Privacy and Cookies Policy of thewidlarzgroup.com

Thewidlarzgroup.com (hereinafter “Website”) collects some personal data from its users.

This document can be printed for reference by using the print command in the settings of any browser.

Privacy and Cookies Policy version 1.2 is valid from the 27th of February 2025.

General Information

This Privacy Policy is for informational purposes only. It does not constitute a contract or impose any obligations for the User.

In order to comply with the obligations resulting from provisions on the protection of personal data, especially Regulation (EU) 2016/679 of the European Parliament and of the European Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general regulation on the protection of data, hereinafter "GDPR"), the Controller hereby presents to you all sufficient information about the scope and legal basis of the processing of your personal data, as well as Controller’s contact details, to help you understand how your data will be processed and assure you that your data will be protected with all sufficient and effective means.

Below you will find detailed information on how the Controller processes your data. Please read this Policy carefully. If you have any questions or any doubts, you can contact the Controller using the contact details given below.

Data Controller

The Controller of your personal data is The Widlarz Group spółka z ograniczoną odpowiedzialnością with its registered office in Kraków (Szlak 77/222 Street, 31-153 Kraków, Poland), entered in the Register of Entrepreneurs of the National Court Register, kept by the District Court in Kraków-Śródmieście in Kraków, XI Economic Division of the National Court Register, under KRS number: 0000948896, Tax Id. No. (NIP): 6762610444, Industry Id. No. (REGON) number: 521042593, share capital: 5.000,00 PLN (hereinafter “Controller” or “TWG”).

You can contact the Controller as follows:

1)    by email: hi@thewidlarzgroup.com;

2)    by letter to the address: Szlak 77/222 Street, 31-153 Kraków, Poland.

For any matters related to data protection, you may also request detailed information on what personal data we hold about you and for what purposes it is processed.

Definitions and legal references

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

An identifiable natural person is someone who can be identified, directly or indirectly, through an identifier such as a name, identification number, location data, online identifier, or through one or more factors related to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Usage Data

Information collected automatically through thewidlarzgroup.com (or third-party services employed in thewidlarzgroup.com), which can include: the IP addresses or domain names of the computers utilized by the Users who use thewidlarzgroup.com, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Webiste) and the details about the path followed within the Webiste with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

User

The individual using thewidlarzgroup.com who, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or TWG)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of thewidlarzgroup.com. The Data Controller, unless otherwise specified, is the Owner of thewidlarzgroup.com.

thewidlarzgroup.com (or Website)

The means by which the Personal Data of the User is collected and processed.

Service

The service provided by thewidlarzgroup.com as described in the relative terms (if available) and on this site.

European Union (or EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Types of data collected

Among the types of personal data our Website collects, by itself or through third parties, there are: cookies; usage data; email address, phone number, job title and other information that the user may send, e.g. via email or chatbot.

Complete details on each type of personal data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the data collection.

Personal data may be freely provided by the user directly to the Controller, or, in case of usage data, collected automatically when using our Website.

Users are responsible for any third-party personal data obtained, published or shared through our Website and confirm that they have the third party's consent to provide the data to the Controller.

Purposes and the legal basis of processing your personal data

The Controller may process personal data relating to users if one of the following applies:

1)   processing is necessary for the purposes of the legitimate interests pursued by the Controller (art. 6 sec. 1 (f) GDPR), which includes:

• replying to your messages sent to the Controller via e-mail or chat or contact form provided on the Website;
• taking any necessary steps associated with any possible claims against the Controller;
• conducting internal statistics to improve business operations;
• marketing of the Controller’s own products and services without using electronic communication.

2)   processing is necessary in order to take steps at your request prior to entering into a contract (art. 6 sec. 1 (b) GDPR), which includes:

• subscription to the newsletter (the consent can be withdrawn at any time);
• conclude and execute Service Agreements or to take action at the request of a future User prior to its conclusion.

3)    your consent to process personal data (art. 6 sec. 1 (a) GDPR), which includes:

• performing analyses and statistics that will allow the Controller to better adapt the content and services provided to users' needs and expectations;
• marketing of the Controller’s own products and services via electronic communication (email) based on user consent.
• purposes indicated in detail in consent clauses.

4) Processing is necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR), which includes:

• archiving documents to comply with legal obligations.

We may store correspondence for statistical purposes, improving our support system, handling complaints, or administrative interventions. Contact details collected in this way will not be used for marketing purposes or shared with third parties.

In any case, the Controller will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Voluntary provision of personal data

Providing your personal data is voluntary, but failure to provide the data may prevent the Controller from providing services electronically (e.g. newsletter) or answering your questions (submitted via contact form, email or chat).

If you decide to contact the Controller, you confirm that you have read and agreed to this Policy. Unless you do so, you shouldn’t contact the Controller via contact form, email or chat nor provide the Controller with your personal data.

Recipients of your personal data

In addition to the Controller, in some cases, the data may be accessible to certain types of persons in charge, involved with the operation of the Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data processors by the Controller. Also, your personal data may be transferred in connection with the use of the IT technologies and tools implemented in the Website or which are used by the Website, in particular:

1) business analytics tools (tracking user interactions with the Website);

2) communication tools (e.g. interaction with live chat platforms).  

The updated list of these recipients may be requested from the Controller at any time.

The data is transferred only for the purpose of proper performance of services and only to the extent that results from the contents of the contracts concluded with the above mentioned entities.

Transferring data outside the European Economic Area

The Data is processed at the Controller's operating offices and in any other places where the parties involved in the processing are located.

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.

If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.

Retention time

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Therefore:

1. personal data collected for purposes related to the performance of a contract between the Controller and the user shall be retained until such contract has been fully performed; personal data collected for the purposes of the Controller’s legitimate interests shall be retained as long as Controller’s interest exists or until you object. However, personal data will be stored until the statute of limitations for potential claims under the applicable law;
2. personal data collected on the basis of your consent, shall be retained until you withdraw your consent to the processing of personal data. Withdrawal of consent does not affect the lawfulness of the processing of personal data carried out before the withdrawal of your consent.

‍

‍

Furthermore, the Controller may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, personal data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Your rights related to the processing of personal data

Pursuant to GDPR you have the following rights related to the processing of your personal data:

• the right to withdraw consent (art. 7 (3) of the GDPR),
• the right to access your personal data (art. 15 of the GDPR),
• the right to request the rectification of your personal data (art. 16 of the GDPR),
• the right to request the deletion of your personal data (art. 17 of the GDPR),
• the right to request the restriction of the processing of your personal data (art. 18 of the GDPR),
• the right to transfer your personal data, i.e. the right to receive your personal data from us, in a structured, commonly used, machine-readable IT format; you can send this data to another data administrator or request that we send your data to another administrator, however, we will only do this if such a message is technically possible (art. 20 GDPR),
• the right to object to the processing of your data on the basis of our legitimate interest, which is not overriding your interest or your rights and freedoms, and the right to object to the processing of your data for direct marketing purposes (art. 21 of the GDPR).

To exercise the above mentioned rights, please contact us by email: hi@thewidlarzgroup.com  or by traditional letter to the address: The Widlarz Group sp. z o.o., Szlak 77/222 Street, 31-153 Kraków, Poland. These requests can be exercised free of charge and will be addressed by the Controller as early as possible and always within one month.

You also have the right to lodge a complaint with the supervisory body dealing with the protection of personal data, i.e. the appropriate President of the Office for Personal Data Protection (Article 77 GDPR).

Data profiling‍

The Website uses tools that profile the data of users who have given their voluntary consent. Refusal to give consent causes no consequences for users. These tools automatically collect information about users' preferences and activities on the Website. The consequence of profiling is displaying personalized advertising to users.

The tools use data such as:

1. URL, 
2. referrer, 
3. IP address, 
4. device and browser characteristics,
5. timestamp.

The Website does not collate the information indicated above with your other personal data. This information is anonymous and does not allow us to identify you. This information is stored on the servers of the providers of the various tools.

Cookies

Our Website uses cookies to enhance your browsing experience, analyze site traffic, and for advertising purposes. By using our Website, you consent to our use of cookies in accordance with this Cookies Policy.

What are Cookies?

Cookies are small text files stored on your device (computer, tablet, mobile phone) when you visit certain websites. Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

We use both session and persistent cookies for several purposes:

1. Essential Cookies: These are necessary for the Website to function and cannot be switched off in our systems. They are usually set in response to actions made by you, such as setting your privacy preferences, logging in, or filling in forms.
2. Analytical/Performance Cookies: These allow us to recognize and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users find what they are looking for easily.
3. Functional Cookies: These are used to recognize you when you return to our Website. This enables us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
4. Targeting Cookies: These cookies record your visit to our Website, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.

Managing Cookies

You have the right to decide whether to accept, accept selected or reject cookies (except essential cookies, which are necessary for the functioning of the Website). When visiting the Website, you can make a decision via a cookiebot. Remember that you can change your decision regarding cookies preferences at any time in your browser settings. Please note that if you choose to reject cookies, you may still use our Website though your access to some functionality and areas of our Website may be restricted.

Third-Party Cookies

In addition to our own cookies, we may also use various third-party cookies to report usage statistics of the Website, deliver advertisements on and through the Website, and so on.

How do we use Cookies?

Cookies are collected for the following purposes and using the following services:

Advertising

This type of service allows user data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements on the Website, possibly based on user interests.

This does not mean that all personal data are used for this purpose. Information and conditions of use are shown below.

Advertising Cookies are collected only after the user’s consents to the collection of such data.

Some of the services listed below may use Cookies to identify users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the user’s interests and behavior, including those detected outside the Website. For more information, please check the privacy policies of the relevant services.

In addition to any opt-out offered by any of the services below, the user may opt out of a third-party service's use of cookies for certain advertising features by visiting the Network Advertising Initiative opt-out page.

Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general. 

Analytics

The services contained in this section enable the Controller to monitor and analyze the Website traffic and can be used to keep track of user behavior.

‍Google Analytics with anonymized IP (Google Ireland Limited)

Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”), number: 368047,  with its registered office at: Gordon House, Barrow Street, Dublin 4, Ireland. Google utilizes the data collected to track and examine the use of the Website, to prepare reports on its activities and share them with other Google services.

Google may use the data collected to contextualize and personalize the ads of its own advertising network.

This integration of Google Analytics anonymizes your IP address. It works by shortening users' IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy Policy – Opt Out

Displaying content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of the Website and interact with them.

This type of service might still collect web traffic data for the pages where the service is installed, even when users do not use it.

Google Fonts (Google Ireland Limited)

Google Fonts is a typeface visualization service provided by Google Ireland Limited that allows the Website to incorporate content of this kind on its pages.

Personal Data processed: Usage Data; various types of Data as specified in the privacy policy of the service.

Place of processing: Ireland – Privacy Policy.

Heat mapping and session recording

Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior. Some of these services may record sessions and make them available for later visual playback.

Personal Data processed: Cookies; Usage Data; various types of Data as specified in the privacy policy of the service.

‍Hotjar (Hotjar Ltd.)

We use Hotjar to understand how users interact with our website. Hotjar provides heat maps, session recordings, and surveys to help us understand user behavior and improve user experience.

Personal Data processed: Cookies, Usage Data, and other data as specified in Hotjar's privacy policy.

Place of processing: Malta – https://www.hotjar.com/legal/policies/privacy.

Hosting and backend infrastructure

This type of service has the purpose of hosting data and files that enable the Website to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of the Website.

‍Home.pl (home.pl SA)

Home.pl is a hosting service provided by home.pl SA.

Personal Data processed: Cookies; Usage Data; various types of Data as specified in the privacy policy of the service.

Place of processing: Poland – Privacy Policy.‍

Vercel (Vercel Inc.)

Vercel is a hosting service provided by Vercel Inc.

Personal Data processed: various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy. Data transfers outside the EEA are based on the standard contractual clauses concluded by the Controller with Vercel Inc. For more information (such as a copy of the safeguards indicated in Article 13(1)(f) of the GDPR), you may contact the Controller as set forth above.

Webflow (Webflow, Inc)

Webflow is utilized by our organization as a tool for designing, building, and hosting websites. It enables the creation of responsive and visually engaging online platforms without the need for extensive coding, thanks to its visual design interface. This approach facilitates a more efficient design and development process, allowing for rapid deployment of updates and new content.

In terms of data protection and privacy, Webflow's commitment is outlined in their Privacy Policy, which provides detailed information on how user data is collected, used, and protected. The policy is available for review at Webflow's Privacy Policy page (https://webflow.com/legal/eu-privacy-policy). Webflow's infrastructure is designed to ensure secure management and storage of data, with the majority of their hosting. The company implements comprehensive security measures to prevent unauthorized access and data breaches, reflecting a strong commitment to maintaining high standards of data security and privacy for its users.

Webflow is based at  398 11th Street, 2nd Floor San Francisco, CA 94103 thanks to which we can, among other things, efficiently collect information provided in contact forms or newsletter subscription forms. Our partner has been positively verified and listed on the Data Privacy Framework, which means that even though it is based outside the European Union, it can legally process data of EU residents.

Cookiebot  

Within our Website, we also use services provided by Usercentrics A/S, a company based in Denmark, registration number: 34624607. Through this cooperation, we collect user consents for the use of cookies and adjust the applied algorithms according to the consents expressed by Website users.

For more details on how this company processes data, please visit: https://www.cookiebot.com/en/privacy-policy/.

Remarketing and behavioral targeting

This type of service allows the Website and its partners to inform, optimize and serve advertising based on past use of the Website by the user.

This activity is performed by tracking usage data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.

Some services offer a remarketing option based on email address lists.

In addition to any opt-out offered by any of the services below, the user may opt out of a third-party service's use of cookies for certain remarketing features by visiting the Network Advertising Initiative opt-out page.

Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.

Google Ads Remarketing (Google Ireland Limited)

Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google Ireland Limited that connects the activity of the Website with the Google Ads advertising network and the DoubleClick Cookie.

Users can opt out of Google's use of cookies for ads personalization by visiting Google's Ads Settings.

Personal Data processed: Cookies; Usage Data

Place of processing: Ireland – Privacy Policy – Opt Out. 

SPAM protection

This type of service analyzes the traffic of the Website, potentially containing users' personal data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.

‍hCaptcha 

We use a tool provided by Intuition Machines, Inc., 1065 SW 8th St #704, Miami, Florida 33130, to protect our Website from bots and other threats. Our partner has received a positive verification and is listed in the Data Privacy Framework, which means that despite being based outside the European Union, it is legally allowed to process data of EU residents in compliance with applicable regulations.

For more details on how this company processes data, please visit: https://www.hcaptcha.com/privacy

Tag Management

This type of service helps the Controller to manage the tags or scripts needed on the Website in a centralized fashion.

This results in the users' data flowing through these services, potentially resulting in the retention of this data.

Google Tag Manager (Google Ireland Limited)

Google Tag Manager is a tag management service provided by Google Ireland Limited.

Personal Data processed: Usage Data.

Place of processing: Ireland – Privacy Policy. 

We use the Google Tag Manager tool provided by Google Ireland Limited (registered number: 368047) with its registered office at: Gordon House, Barrow Street, Dublin 4, Ireland. Thanks to it, we manage tags on our website. It means that we can examine how you interact with our website and how your device and browsers react to it. This allows us to better match the content and code of our website.

The Google Tag Manager tool collects only aggregate data regarding the tags used, the performance and operation of our website's system. This does not include IP addresses, data associated with a specific person. However, the collected data in combination with other data may lead to linking them to a specific person.

More information about privacy and data security within this tool can be found here:

https://support.google.com/tagmanager/answer/9323295?hl=pl&ref_topic=3441532

‍User database management

This type of service allows the Controller to build user profiles by starting from an email address, a personal name, or other information that the user provides to the Website, as well as to track user activities through analytics features. This personal data may also be matched with publicly available information about the user (such as social networks' profiles) and used to build private profiles that the Controller can display and use for improving the Website

Some of these services may also enable the sending of timed messages to the user, such as emails based on specific actions performed on the Website

‍Crisp (Crisp IM SARL)

Crisp collects data voluntarily provided in the chat window, as well as user location, IP address and e-mail, for the purpose of answering the queries of users visiting the website. By accepting our Privacy Policy you acknowledge that the information you provide can be transferred to Intercom for processing in accordance with their Terms & Policies.

‍Pipedrive

Pipedrive serves as our chosen Customer Relationship Management (CRM) platform, enabling us to effectively manage customer interactions, track sales, and organize service-related information. The platform houses a variety of data, including personal identification details and records of communication with our clients, facilitating an organized, analytical approach to enhancing customer engagement and service quality. For detailed information on how Pipedrive manages privacy and data protection, including their commitment to securing user data, you can review their Privacy Policy (https://www.pipedrive.com/en/privacy). It's important to note that Pipedrive complies with leading data protection regulations to ensure the safety and privacy of the data stored within its systems. Pipedrive's data centers are located in the United States and Europe, providing a secure and reliable infrastructure for data storage and processing, thereby supporting our efforts to deliver exceptional service to our customers while adhering to high standards of data privacy and security.

Place of processing: United States, Europe. Data transfers outside the EEA are based on the standard contractual clauses concluded by the Controller with Pipedrive Inc. For more information (such as a copy of the safeguards indicated in Article 13(1)(f) of the GDPR), you may contact the Controller as set forth above. Also, Pipedrive participates and complies with the EU-U.S. Data Privacy Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information of individuals in the European Union. Pipedrive Inc. has been certified by the Department of Commerce that it adheres to the Data Privacy Framework Principles, including the onward transfer liability provisions.

‍Usebasin 

We also use tools provided by Moonshot Ventures, Inc. Through the support of our partner, we are able to process and manage data collected via forms available on the Website more effectively.

For more details on how this company processes data, please visit: https://usebasin.com/privacy

System logs and maintenance

For operation and maintenance purposes, the Website and any third-party services may collect files that record interaction with thewidlarzgroup.com (System logs) use other personal data (such as the IP Address) for this purpose.

‍Social media tools we use

On our website we uses social plugins and other social tools provided by social networks such as LinkedIn and YouTube.

When you visit a website containing such a plugin, your browser establishes a direct connection to the servers of the social network service providers. The content of the plugin is transferred by the respective service provider directly to your browser and integrated into the website. This integration informs the service providers that your browser has accessed the corresponding page, even if you do not have a profile with this service provider or are not currently logged in. This information (including your IP address) is sent by your browser directly to the server of the respective provider and stored there. 

If you are logged in to one of the social networks, the respective provider can directly assign the visit to our website to your profile in the respective network. The purpose and scope of the data collection and the further processing and use of the data by the service providers, including the possibility of contacting them and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policy of the respective service providers. 

YouTube - https://www.youtube.com/intl/ALL_pl/howyoutubeworks/user-settings/privacy/

LinkedIn - https://www.linkedin.com/legal/privacy-policy‍

If you do not want social networks to assign the data collected during your visit to our website directly to your profile in the respective service, you must log out of the service before visiting our website. You can also completely prevent the loading of plug-ins by using corresponding add-ons in your browser, e.g. script blockers.

How long do we store cookies containing personal data?

Depending on the type, purpose and legal basis for the processing of cookies, the storage time of cookies is between 1 session and 2 years. 

The cookies we collect containing personal data of a Visitor who is not a Customer will be stored until an objection is raised. The Controller may delete Personal Data if it is not used for marketing purposes for 2 years, unless the law obliges the Controller to process personal data for a longer period.

Some personal data may be stored for a longer period in case the Visitor has any claims against the Administrator or in order for the Administrator to pursue claims or defend against claims (including third party claims) for the period of their limitation specified by law, in particular the Civil Code.

In each case, the longer period of storage of Personal Data shall prevail.

Information not contained in this policy‍

More details concerning the collection or processing of Personal Data may be requested from the Controller at any time. Please see the contact information at the beginning of this document.

How “Do Not Track” requests are handled

The Website does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Changes to this Privacy and Cookie policy

The Controller reserves the right to make changes to this Privacy and cookie policy at any time by notifying its users in advance to enable them to become familiar with the changes on the Website and/or - as far as technically and legally feasible - sending a notice to users via any contact information available to the Controller.

Should the changes affect processing activities performed on the basis of the user’s consent, the Controller shall collect new consent from the user, where required.

‍