Personal data processing policy

1. Basic provisions‍

1.1 What are these rules about?

This policy contains information about the scope and conditions of the processing of your personal data that we carry out in the course of or in connection with our business activities, in particular when providing our products and services, using our websites, user interface, communicating with you, etc.

1.2 Who is the controller of my personal data?

Your personal data is processed by us, PINYA s.r.o. with its registered office at ul. Tuřanka 1222/115, Slatina, 627 00 Brno, REGON: 293 12 922, entered in the commercial register kept by the District Court in Brno under number C73455. We are also the operator of the website www.pl.pinya.hr. Our contact details can be found on our website under 'About us', 'Contacts'.

1.3 Why do you process my personal data?

We process your personal data in order to:

  • to negotiate contracts with you, in particular to send you quotations for the product(s) according to your parameters, to create and process your orders and requests for the product(s), to provide you with quotations for the requested product(s);
  • to enter into contracts with you;
  • provide you with the products (services) you order from us;
  • issue you with invoices and other documents relating to the products (services) supplied;
  • identify your payment for the product(s), transport costs, and any other charges;
  • deal with any complaints you may have;
  • maintain and improve our websites;
  • run your user accounts if you use the registration option on the website;
  • deal with any questions or comments you may have about the products (services) we offer;
  • to deal with any complaints you may have;
  • enforce our rights under the purchase or other agreements we enter into with you if you fail to meet your obligations under those agreements, for example, if you do not pay for the product(s) you have purchased;
  • resolve any disputes, whether in or out of court, which may arise between you and us under any contract or otherwise;
  • to contact you for marketing purposes, in particular to send you our commercial communications (newsletters), in particular about our products (services), new products in our range, discounts, interesting events and other information about our company's activities (e.g. trade fairs, exhibitions);
  • to compile statistics about our business activities, the traffic to our websites, or the use of our other services;
  • to promote our company and its activities;
  • properly conduct our commercial administration and accounting and comply with our tax obligations;
  • to archive our records.

1.4 What personal data do you process?

In connection with the above purposes, we process:

(a) Your identification data, in particular your first name, surname, academic titles, PESEL number, date of birth, age, REGON, NIP, address of residence, registered office address (if you are a sole trader), position within the legal entity you may represent, gender;

(b) your contact details, in particular the delivery address or other contact address you provide us with, telephone number (landline, mobile), e-mail address, fax number;

(c) your payment details, in particular your bank account number, payment card number, variable symbol, possibly a specific symbol, a note from the sender or recipient, possibly other information you include in the payment;

(d) data concerning your orders, in particular about the product(s) (services) you have ordered;

e) network data that we obtain when you access and use our websites, in particular your IP address, the MAC address of the device you use to access our websites, information about your access to the websites, your activity on the websites, the duration of your visit to the websites, cookies, data about the location of the device you use to access the websites; we use in particular Google Analytics, Google Search Console, Customerscore to obtain this information.io (REGON: 195 80 045), Smartlook.com, s.r.o. (REGON: 195 08 830);

(f) Your user account access details.

1.5 Do you process all my personal data for all the purposes you have indicated?

No. We process personal data in accordance with the principle of data minimisation and purposeful restriction. This means that we only process your personal data for the purposes for which it is necessary and to the extent that it is necessary for the purpose in question.

1.6 What authorises you to process my personal data?

We process your personal data on the basis of the law, in particular the General Data Protection Regulation, the so-called RODO (full name Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as amended).

We always process your personal data under the RDP on the basis of one of the legal grounds set out in Article 6 of the RDP. These grounds are in particular:

(a) Your consent to the processing of your personal data;

(b) The necessity of processing your personal data for the performance of a contract you have entered into with us or for pre-contractual activities;

(c) The existence of our legitimate interest in processing your personal data;

(d) The necessity of processing your personal data for the performance of our legal obligations.

1.7 What are your legitimate interests in processing my personal data?

Our legitimate interests in processing your personal data are:

(a) The conduct and development of our business;

(b) Improving the products and services we offer;

c) Maintaining our websites, user interface, providing and improving their functionality;

(d) Promotion of our business activities, in particular the products (services) we offer, the events we organise, etc.;

(e) Pursuing our legal claims;

(f) Ensuring the security of our websites, their users and their user accounts;

g) Protecting our property, protecting the life, health and property of our employees, business partners, customers and all persons on our premises.

1.8 How long do you process my personal data?

This depends on the purpose for which and the reason why we process personal data. Due to the scope of the data processed and the variety of purposes, it is usually not possible to determine this period precisely. Therefore, the period of processing of your personal data is determined by the following criteria.

If we process your personal data on the basis of your consent, we will process it for the duration of that consent.

In other cases, we process your personal data for the period necessary to achieve the purpose for which we process it, including following the administration related to the termination of the processing and the deletion of the personal data.

If one of the reasons for processing your personal data for a particular purpose no longer exists, this does not automatically mean that we have to stop processing it. As long as there is another reason for processing (e.g. our legitimate interest in processing ceases to exist, but the processing of your personal data is still necessary for the performance of a contract between us or for the fulfilment of our legal obligations), we may continue to process your personal data until all legal grounds for processing it have been exhausted. If you withdraw your consent to the processing of your personal data, we will not continue to process your data for the purpose for which consent was originally given.

1.9 How do you obtain my personal data and to whom do you pass it on?

First of all, we process the personal data that you provide to us and we process it mainly for our own purposes. We also use, for example, cookies to obtain and further process certain personal data. Details on the use of cookies can be found here.

However, in some cases, we may receive your personal data from or transfer it to third parties. These parties may include, in particular:

  • our accountants and tax advisors,
  • our lawyers,
  • our business partners, e.g. Digital Solutions s.r.o. (REGON: 259 98 706) (DigiSign application for digital signature), ECOMAIL.CZ, s.r.o. (REGON: 027 62 943),
  • our IT administrators,
  • data storage providers,
  • our group companies,
  • people who provide us with marketing and PR services (customer evaluation, etc.),
  • those involved in the processing of the order, payment of the price, i.e. our payment service providers (payment gateways),
  • public authorities (in particular courts, public offices),
  • law enforcement authorities (in particular the police and the prosecutor's office).

We may also obtain your personal data from publicly accessible sources such as public registers (in particular the commercial register, the business register, the bankruptcy register or the land register).

1.10 Do I have to give you my personal data?

In some cases, the transfer of personal data is necessary for us to comply with our contractual or other obligations, to pursue our legitimate interests, etc. For example, in order for us to enter into a contract with you and provide you with products (services), we need to know in particular your identification and contact details. We inform you in advance of what data is necessary to provide, if possible (e.g. by annotating "optional" in the forms on the websites).

2. Rights relating to the processing of personal data

2.1 How can I obtain information about the processing of my personal data?

Upon your written request, we will provide you with information about the scope and conditions of the processing of your personal data. In addition to this request, you may request a copy of your personal data processed by us in the same way.

We will respond to requests in the same way you submit them (i.e. electronically or on paper), unless you ask us to respond in a different way in your request.

If you request more paper copies of your personal data, we will charge an administration fee of 6 PLN for each copy over one.

2.2 What can I do if I discover an error in my personal data that you process?

In this case, please send us a request to correct your personal data, specifying what the error is and what the correct record is. If the error relates to the data entered in your user account, you can correct this error yourself after logging into your account, if it is not a data that cannot be changed directly after logging into your user account (more on this in Article IV).

2.3 What can I do if my personal data that you process is incomplete?

In this case, please send us a request to supplement your personal data, specifying what data is to be supplemented and for what purpose. Please note that if the data you wish to supplement will not be necessary for the processing for the purpose you have specified, we are not obliged to make the supplement.

2.4 What can I do if I discover that you are processing my personal data more than is necessary?

As we have already mentioned above, we only process your personal data for the purposes for which it is necessary and to the extent that it is necessary for the purpose in question. However, if you discover that we are processing your personal data to a greater extent than is necessary, you can send us a written request to restrict the processing. In your request, please state the reasons why you believe that we are processing your personal data more than is necessary. We will consider your request carefully and, if we consider it reasonable, we will take steps to restrict the scope of processing.

2.5 What can I do if I do not want you to continue to store my personal data?

In this case, please send us a written request to delete your personal data. We will examine the request carefully and, if we consider it justified, we will delete your personal data. You can find the reasons why you can request the erasure of your personal data in Article 17 of the RDPO. However, in some cases we may refuse to comply with your request. This applies, for example, if the processing is necessary for the exercise of the right to freedom of expression and information (see also Article 17 of the RDPO for details).

2.6 Can I transfer my personal data that you process to another controller?

At your written request, we will provide you with your personal data in a machine-readable format or, if you ask us to do so, we will provide it directly to another controller you specify in your request. Please note, however, that this right only applies to personal data that we process on the basis of a contract between you and us and only if we process it in an automated form.

2.7 What can I do if I do not like the way you process my personal data?

If we process your personal data on the basis of our legitimate interest, you may object to such processing in writing. In response to your objection, we will assess whether our legitimate interest in the processing is still valid and does not outweigh the interest in protecting the rights and freedoms of individuals. If we consider your objection to be justified, we will stop the processing to which you have objected.

You may also lodge a complaint about the processing of your personal data with the supervisory authority for the protection of personal data, which in Poland is the Office for Personal Data Protection (UODO).

3. Consent to the processing of personal data‍

3.1 When do you need my consent to process my personal data?

We only require consent to process your personal data where we cannot process your personal data for a particular purpose on any other legal basis. We therefore only ask for your consent in exceptional circumstances, e.g. for marketing purposes or to process your personal data using cookies, except for those without which our websites could not function properly.

3.2 Do I have to give you permission?

Your consent is entirely voluntary and you may withdraw your consent at any time. Giving your consent is not a condition for the provision of other services.

3.3 How can I withdraw my consent?

If you wish to withdraw your consent to the processing of your personal data, please send an e-mail or letter to the above contact details. Consent given for the purpose of sending newsletters (commercial communications) can also be revoked by clicking on the unsubscribe link for commercial communications, which is included in each e-mail with a commercial communication. You can revoke your consent to the use of cookies at any time by using the cookie settings directly on our website(www.pinya.hr).

3.4 Can I be sent commercial communications without consent?

If you have provided us with your e-mail address in connection with the sale of our products or the provision of our services, we may, in accordance with the Act on Certain Information Society Services (Act No. 480/2004 Coll.), send commercial communications to that e-mail address, even if you have not given us your consent. In this case, we process your e-mail address on the basis of our legitimate interest, which is to promote our business activities, in particular the products (services) we offer, discount promotions, other events related to our company.

However, you may object to this processing (for more information on your right to object, see paragraph 2.7). You also have the option to unsubscribe from any commercial email by clicking on the relevant link. If we receive your objection to the sending of commercial communications or if you unsubscribe, we will no longer send commercial communications to the email address you have provided.

4. Registration, user account
4.1 How do I create a user account?

You can obtain a user account by registering on our website. To register, please complete and submit the registration form. The fields marked with an asterisk must be completed for registration to take place and for the user account to function.

4.2 How do I log in to my user account?

You will log in to your user account using the login and password you have chosen.

4.3 What security measures should I take to secure my user account?

Your personal data is stored in your user account. It is therefore important that you are aware of the risks associated with possible unauthorised access to your user account by third parties, in particular the risks associated with possible misuse of your user account and the personal data stored therein.

As the operator of the www.pl.pinya.hr website, we will provide the highest possible level of security to the best of our ability, and thereby secure your user accounts and the personal data stored on them. However, without you taking appropriate steps to secure your user accounts and personal data, all of our security efforts are pointless.

Above all, you should not disclose your user account login details, especially your password, to anyone.

When choosing a password, keep in mind that weak (simple) passwords can be easily cracked by third parties (hackers), either by using specialized password cracking tools or by simple guessing. It is therefore important that you choose a strong enough (complex) password that cannot be easily cracked. Your password must meet the requirements specified in the registration form. The system will not allow you to set a password that does not meet these requirements.

In addition, you should always log out immediately when you are finished with your user account. Otherwise, you are making it easy for a third party who gains access to the computer on which you were working with your user account to misuse your account and personal information.

We ask that you follow all necessary security measures to protect your user accounts and the personal information stored on them. The above examples may serve as a guide for you, but are not an exhaustive list of actions you should take.

Please note that you are responsible for any misuse of your user account or the data stored on it that occurs due to your error.

4.4 How can I delete my user account?

Upon your written request, we will delete your user account without undue delay upon receipt of your request. The request should be sent electronically (by e-mail) to sale@pinya.hr, or by post to PINYA s.r.o., Tuřanka 1222/115, Slatina, 627 00 Brno.

4.5 Can you delete my user account without my request?

Yes, we can delete your user account without your request, but only if:

(a) you do not log into your account for more than 24 months;

(b) you breach your obligations under your contract with us, including the General Terms and Conditions and this Privacy Policy, in particular your obligations to secure your account and protect the personal data stored on it.

5. Final Provisions
5.1 Are these rules subject to change? Where can I find the current version?

This Privacy Policy may be amended by us. You can always find the current version on our website.

5.2 Does the written form requirement include e-mail?

Yes, if these Personal Data Processing Rules require an action to be done in writing, it can also be done by email.

5.3 From when will this Personal Data Processing Policy apply?

The rules on the processing of personal data as set out herein shall apply from 1 June 2024.

PINYA s.r.o.