accuracy of this data,
- the processing is unlawful and the data subject objects to the
their removal, requesting the restriction of their use,
- the controller no longer needs the data, but they are needed by the person whose
data concern, to establish, pursue or defend claims,
- the data subject has objected to the processing – until the time of the
whether the legitimate grounds on the part of the controller are
overriding the grounds for the data subject's objection;
(f) to data portability, in a structured, commonly used manner and
machine-readable format used for personal data
information relating to it which it has provided to the controller and to request the
data to another controller, if the data is processed on the basis of the consent of the
data subject or a contract concluded with him or her and where the data are
processed by automated means (Article 20 of the GDPR);
g) to object – to object to the processing of their personal data
legitimate purposes of the controller, for reasons related to its
including profiling. In such a case, the administrator shall make a
assess the existence of compelling legitimate grounds for the processing;
override the interests, rights and freedoms of data subjects, or
grounds for establishing, pursuing or defending claims. If, according to the assessment of the
the interests of the data subject will take precedence over the interests of the controller,
The Controller will be obliged to stop processing data for these purposes
(Article 21 of the GDPR).
2. In order to exercise the above-mentioned rights, the data subject should
contact the controller and the Controller using the contact details provided, and
inform the customer which right and to what extent he wants to exercise.
3. The data subject shall have the right to lodge a complaint with the supervisory authority, which is the
President of the Office for Personal Data Protection
VII. Automated decision-making. Profiling
Personal data will not be processed automatically or through profiling