Privacy Policy for the dih.pl website

§ 1. Definitions

1. Administrator - "DIH.PL" a limited liability company with its registered office in Zabrze (ul. Wolności 274, 41-800 Zabrze), entered into the National Court Register under the KRS number 0000367345, NIP 648 273 9266, REGON 241 746 359, with the share capital of PLN 5,000, registered on 7 October 2010, being the controller of personal data within the meaning of the GDPR.
2. User - any natural person whose personal data are processed by the Administrator in connection with the use of the Website, provision of services or other forms of contact.
3. Personal data - all information about an identified or identifiable natural person, including, but not limited to, name, email address, telephone number, device IP address, location data, online identifier, data collected via cookies or other similar technology.
4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
5. Website - website operating at https://dih.pl, including, among others, information about the Administrator's activities, contact forms and other functions made available to Users.
6. Personal data processing - any operations performed on personal data, such as collecting, recording, storing, developing, modifying, making available, deleting, and in particular operations carried out in IT systems.
7. Personal data breach - a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

§ 2. Scope of application

This privacy policy outlines the principles for processing the personal data of Website Users, customers, contractors, and subcontractors of the Administrator, as well as the use of cookies and other tracking technologies. This document is for informational purposes only and does not constitute a contract.

§ 3. Categories of processed data

The Administrator may process in particular:

• • identification data (name, surname, company name, Tax Identification Number, National Court Register)
• • contact details (e-mail address, telephone number, mailing address)
• • business data (industry, website address, e-commerce system)
• • technical data (IP address, device identifiers, server logs, cookies)
• • data provided as part of contracts, orders, contact forms, recruitment processes

§ 4. Purposes and legal basis of processing

Personal data are processed for the following purposes:

1. Fulfillment of contracts - provision of services for the implementation, maintenance and development of PrestaShop stores (Article 6, paragraph 1, letter b of the GDPR)
2. Handling inquiries - responses to messages, requests for quotations and forms (Article 6, paragraph 1, letter f of the GDPR)
3. Marketing - sending commercial information after obtaining consent (Article 6, paragraph 1, letters a and f of the GDPR)
4. Legal obligations - issuing invoices, archiving documentation (Article 6, paragraph 1, letter c of the GDPR)
5. Security - protection of systems and data, prevention of abuse (Article 6, paragraph 1, letter f of the GDPR)
6. Recruitment - conducting recruitment processes (Article 6, paragraph 1, letters a and b of the GDPR)

§ 5. Data recipients

Data may be shared:

• • subcontractors and collaborators
• • IT service and hosting providers
• • accounting offices and legal services
• • courier companies (in the case of sending documents)
• • public authorities to the extent required by law

§ 6. Storage period

Data is stored:

• • for the duration of the contract and the limitation period for claims (maximum 6 years)
• • for the period required by law for accounting documents (5 years)
• • until the consent is withdrawn in the case of data processed on the basis of consent

§ 7. User Rights

Every person has the right to:

• • access to your data
• • data rectification
• • deletion of data
• • processing restrictions
• • data transfer
• • object to processing
• • withdraw consent at any time

The rights can be exercised by contacting the Administrator: biuro@dih.pl

The User has the right to submit a complaint to the President of the Personal Data Protection Office.

§ 8. Cookies and similar technologies

1. The website uses cookies for the following purposes:
• • ensuring the proper functioning of the Website
• • analytical (e.g. Google Analytics)
• • marketing (e.g. Google Ads, Meta Pixel)
2. The user can manage cookies in their browser settings.

§ 9. Server logs

1. Every query sent to the server is recorded in the server logs.
2. Logs include, among others: the device's IP address, server date and time, information about the browser and operating system, the URL of the page visited on the Website, the URL of the page previously visited (referrer).
3. Log data is used only for administrative purposes, to ensure security, to diagnose technical problems and to create statistics.
4. Log data is not associated with specific individuals, unless this is required by law.

§ 10. Other technologies

1. The Administrator may use tools and technologies provided by third parties on the Website that enable:
• • analyzing how the Website is used (e.g. Google Analytics, Hotjar)
• • conducting marketing and remarketing activities (e.g. Google Ads, Meta Pixel)
• • integration with social media (e.g. Facebook, LinkedIn buttons)
• • support for forms, chats or ticketing systems (e.g. Tidio)
• • form protection (e.g. Google reCAPTCHA)
2. These technologies may collect data about Users' activity on the Website and other websites.
3. The use of these technologies may result in the transfer of data to entities outside the EEA, using appropriate legal mechanisms (e.g. standard contractual clauses).

§ 11. Data transfer outside the EEA

Data may be transferred outside the European Economic Area only to entities that ensure an adequate level of protection, in accordance with legal provisions, e.g. on the basis of standard contractual clauses.

§ 12. Data security

The Administrator uses technical and organizational measures to ensure data protection, including:

• • SSL connection encryption
• • access control systems
• • regular backups
• • security incident response procedures

§ 13. Privacy Policy Changes

The Administrator reserves the right to make changes to the policy. The current version is published on the Website.