Contact

+48 32 222 33 20

Mon-Fri 8.00-16.00

zamowienia@geo-polska.pl

ul. Michała Drzymały 135a
41-407 Imielin
Poland

Contact
0
Your basket
0,00 zł
Your cart is empty

Privacy policy

This privacy policy is for informational purposes only, which means that it does not impose any obligations on you. The privacy policy primarily contains rules regarding the processing of personal data obtained from you by the Administrator, including the basis, purposes and scope of personal data processing, as well as the rights of data subjects.

1) GENERAL PROVISIONS


1. The Administrator of personal data collected in connection with transactions regulated by these GTC is GEO POLSKA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Imielin (registered office and address for service: ul. Drzymały 135A, 41-407 Imielin); entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000125060; the registry court where the company's documentation is stored: District Court Katowice-Wschód in Katowice, 8th Commercial Division of the National Court Register; share capital: PLN 321,000; Tax Identification Number (NIP): 6462552984; REGON (National Business Registry Number): 277831752, e-mail address: sklep@geo-polska.pl and contact telephone number: 606385833 - hereinafter referred to as the ‘Administrator’ and also being the Seller.

2. Contact details of the data protection officer appointed by the Administrator: e-mail address: iodo@geo-polska.pl, contact telephone number: 606 385 833.

3. Personal data is processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as ‘GDPR’ or ‘GDPR Regulation’. Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.

4. Concluding contracts on the basis of these GTC is voluntary. Similarly, the provision of personal data by you is voluntary, with two exceptions: (1) concluding contracts with the Administrator - failure to provide, in the cases and to the extent specified in these GTC and this privacy policy, the personal data necessary to conclude and perform a Sales Contract with the Administrator will result in the inability to conclude such a contract. In such a case, the provision of personal data is a contractual requirement and if the data subject wishes to conclude a given contract with the Controller, they are obliged to provide the required data. Each time, the scope of data required to conclude a contract is indicated in advance in the GTC or provided by the Controller, e.g. in correspondence via e-mail; (2) statutory obligations of the Controller - the provision of personal data is a statutory requirement resulting from generally applicable laws imposing on the Controller the obligation to process personal data (e.g. processing data for the purpose of keeping tax or accounting records) and failure to provide such data will prevent the Controller from performing these obligations.

5. The Administrator takes special care to protect the interests of the persons whose personal data it processes, and in particular is responsible for and ensures that the data it collects is: (1) processed in accordance with the law; (2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and (5) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

6. Taking into account the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Controller shall implement appropriate technical and organisational measures to ensure that processing is performed in accordance with this Regulation and to be able to demonstrate this. These measures shall be reviewed and updated where necessary. The Controller shall use technical measures to prevent unauthorised persons from obtaining and modifying personal data transmitted electronically.

2) BASIS FOR DATA PROCESSING

1. The Controller shall be authorised to process personal data in cases where, and to the extent that, at least one of the following conditions is met: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2. The processing of personal data by the Controller requires at least one of the grounds specified in section 2.1 of the privacy policy to be present in each case. The specific grounds for the processing of your personal data by the Controller are indicated in the following section of the privacy policy – in relation to the specific purpose of the processing of personal data by the Controller.

3) PURPOSE, BASIS AND PERIOD OF DATA PROCESSING

1. In each case, the purpose, basis and period of processing of personal data by the Controller, as well as the recipients of such data, result from the actions taken by you. For example, if you decide to make a purchase and choose to collect the purchased product in person instead of having it delivered by courier, your personal data will be processed for the purpose of performing the sales contract, but will not be made available to the carrier delivering the goods on behalf of the Controller.

2. The Controller may process personal data for the following purposes, on the grounds and for the periods indicated in the table below:

Purpose of data processing Legal basis for data processing Data retention period

Performance of a sales contract or taking action at the request of the data subject prior to entering into the above-mentioned contract Article 6(1)(b) of the GDPR (performance of a contract) - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract The data is stored for the period necessary for the performance, termination or other expiry of the Sales Agreement.

Direct marketing Article 6(1)(f) of the GDPR (legitimate interests of the controller) - processing is necessary for the purposes of the legitimate interests pursued by the controller - consisting in caring for the interests and good image of the Controller and striving to sell Products

The data is stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for the Controller's claims against the data subject in relation to the Controller's business activities. The limitation period is specified by law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for sales contracts two years).

The Controller may not process data for direct marketing purposes if the data subject has effectively objected to this.

Keeping accounting records Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act of 30 January 2018 (Journal of Laws of 2018, item 395) - processing is necessary for compliance with a legal obligation to which the Controller is subject; The data is stored for the period required by law, which requires the Controller to keep accounting records (5 years from the beginning of the year following the financial year to which the data relates).

Establishing, pursuing or defending claims that may be raised by the Controller or that may be raised against the Controller

Article 6(1)(f) of the GDPR (legitimate interest of the Controller) - processing is necessary for the purposes of the legitimate interests pursued by the Controller - consisting in the establishment, investigation or defence of claims that may be raised by the Controller or against the Controller

The data is stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims that may be raised against the Controller (the basic limitation period for claims against the Controller is six years).

4) DATA RECIPIENTS

1. It is necessary for the Controller to use the services of external entities (such as a software provider, courier or payment processor). The Controller only uses the services of processors who provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.

2. The Administrator does not transfer data in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it. For example, if you use personal collection, your data will not be transferred to the carrier cooperating with the Controller.

3. Your personal data may be transferred to the following recipients or categories of recipients:

a. carriers/forwarders/courier brokers/entities handling the warehouse and/or shipping process – if you use the method of delivery of the Product by post or courier, the Administrator shall disclose your collected personal data to the selected carrier, forwarder or intermediary performing shipments on behalf of the Administrator, and if the shipment is made from an external warehouse - to the entity handling the warehouse and/or shipping process - to the extent necessary to deliver the product.

b. entities handling electronic or card payments – if you use electronic or card payment methods, the Administrator will share your collected personal data with the selected entity handling the above payments on behalf of the Administrator to the extent necessary to process your payment.

c. service providers supplying the Administrator with technical, IT and organisational solutions enabling the Administrator to conduct business activity, (in particular, e-mail providers and providers of company management software and technical support to the Administrator) - the Administrator shall disclose your collected personal data to a selected provider acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

d. accounting, legal and advisory service providers providing the Administrator with accounting, legal or advisory support (in particular, an accounting office, law firm or debt collection company) - The Controller shall disclose your collected personal data to a selected provider acting on its behalf only in the case and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.

5) RIGHTS OF THE DATA SUBJECT

1. Right of access, rectification, restriction, erasure or portability - the data subject has the right to request from the Controller access to their personal data, rectification, erasure (‘right to be forgotten’) or restriction of processing, and has the right to object to the processing, as well as the right to transfer their data. The detailed conditions for exercising the above rights are set out in Articles 15-21 of the GDPR.

2. Right to withdraw consent at any time – a person whose data is processed by the Controller on the basis of consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR), has the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.

3. Right to lodge a complaint with a supervisory authority – a person whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.

4. Right to object – the data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or public tasks) or (f) (legitimate interests of the controller), including profiling based on these provisions. In such a case, the controller may no longer process such personal data unless he demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or grounds for the establishment, exercise or defence of legal claims.

5. Right to object to direct marketing - where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling to the extent that it is related to such direct marketing.

6. In order to exercise the rights referred to in this section of the privacy policy, you may contact the Controller by sending a relevant message in writing or by e-mail to the Controller's address indicated at the beginning of the privacy policy.

Preliminary note – this privacy policy has been prepared in accordance with the information requirements of the EU GDPR. We encourage you to read it carefully so that you can better understand your rights and obligations under the new regulations.

The GDPR came into force on 25 May 2018. One of the elements of compliance with the GDPR is the privacy policy. However, in addition to the policy, it is necessary to implement the other requirements arising from the GDPR.

If you need more extensive support in implementing the GDPR in your company, please contact us and we will prepare a separate offer in this regard.

We also recommend reading the following guides, which provide an accessible introduction to GDPR issues and companies' obligations in this area:

https://www.mpit.gov.pl/media/50521/PrzewodnikMSP_RODO_2018.pdf

https://www.giodo.gov.pl/pl/1520281/10255

https://www.gov.pl/cyfryzacja/rodo-informator

This section outlines the most important principles of data processing in accordance with the GDPR – these principles must be taken into account when determining, for example, the amount of data collected or the period of its processing.

The table presents the standard purposes, grounds and periods of data processing for sales via OWS.

However, please review them carefully and, if you notice any differences in relation to your business (e.g. additional purpose, different data processing period), please complete the document. This is very important for the proper fulfilment of information obligations in accordance with the GDPR.

Please remember the rules for data processing in accordance with the GDPR indicated in section 1.6 of the privacy policy – for example, we cannot collect more data than is actually necessary, nor can we store it for longer than is actually necessary to achieve the purpose of data processing. It is also recommended to regularly check and review the information indicated here for changes.

Important! The GDPR imposes an obligation to conclude a data processing agreement with each entity processing customer personal data on our behalf. This agreement should specify, among other things, the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects, as well as the obligations and rights of the controller. The GDPR also specifies a number of additional provisions that such an agreement should contain. Failure to conclude such an agreement constitutes a violation of the GDPR. Concluding such an agreement is also in your interest – in the event of an inspection, you will be able to demonstrate that you have ensured adequate data protection.

If you need assistance in preparing such an agreement or verifying your current agreement for compliance with the GDPR, please let us know and we will prepare a separate quote for you.

6) AGRORISK INSURANCE

By submitting the application form available at https://geo-polska.pl/pl/ubezpieczenia.html, the user declares that:

1. They consent to the transfer by GEO POLSKA SP. Z O.O. of their personal data indicated above, including their first name, surname, email address and telephone number, to AgroRisk Polska Sp. z o.o. with its registered office in Poznań at ul. Grunwaldzka 186, 60-166 Poznań, which acts as a processor on behalf of Gartenbau Versicherung VVaG with its registered office in Wiesbasen, Germany – an insurance company that is the controller of personal data, for the purpose of providing me with information about the insurance services offered;

2. I have been informed of my right to withdraw my consent or change my personal data at any time, and that the withdrawal of consent does not affect the validity of the previous processing of personal data;

3. Withdrawal of the consent given in point 1 or modification of my personal data requires a statement to be submitted;

4. The personal data provided in the form is provided voluntarily and is true.

Settings

We respect your privacy. You can change cookie settings or accept them all. You can change your settings at any time.

Necessary cookies are used for the proper functioning of the website and allow you to comfortably use the services we offer.

Cookie files respond to actions taken by you in order to, inter alia, adjusting your privacy preferences, logging in or filling out forms. Thanks to cookies, the website you are using may function without interruption.

More

These types of cookies allow the website to remember the settings you have entered and to personalize specific functionalities or the content presented.

Thanks to these cookies, we can provide you with greater comfort of using the functionality of our website by adjusting it to your individual preferences. Expressing consent to functional and personalization cookies guarantees the availability of more functions on the website.

More

Analytical cookies help us develop and adapt to your needs.

Analytical cookies allow you to obtain information on the use of the website, place and frequency with which our websites are visited. The data allows us to evaluate our websites in terms of their popularity among users. The collected information is processed in an anonymised form. Expressing consent to analytical cookies guarantees the availability of all functionalities.

More

Thanks to advertising cookies, we present you the most interesting information and news on the websites of our partners.

Promotional cookies are used to present our messages to you based on an analysis of your preferences and your browsing habits. Promotional content may appear on the websites of third parties or our partner companies and other service providers. These companies act as intermediaries presenting our content in the form of news, offers, social media messages.

Regional settings
Location
Language