Privacy Policy

The information contained in the Policy is general in character. Detailed information regarding the processing of specific personal data will be made available each time it is collected, in the content of an information clause placed in a visible and easily accessible location. This includes, in particular, information on the purpose and legal basis of the processing of personal data, the duration of their storage and the recipients to whom they are communicated.

In the event of doubt or contradiction between the Policy and the consent given by the data subject, the consent given voluntarily or the law shall always be the basis for taking action and determining the scope of the administrator's action, irrespective of the provisions of the Policy.

The administrator of the personal data is CAD Projekt K&A Sp. j. with its registered office in Poznań (61-612) at 46 Rubież Street.

Contact details: CAD Projekt K&A Sp. j., 46 Rubież Street, 61-612 Poznań, e-mail: biuro@cadprojekt.com.pl.

If additional consent is given, our partners may also be the administrators of data obtained from online activities using technologies such as cookies.

Personal data will be processed in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, which concerns the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Directive 95/46/EC has been repealed (Official Journal of the EU.L No. 119, p. 1). Other currently applicable data protection laws will also be followed throughout the entire data processing period. „RODO”An identifiable natural person is someone who can be directly or indirectly identified, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the person.

The administrator must take special care to protect the interests of the data subjects. Specifically, they must ensure that the data collected are:
  1. Process the data lawfully, fairly, and transparently for the data subject.
  2. Data is collected for specific, explicit, and legitimate purposes and is not processed further in a way that is incompatible with those purposes.
  3. The data processed should be adequate, relevant, and limited to the purposes for which it is intended.
  4. The data is accurate and will be updated as needed.
  5. Data subjects' information must not be kept for longer than necessary for the purposes for which it is processed, and must be stored in a way that allows for their identification only for the duration of the processing.
  6. Personal data must be processed securely, using appropriate technical and organizational measures to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.

The purpose and scope of the data processed by the administrator should be clear and based on the circumstances of their acquisition. The administrator must provide all necessary information on the purposes of personal data processing at the time of data acquisition.

The administrator may process personal data for the following purposes:

  1. The conclusion and performance of a contract, or taking action at the request of the data subject prior to the conclusion of a contract.
  2. Handling complaints.
  3. To offer services provided by the administrator and its partners.
  4. Sending a newsletter.
  5. The assertion and defence of claims, including those of third parties.
  6. In order to comply with legal obligations arising from legislation, such as tax and accounting requirements, particularly in relation to contracts.
  7. Handling correspondence, including responding to messages.

The administrator may process the personal data provided in the form, including name, surname, email address, and telephone number.

Providing personal data is voluntary, but it may be necessary to access certain offers or website functionality.

Communication channels indicate the necessary data for a specific action in advance. Failure to provide personal data may result in the action not being effective.

Personal data may be processed based on:

  1. Voluntarily given consents fall under Article 6(1)(a) of the RODO.
  2. Applicable law - Processing is necessary to fulfill a legal obligation that the administrator is subject to, such as tax or accounting legislation (Article 6(1)c) RODO).
  3. Personal data may be processed for purposes other than those mentioned above only if it is necessary for the establishment, assertion or defence of legal claims, or for correspondence, including via contact forms (such as replying to messages), market analyses and statistics, and other legitimate interests pursued by the administrator or a third party (Art. 6(1)(f) GDPR).

The administrator can perform profiling as defined by RODO for the purpose of creating and presenting marketing offers, as well as for statistical, website optimization, or development purposes.

You have the right to object to profiling. If an objection is received, the administrator will stop profiling unless there are strong legitimate reasons for continuing the processing that outweigh the interests, rights, and freedoms of the data subject or reasons for establishing, exercising, or defending legal claims.

The administrator determines the catalogue of recipients of personal data based on the services provided by the administrator and the nature of the relationship between the administrator and the data subject.

The list of individuals or entities who receive the data is determined by the customer's consent or legal requirements. This information is provided during the collection of personal data.

To a limited extent, the Administrator's partners may assist in the processing of personal data. This includes those who provide technical support for the smooth running of the Administrator's business, such as communication (e.g. support in sending emails), hosting or ICT services, carriers or intermediaries for shipments, software maintenance companies, and legal and consultancy service providers.

Everyone has the right to:

  1. To file a complaint with the President of the Personal Data Protection Office
  2. To transfer their personal data, which they have provided to the administrator and which is processed by automated means based on consent or a contract, to another administrator.
  3. Access to personal data, including receiving information on which personal data are being processed.
  4. Request rectification, restriction, or erasure of personal data if necessary.
  5. Can withdraw your consent from the administrator at any time. This withdrawal of consent will not affect any processing that was lawfully carried out by the administrator prior to the withdrawal.
  6. To object to the processing of personal data carried out for the legitimate interests of the administrator or a third party (if there are no other valid legitimate grounds for processing overriding the interests of the Client).

The duration of personal data storage depends on the purpose of processing. The administrator must specify the storage duration when fulfilling the information obligation.

If personal data processing requires the Customer's consent, the data may be processed until the consent is revoked. In any case:
  1. The administrator may store personal data if required by legal regulations, such as accounting or tax regulations.
  2. Your personal data will be kept for a longer period of time in the event of any claim, for the purpose of the administrator's assertion of a claim, or for the purpose of asserting or defending against third-party claims, for the period of limitation prescribed by law, in particular the Civil Code.
  3. Personal data collected for the purpose of concluding and performing the contract will be processed for the duration of the contract.
  4. The administrator will process the data until the customer objects to the processing based on legitimate interest.
The retention period for personal data depends on its scope and the purposes for which it is processed. The longest retention period will be applied in all cases.

The Policy provides contact channels for the administrator, who can be reached at any time.

The administrator stores correspondence for statistical purposes and to ensure prompt and efficient responses to queries and complaints. Any addresses and data collected will only be used for the purpose of fulfilling the request.

When contacting the administrator to perform a specific action, such as submitting a complaint via a form, the administrator may ask the person to provide personal data, such as their name, surname, and email address. This is to confirm their identity and enable the administrator to contact them back regarding the matter and perform the requested action. Providing this data is not mandatory, but it may be necessary to carry out the activity or obtain information of interest to the person concerned.

The administrator should consider the current technology, implementation costs, and the nature, scope, context, and purpose of the processing, as well as the risk of violating the rights and freedoms of individuals with varying probabilities and levels of severity of the threat. Appropriate technical and organisational measures shall be applied to ensure the protection of processed personal data, taking into account the risks and categories of protected data. The data must be protected against unauthorised access, taking by unauthorised persons, processing in violation of applicable provisions, and alteration, loss, damage or destruction. Sharing information externally about the technical and organisational measures in place to ensure the protection of the processing may compromise the proper protection of personal data.

The Policy may be changed by the Administrator in the future for important reasons, among others:

  1. Any modifications to relevant legislation, particularly in the areas of personal data protection, telecommunications law, electronic services, and consumer rights, may impact the rights and responsibilities of the administrator or the data subject.
  2. The Policy's scope may be affected by advances in internet technology, which may require new technical solutions and functionalities.
Whenever changes are made to the Policy, the Administrator will post the updated version on the website, including the new date.

This version of the policy is effective from 15.05.2023.

Informujemy, iż w celu optymalizacji treści dostępnych na stronie internetowej, dostosowania ich do Państwa indywidualnych potrzeb, korzystamy z informacji zapisanych za pomocą plików cookies na urządzeniach końcowych osób odwiedzających. Pliki cookies można kontrolować za pomocą ustawień przeglądarki internetowej. Dalsze korzystanie ze strony internetowej, bez zmiany ustawień przeglądarki internetowej oznacza, iż osoba odwiedzająca akceptuje stosowanie plików cookies. Czytaj więcej Privacy Policy.