Privacy Policy

Information on Personal Data Processing

Hereby, in fulfilment of the information obligation imposed on BOKKA sp. z o.o. with its registered office in Kraków, arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119 of 4 May 2016, p. 1), hereinafter referred to as “GDPR”, we inform you that:

Controller of personal data. BOKKA sp. z o.o. with its registered office in Kraków (address: Pl. Wolnica 13/10, 31-060 Kraków), hereinafter referred to as the “Controller”, entered in the register of entrepreneurs of the National Court Register (Poland) under KRS number 0000718870, holding VAT no. PL6762545474, REGON 369497701, with share capital of PLN 5,000.00 fully paid up, is the controller of your personal data.

Purposes and legal bases of personal data processing; period of personal data storage; information on the requirement/voluntariness of providing personal data.

1. The Controller will process your personal data as a recipient of goods ordered from the Controller, that is, first name and surname, business name, business address, NIP (Tax ID), REGON, telephone, e-mail address, bank account number (in the case of settlements by bank transfer), for the purpose of:

a) carrying out cooperation between your enterprise and the Controller in the scope of delivery of goods, whereby the possibility of processing personal data for this purpose results from the necessity to take steps prior to entering into a contract and for the purpose of performing the contract (legal basis: Art. 6(1)(b) GDPR),

b) carrying out accounting and tax settlements, whereby the possibility of processing personal data for this purpose results from the necessity to ensure the correctness of the documentation kept and the fulfilment by the Controller of statutory obligations arising from civil law and public law provisions (legal basis: Art. 6(1)(c) GDPR),

c) creating databases, direct marketing of own products, securing documentation for the purposes of defence against possible claims or for the purposes of pursuing claims, which constitute the implementation of a legitimate interest of the Controller (legal basis: Art. 6(1)(f) GDPR).

Your personal data will be stored throughout the entire period of cooperation with the Controller, and after its termination, for the period of statute of limitations of all claims (civil-law and public-law) and for an additional period of 12 months counted from the end of the year in which all claims became time-barred. The additional period of 12 months is for the event of claims submitted at the last moment and problems with delivery, and counting from the end of the year serves to determine a single date for the deletion of personal data. Where the basis for processing your personal data is the legitimate interest of the Controller, your personal data will be stored for as long as such legitimate interest exists.

Your provision of personal data:

a) is voluntary, however, in order to carry out the cooperation described in sub-point 1(a) above, it is necessary,

b) is voluntary, however necessary in order to pursue the legitimate interests of the Controller indicated in sub-point 1(c) above,

c) is a statutory requirement in the scope of the Controller’s pursuit of the purpose of accounting and tax settlements described in sub-point 1(b) above, and the consequence of not providing personal data is the impossibility of cooperation with the Controller.

2. The Controller will process your personal data as a seller of goods or supplier of services to the Controller (such as, in particular, transport of goods, courier shipments), that is, first name and surname, business name, business address, NIP (Tax ID), REGON, telephone, e-mail address, bank account number (in the case of settlements by bank transfer), for the purpose of:

a) carrying out cooperation between your enterprise and the Controller, in the scope of the sale of goods to the Controller or the supply of services, whereby the possibility of processing personal data for this purpose results from the necessity to take steps prior to entering into a contract and for the purpose of performing the contract (legal basis: Art. 6(1)(b) GDPR),

c) creating databases, securing documentation for the purposes of defence against possible claims or for the purposes of pursuing claims, which constitute the implementation of a legitimate interest of the Controller (legal basis: Art. 6(1)(f) GDPR).

Your personal data will be stored throughout the entire period of cooperation with the Controller, that is, throughout the period of the sale of goods to the Controller or the provision of services, and after the end of such cooperation, for the period of statute of limitations of all claims (civil-law, including those arising from guarantee and statutory warranty, as well as public-law) and for an additional period of 12 months counted from the end of the year in which all claims became time-barred. The additional period of 12 months is for the event of claims submitted at the last moment and problems with delivery, and counting from the end of the year serves to determine a single date for the deletion of personal data. Where the basis for processing your personal data is the legitimate interest of the Controller, your personal data will be stored for as long as such legitimate interest exists.

Your provision of personal data:

a) is voluntary, however, in order to carry out the cooperation described in sub-point 2(a) above, it is necessary,

b) is voluntary, however necessary in order to pursue the legitimate interests of the Controller indicated in sub-point 2(c) above,

c) is a statutory requirement in the scope of the Controller’s pursuit of the purpose of accounting and tax settlements described in sub-point 2(b) above, and the consequence of not providing personal data is the impossibility of cooperation with the Controller.

3. The Controller will process your personal data as an entity entitled under a guarantee or statutory warranty for defects in goods supplied by the Controller, that is, first name and surname, business name, business address, NIP (Tax ID), REGON, telephone, e-mail address, bank account number (in the case of settlements by bank transfer), for the purpose of:

a) handling complaints, whereby the possibility of processing personal data for this purpose results from the necessity to examine the guarantee granted by the Controller (legal basis: Art. 6(1)(b) GDPR) or from the necessity for the Controller to fulfil a legal obligation arising from the provisions of the Civil Code on statutory warranty for defects (legal basis: Art. 6(1)(c) GDPR),

c) securing documentation for the purposes of defence against possible claims or for the purposes of pursuing claims, which constitute the implementation of a legitimate interest of the Controller (legal basis: Art. 6(1)(f) GDPR).

Your personal data will be stored throughout the period of validity of the quality guarantee and/or statutory warranty for defects and for the period of statute of limitations of all claims (civil-law and public-law) and for an additional period of 12 months counted from the end of the year in which all claims became time-barred. The additional period of 12 months is for the event of claims submitted at the last moment and problems with delivery, and counting from the end of the year serves to determine a single date for the deletion of personal data. Where the basis for processing your personal data is the legitimate interest of the Controller, your personal data will be stored for as long as such legitimate interest exists.

Your provision of personal data:

a) is voluntary, however, in order to examine the complaint described in sub-point 3(a) above, it is necessary,

b) is voluntary, however necessary in order to pursue the legitimate interests of the Controller indicated in sub-point 3(c) above,

c) is a statutory requirement in the scope of the Controller’s pursuit of the purpose of accounting and tax settlements described in sub-point 3(b) above, and the consequence of not providing personal data will be the impossibility for the Controller to handle certain complaint claims.

4. The Controller will process your personal data as an entity remaining in business relations with the entity indicated in point 1 above, that is, with the recipient of goods ordered from the Controller (in particular investor, designer and subcontractors), that is, first name and surname, business name, business address, NIP (Tax ID), REGON, telephone, e-mail address, bank account number (in the case of settlements by bank transfer), for the purpose of:

a) carrying out cooperation between the entity indicated in point 1 above and the Controller, in the scope of the delivery of goods by the Controller, whereby the possibility of processing personal data for this purpose results from the necessity to pursue a legitimate interest of the Controller (legal basis: Art. 6(1)(f) GDPR), that is, the necessity to determine the terms of the order and its performance,

c) responding and providing answers to your correspondence, including e-mail, as well as for the purpose of its archiving, which constitute the implementation of a legitimate interest of the Controller (legal basis: Art. 6(1)(f) GDPR),

d) securing documentation for the purposes of defence against possible claims or for the purposes of pursuing claims, which constitute the implementation of a legitimate interest of the Controller (legal basis: Art. 6(1)(f) GDPR).

Your personal data will be stored throughout the entire period of cooperation between the Controller and the entity indicated in point 1 above, that is, with the recipient of goods ordered from the Controller, and after the end of such cooperation – for the period of statute of limitations of all claims (civil-law, including those arising from guarantee and statutory warranty, as well as public-law) and for an additional period of 12 months counted from the end of the year in which all claims became time-barred. The additional period of 12 months is for the event of claims submitted at the last moment and problems with delivery, and counting from the end of the year serves to determine a single date for the deletion of personal data. Your correspondence will be stored for the period indicated in the first and second sentences above, and subsequently archived, that is, transferred to the archive and excluded from the Controller’s IT systems, with the reservation that this does not apply to backup copies. Where the basis for processing your personal data is the legitimate interest of the Controller, your personal data will be stored for as long as such legitimate interest exists.

Your provision of personal data:

a) is voluntary, however, in order to carry out the cooperation described in sub-point 4(a) above, it is necessary,

b) is voluntary, in the scope of pursuing the purpose described in sub-point 4(c) above, but necessary in order to respond and provide answers to correspondence addressed to the Controller,

c) is voluntary, however necessary in order to pursue the legitimate interests of the Controller indicated in sub-point 4(d) above,

d) is a statutory requirement in the scope of the Controller’s pursuit of the purpose of accounting and tax settlements described in sub-point 4(b) above, and the consequence of not providing personal data is the impossibility of cooperation with the Controller.

5. The Controller will process your personal data as a person acting on behalf of or for the benefit of one of the entities indicated in points 1 – 4 above (member of a body in a partnership or company, commercial proxy, employee, person “employed” on the basis of a civil-law contract), that is, your first name, surname, telephone number, e-mail address, for the purpose of:

a) carrying out cooperation between the Controller and one of the entities indicated in points 1 – 4 above, whereby the possibility of processing personal data for this purpose results from the necessity to take steps prior to entering into a contract and for the purpose of performing the contract (legal basis: Art. 6(1)(b) GDPR),

Your personal data will be stored throughout the entire period of cooperation between the Controller and one of the entities indicated in points 1 – 4 above, and after the end of such cooperation – for the period of statute of limitations of all claims (civil-law, including those arising from guarantee and statutory warranty, as well as public-law) and for an additional period of 12 months counted from the end of the year in which all claims became time-barred. The additional period of 12 months is for the event of claims submitted at the last moment and problems with delivery, and counting from the end of the year serves to determine a single date for the deletion of personal data. Your correspondence will be stored for the period indicated in the first and second sentences above, and subsequently archived, that is, transferred to the archive and excluded from the Controller’s IT systems, with the reservation that this does not apply to backup copies. Where the basis for processing your personal data is the legitimate interest of the Controller, your personal data will be stored for as long as such legitimate interest exists.

Your provision of personal data:

a) is voluntary, however, in order to carry out the cooperation described in sub-point 5(a) above, it is necessary,

b) is voluntary, in the scope of pursuing the purpose described in sub-point 5(c) above, but necessary in order to respond and provide answers to correspondence addressed to the Controller,

c) is voluntary, however necessary in order to pursue the legitimate interests of the Controller indicated in sub-point 5(d) above,

d) is a statutory requirement in the scope of the Controller’s pursuit of the purpose of accounting and tax settlements described in sub-point 5(b) above, and the consequence of not providing personal data is the impossibility of cooperation with the Controller.

Rights of data subjects. You are entitled to: (a) access to your data and obtaining a copy thereof; (b) rectification (correction) of your data; (c) erasure of data, restriction of data processing; (d) objection to data processing; (e) data portability; (f) lodging a complaint with the supervisory authority – the President of the Personal Data Protection Office (UODO, Poland), if you consider that the processing of your personal data infringes the provisions of the law on the protection of personal data.

Recipients of data. Your personal data may be disclosed to recipients such as the Controller’s partners, insofar as this proves necessary to achieve the purposes indicated above (for example, insurance companies). Your data may also be accessed by the Controller’s subcontractors, including processors, e.g., accounting, legal and IT firms, transport and courier companies, postal service providers.

Automated decision-making. The Controller will not take automated decisions in respect of you, including decisions resulting from profiling. The Controller does not intend to transfer your personal data to a third country or to an international organisation.

termPIR®

insPIRe®

GS MW

izoGRASS®

Components

Privacy Policy

Information on Personal Data Processing