Privacy Policy

of the Powitania.pl website

Contents:

  1. General provisions
  2. Legal basis for processing
  3. Purpose, basis, retention period and scope of data processing
  4. Recipients of data
  5. Profiling on the website
  6. Rights of the data subject
  7. Cookies, traffic data, analytics and advertising
  8. Final provisions

1. General provisions

This privacy policy of the Website is informational in nature, which means it does not give rise to obligations for Service Recipients or Clients. The privacy policy primarily sets out the rules for the processing of personal data by the Controller on the Website, including the legal basis, purposes and scope of processing, the rights of data subjects, as well as information about the use of cookies and analytics tools.

The Controller of personal data collected via the Website is Paweł Kowalski, conducting business under the name OPTIMUM Paweł Kowalski, registered in the Central Register and Information on Economic Activity (CEIDG) of the Republic of Poland, with the following details:

  • Address: ul. Pozytywistów 4/4, 20-639 Lublin, Poland
  • Tax ID (NIP): 7120311746
  • REGON: 430325730
  • E-mail: [email protected]
  • Phone: +48 603 570 550

Personal data on the Website is processed by the Controller in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Polish Personal Data Protection Act of 10 May 2018.

Use of the Website, including entering into contracts, is voluntary. Likewise, providing personal data is voluntary, with two exceptions:

  1. Entering into contracts with the Controller — failure to provide personal data necessary to conclude and perform a contract makes it impossible to enter into such a contract.
  2. Statutory obligations of the Controller — providing personal data is a statutory requirement under generally applicable laws.

The Controller takes particular care to protect the interests of data subjects. Collected data is: processed lawfully, collected for specified purposes, factually correct and adequate, stored no longer than necessary, and processed in a manner that ensures appropriate security.

2. Legal basis for processing

The Controller is entitled to process personal data when at least one of the following conditions is met:

  1. The data subject has consented to the processing of their personal data (Art. 6(1)(a) GDPR)
  2. Processing is necessary for the performance of a contract (Art. 6(1)(b) GDPR)
  3. Processing is necessary for compliance with a legal obligation to which the Controller is subject (Art. 6(1)(c) GDPR)
  4. Processing is necessary for the purposes of the legitimate interests pursued by the Controller (Art. 6(1)(f) GDPR)

3. Purpose, basis, retention period and scope of processing

In each case the purpose, legal basis, retention period and scope of personal data processed by the Controller follow from the actions taken by a given Service Recipient or Client on the Website.

Performance of a contract

Legal basis: Art. 6(1)(b) GDPR. Scope: first and last name, e-mail, phone, delivery address, Tax ID (for businesses). Retention: until the contract is performed, terminated or expires.

Direct marketing

Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller). Scope: e-mail. Retention: until objection is raised, no longer than the limitation period for claims.

Marketing (consent)

Legal basis: Art. 6(1)(a) GDPR. Scope: first name, e-mail. Retention: until consent is withdrawn.

Tax records

Legal basis: Art. 6(1)(c) GDPR in conjunction with Art. 86 §1 of the Polish Tax Ordinance. Scope: name, address, Tax ID. Retention: as required by law.

Establishment, exercise or defence of legal claims

Legal basis: Art. 6(1)(f) GDPR. Scope: name, phone, e-mail, address, Tax ID. Retention: until claims become time-barred (typically 2–3 years).

4. Recipients of data

Personal data may be shared with the following recipients:

  • Technical and IT service providers — technical solutions, hosting, software, e-mail services
  • Accounting, legal and advisory service providers — accounting offices, law firms

The Controller transfers data only when necessary for the given processing purpose and only to the extent required to achieve it.

5. Profiling on the website

The Controller may use profiling for direct marketing purposes, but decisions made on this basis do not concern entering into or refusing to enter into a contract. Effects of profiling may include, for example, granting a discount, sending an offer that matches the user's interests, or proposing better terms.

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling.

6. Rights of the data subject

  • Right of access, rectification, restriction, erasure or data portability — pursuant to Art. 15–21 GDPR
  • Right to withdraw consent — at any time, without affecting the lawfulness of processing prior to withdrawal
  • Right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office of the Republic of Poland (UODO)
  • Right to object — against processing based on the legitimate interests of the Controller
  • Right to object to direct marketing — at any time

To exercise these rights please contact us at: [email protected]

7. Cookies, traffic data, analytics and advertising

Cookies are small text files sent by the server and stored on the visitor's device. The Website uses several categories of cookies:

Essential cookies (always active)

Ensure the proper operation of the website: storing the user's cookie consent choice, handling contact forms, maintaining user sessions. Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller).

Analytics cookies (consent required)

The Controller uses Google Analytics 4 (provider: Google Ireland Limited) to analyse website traffic. The service is deployed via Google Tag Manager and is activated only after the user has given consent. Collected data is used to generate anonymised visit statistics.

Advertising cookies (consent required)

The Controller uses Google Ads (remarketing, conversion tracking) to display personalised advertising to users who have visited the Website. The service is deployed via Google Tag Manager and is activated only after the user has given consent.

Google Tag Manager

The Website uses Google Tag Manager (GTM) to manage analytics and advertising tags. GTM itself does not collect personal data — it is only a container that fires individual services in line with the user's consent (Google Consent Mode v2).

Consent management

On the first visit, a banner is displayed allowing the user to: accept all cookies, reject optional ones (only essential remain) or customise settings individually. The choice is remembered for 12 months. The user may change their decision at any time by clicking the „Cookie settings" link in the page footer.

Regardless of cookie settings, the user can block sharing data with Google Analytics using the browser opt-out add-on.

Browser settings related to cookies are important from the perspective of consent to their use. Every user can specify the conditions for the use of cookies via their browser settings.

8. Final provisions

The Website may contain links to other websites. This privacy policy applies only to the Controller's Website.

OPTIMUM Paweł Kowalski, ul. Pozytywistów 4/4, 20-639 Lublin, Poland | tel.: +48 605 491 069 | [email protected]