Privacy and Cookies Policy of thewidlarzgroup.com

Thewidlarzgroup.com (hereinafter “Website”) collects some personal data from its users.

This document can be printed for reference by using the print command in the settings of any browser.

Privacy and Cookies Policy version 1.1 is valid from 24th May 2024.

Data Controller

The controller of your personal data is The Widlarz Group spółka z ograniczoną odpowiedzialnością with its registered office in Kraków (ul. Szlak 77/222, 31-153 Kraków, Poland), entered in the Register of Entrepreneurs of the National Court Register, kept by the District Court in Kraków-Śródmieście in Kraków, XI Economic Division of the National Court Register, under KRS number: 0000948896, Tax Id. No. (NIP): 6762610444, Industry Id. No. (REGON) number: 521042593, share capital: 5.000,00 PLN (hereinafter “Controller” or “TWG”).

You can contact the Controller as follows:

1)    by email: hi@thewidlarzgroup.com;

2)    by letter to the address: Szlak 77/222 Street, 31-153 Kraków, Poland.

In order to comply with the obligations resulting from provisions on the protection of personal data, especially Regulation (EU) 2016/679 of the European Parliament and of the European Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general regulation on the protection of data, hereinafter "GDPR"), the Controller hereby presents to you all sufficient information about the scope and legal basis of the processing of your personal data, as well as Controller’s contact details, to help you understand how your data will be processed and assure you that your data will be protected with all sufficient and effective means.

Below you can find detailed information on how the Controller processes your data. Please read this Policy carefully. If you have any questions or any doubts, you can contact the Controller using the contact details given above.

Types of data collected

Among the types of personal data our Website collects, by itself or through third parties, there are: cookies; usage data; email address, phone number, job title and and other information that the user may send, e.g. via email or chatbot.

Complete details on each type of personal data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the data collection.

Personal data may be freely provided by the user directly to the Controller, or, in case of usage data, collected automatically when using our Website.

Users are responsible for any third-party personal data obtained, published or shared through our Website and confirm that they have the third party's consent to provide the data to the Controller.

Purposes and the legal basis of processing your personal data

The Controller may process personal data relating to users if one of the following applies:

1)   processing is necessary for the purposes of the legitimate interests pursued by the Controller (art. 6 sec. 1 (f) GDPR), which includes:

·       replying to your messages sent to the Controller via e-mail or chat or contact form provided on the Website;

·   taking any necessary steps associated with any possible claims against the Controller;

2)   processing is necessary in order to take steps at your request prior to entering into a contract (art. 6 sec. 1 (b) GDPR), which includes:

·       subscription to the newsletter;

3)    your consent to process personal data (art. 6 sec. 1 (a) GDPR), which includes:

·       performing analyses and statistics that will allow the Controller to better adapt the content and services provided to users' needs and expectations;

·       purposes indicated in detail in consent clauses.

In any case, the Controller will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Voluntary provision of personal data

Providing your personal data is voluntary, but failure to provide the data may prevent the Controller from providing services electronically (e.g. newsletter) or answering your questions (submitted via contact form, email or chat).

If you decide to contact the Controller, you confirm that you have read and agreed to this Policy. Unless you do so, you shouldn’t contact the Controller via contact form, email or chat nor provide the Controller with your personal data.

Recipients of your personal data

In addition to the Controller, in some cases, the data may be accessible to certain types of persons in charge, involved with the operation of the Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data processors by the Controller. Also, your personal data may be transferred in connection with the use of the IT technologies and tools implemented in the Website or which are used by the Website, in particular:

1) business analytics tools (tracking user interactions with the Website);

2) communication tools (e.g. interaction with live chat platforms).  

The updated list of these recipients may be requested from the Controller at any time.

The data is transferred only for the purpose of proper performance of services and only to the extent that results from the contents of the contracts concluded with the above mentioned entities.

Transferring data outside the European Economic Area

The Data is processed at the Controller's operating offices and in any other places where the parties involved in the processing are located.

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.

If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.

Retention time

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Therefore:

  1. personal data collected for purposes related to the performance of a contract between the Controller and the user shall be retained until such contract has been fully performed; personal data collected for the purposes of the Controller’s legitimate interests shall be retained as long as Controller’s interest exists or until you object. However, personal data will be stored until the statute of limitations for potential claims under the applicable law;
  2. personal data collected on the basis of your consent, shall be retained until you withdraw your consent to the processing of personal data. Withdrawal of consent does not affect the lawfulness of the processing of personal data carried out before the withdrawal of your consent.
Type of Data Retention Period Condition
Data processed based on consent Until consent is withdrawn Data processing based on consent
Data processed on the basis of a legitimate purpose Until an objection is raised Data processing on the basis of a legitimate purpose
Data transferred using the contact form, chat, e-mail 3 years To maintain the principle of accountability
Data contained in opinions Until consent is withdrawn or an objection is raised Based on consent or a legitimate purpose
Personal data associated with cookies and similar functions Until files are deleted or until an objection is raised Deleting files may not always remove Personal Data obtained
Data provided during the complaint procedure and other claims-related procedures 6 years Related to customer claims
Other personal data Up to 5 years General retention

Furthermore, the Controller may be obliged to retain personal data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, personal data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Your rights related to the processing of personal data

Pursuant to GDPR you have the following rights related to the processing of your personal data:

·       the right to withdraw consent (art. 7 (3) of the GDPR),

·       the right to access your personal data (art. 15 of the GDPR),

·       the right to request the rectification of your personal data (art. 16 of the GDPR),

·       the right to request the deletion of your personal data (art. 17 of the GDPR),

·    the right to request the restriction of the processing of your personal data (art. 18 of the GDPR),

·     the right to transfer your personal data, i.e. the right to receive your personal data from us, in a structured, commonly used, machine-readable IT format; you can send this data to another data administrator or request that we send your data to another administrator, however, we will only do this if such a message is technically possible (art. 20 GDPR),

·    the right to object to the processing of your data on the basis of our legitimate interest, which is not overriding your interest or your rights and freedoms, and the right to object to the processing of your data for direct marketing purposes (art. 21 of the GDPR).

To exercise the above mentioned rights, please contact us by email: hi@thewidlarzgroup.com  or by traditional letter to the address: The Widlarz Group sp. z o.o., Szlak 77/222 Street, 31-153 Kraków, Poland. These requests can be exercised free of charge and will be addressed by the Controller as early as possible and always within one month.

You also have the right to lodge a complaint with the supervisory body dealing with the protection of personal data, i.e. the President of the Office for Personal Data Protection (Article 77 GDPR).

Data profiling

The Website uses tools that profile the data of users who have given their voluntary consent. Refusal to give consent causes no consequences for users. These tools automatically collect information about users' preferences and activities on the Website. The consequence of profiling is displaying personalized advertising to users.

The tools use data such as:

  1. URL, 
  2. referrer, 
  3. IP address, 
  4. device and browser characteristics,
  5. timestamp.

Te Website does not collate the information indicated above with your other personal data. This information is anonymous and does not allow us to identify you. This information is stored on the servers of the providers of the various tools.

Definitions and legal references

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data

Information collected automatically through thewidlarzgroup.com (or third-party services employed in thewidlarzgroup.com), which can include: the IP addresses or domain names of the computers utilized by the Users who use thewidlarzgroup.com, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

User

The individual using thewidlarzgroup.com who, unless otherwise specified, coincides with the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of thewidlarzgroup.com. The Data Controller, unless otherwise specified, is the Owner of thewidlarzgroup.com.

thewidlarzgroup.com (or this Application)

The means by which the Personal Data of the User is collected and processed.

Service

The service provided by thewidlarzgroup.com as described in the relative terms (if available) and on this site/application.

European Union (or EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Cookies

Our Website uses cookies to enhance your browsing experience, analyze site traffic, and for advertising purposes. By using our Website, you consent to our use of cookies in accordance with this Cookies Policy.

What are Cookies?

Cookies are small text files stored on your device (computer, tablet, mobile phone) when you visit certain websites. Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

We use both session and persistent cookies for several purposes:

  1. Essential Cookies: These are necessary for the Website to function and cannot be switched off in our systems. They are usually set in response to actions made by you, such as setting your privacy preferences, logging in, or filling in forms.
  2. Analytical/Performance Cookies: These allow us to recognize and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users find what they are looking for easily.
  3. Functional Cookies: These are used to recognize you when you return to our Website. This enables us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
  4. Targeting Cookies: These cookies record your visit to our Website, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.

Managing Cookies

You have the right to decide whether to accept, accept selected or reject cookies (except essential cookies, which are necessary for the functioning of the Website). When visiting the Website, you can make a decision via a cookiebot. Remember that you can change your decision regarding cookies preferences at any time in your browser settings. Please note that if you choose to reject cookies, you may still use our Website though your access to some functionality and areas of our Website may be restricted.

Third-Party Cookies

In addition to our own cookies, we may also use various third-party cookies to report usage statistics of the Website, deliver advertisements on and through the Website, and so on.

How we use Cookies?

Cookies are collected for the following purposes and using the following services:

Advertising

This type of service allows user data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements on the Website, possibly based on user interests.

This does not mean that all personal data are used for this purpose. Information and conditions of use are shown below.

Advertising Cookies are collected only after the user’s consents to the collection of such data.

Some of the services listed below may use Cookies to identify users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the user’s interests and behavior, including those detected outside the Website. For more information, please check the privacy policies of the relevant services.

In addition to any opt-out offered by any of the services below, the user may opt out of a third-party service's use of cookies for certain advertising features by visiting the Network Advertising Initiative opt-out page.

Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.

Analytics

The services contained in this section enable the Controller to monitor and analyze the Website traffic and can be used to keep track of user behavior.

Google Analytics with anonymized IP (Google Ireland Limited)

Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”), number: 368047,  with its registered office at: Gordon House, Barrow Street, Dublin 4, Ireland. Google utilizes the data collected to track and examine the use of the Website, to prepare reports on its activities and share them with other Google services.

Google may use the data collected to contextualize and personalize the ads of its own advertising network.

This integration of Google Analytics anonymizes your IP address. It works by shortening users' IP addresses within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server and shortened within the US.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy Policy – Opt Out

Displaying content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of the Website and interact with them.

This type of service might still collect web traffic data for the pages where the service is installed, even when users do not use it.

Google Fonts (Google Ireland Limited)

Google Fonts is a typeface visualization service provided by Google Ireland Limited that allows the Website to incorporate content of this kind on its pages.

Personal Data processed: Usage Data; various types of Data as specified in the privacy policy of the service.

Place of processing: Ireland – Privacy Policy.

Heat mapping and session recording

Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior. Some of these services may record sessions and make them available for later visual playback.

Personal Data processed: Cookies; Usage Data; various types of Data as specified in the privacy policy of the service.

Hotjar (Hotjar Ltd.)

We use Hotjar to understand how users interact with our website. Hotjar provides heat maps, session recordings, and surveys to help us understand user behavior and improve user experience.

Personal Data processed: Cookies, Usage Data, and other data as specified in Hotjar's privacy policy.

Place of processing: Malta –https://www.hotjar.com/legal/policies/privacy.

Hosting and backend infrastructure

This type of service has the purpose of hosting data and files that enable the Website to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of the Website.

Home.pl (home.pl SA)

Home.pl is a hosting service provided by home.pl SA.

Personal Data processed: Cookies; Usage Data; various types of Data as specified in the privacy policy of the service.

Place of processing: Poland – Privacy Policy.

Vercel (Vercel Inc.)

Vercel is a hosting service provided by Vercel Inc.

Personal Data processed: various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy. Data transfers outside the EEA are based on the standard contractual clauses concluded by the Controller with Vercel Inc. For more information (such as a copy of the safeguards indicated in Article 13(1)(f) of the GDPR), you may contact the Controller as set forth above.

Remarketing and behavioral targeting

This type of service allows the Website and its partners to inform, optimize and serve advertising based on past use of the Website by the user.

This activity is performed by tracking usage data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.

Some services offer a remarketing option based on email address lists.

In addition to any opt-out offered by any of the services below, the user may opt out of a third-party service's use of cookies for certain remarketing features by visiting the Network Advertising Initiative opt-out page.

Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.

Google Ads Remarketing (Google Ireland Limited)

Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google Ireland Limited that connects the activity of the Website with the Google Ads advertising network and the DoubleClick Cookie.

Users can opt out of Google's use of cookies for ads personalization by visiting Google's Ads Settings.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy Policy – Opt Out. 

SPAM protection

This type of service analyzes the traffic of the Website, potentially containing users' personal data, with the purpose of filtering it from parts of traffic, messages and content that are recognized as SPAM.

Google reCAPTCHA (Google Ireland Limited)

Google reCAPTCHA is a SPAM protection service provided by Google Ireland Limited.

The use of reCAPTCHA is subject to the Google privacy policy and terms of use.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy Policy. 

Tag Management

This type of service helps the Controller to manage the tags or scripts needed on the Website in a centralized fashion.

This results in the users' data flowing through these services, potentially resulting in the retention of this data.

Google Tag Manager (Google Ireland Limited)

Google Tag Manager is a tag management service provided by Google Ireland Limited.

Personal Data processed: Usage Data.

Place of processing: Ireland – Privacy Policy. 

We use the Google Tag Manager tool provided by Google Ireland Limited (registered number: 368047) with its registered office at: Gordon House, Barrow Street, Dublin 4, Ireland. Thanks to it, we manage tags on our website. It means that we can examine how you interact with our website and how your device and browsers react to it. This allows us to better match the content and code of our website.

The Google Tag Manager tool collects only aggregate data regarding the tags used, the performance and operation of our website's system. This does not include IP addresses, data associated with a specific person. However, the collected data in combination with other data may lead to linking them to a specific person.

More information about privacy and data security within this tool can be found here:

https://support.google.com/tagmanager/answer/9323295?hl=pl&ref_topic=3441532

User database management

This type of service allows the Controller to build user profiles by starting from an email address, a personal name, or other information that the user provides to the Website, as well as to track user activities through analytics features. This personal data may also be matched with publicly available information about the user (such as social networks' profiles) and used to build private profiles that the Controller can display and use for improving the Website

Some of these services may also enable the sending of timed messages to the user, such as emails based on specific actions performed on the Website

Crisp (Crisp IM SARL)

Crisp collects data voluntarily provided in the chat window, as well as user location, IP address and e-mail, for the purpose of answering the queries of users visiting the website. By accepting our Privacy Policy you acknowledge that the information you provide can be transferred to Intercom for processing in accordance with their Terms & Policies .

Involve.me (stereosense GmbH)

The Website uses online form to better engage with our users.  The form has a list of topics to choose from. Via the form we collect data such as: email, first and last name  and a brief on the general description of the case.

By filling out this form, you agree to the collection and processing of this data as per the terms of this Privacy and Cookies policy.

We use involve.me as our platform for interactive content and forms. By submitting you acknowledge that the information you provide will be transferred to involve.me for processing in accordance with their Data Processing Agreement

Place of processing: Frankfurt, Germany.

Pipedrive

Pipedrive serves as our chosen Customer Relationship Management (CRM) platform, enabling us to effectively manage customer interactions, track sales, and organize service-related information. The platform houses a variety of data, including personal identification details and records of communication with our clients, facilitating an organized, analytical approach to enhancing customer engagement and service quality. For detailed information on how Pipedrive manages privacy and data protection, including their commitment to securing user data, you can review their Privacy Policy (https://www.pipedrive.com/en/privacy). It's important to note that Pipedrive complies with leading data protection regulations to ensure the safety and privacy of the data stored within its systems. Pipedrive's data centers are located in the United States and Europe, providing a secure and reliable infrastructure for data storage and processing, thereby supporting our efforts to deliver exceptional service to our customers while adhering to high standards of data privacy and security.

Place of processing: United States, Europe. Data transfers outside the EEA are based on the standard contractual clauses concluded by the Controller with Pipedrive Inc. For more information (such as a copy of the safeguards indicated in Article 13(1)(f) of the GDPR), you may contact the Controller as set forth above. Also, Pipedrive participates and complies with the EU-U.S. Data Privacy Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information of individuals in the European Union. Pipedrive Inc. has been certified by the Department of Commerce that it adheres to the Data Privacy Framework Principles, including the onward transfer liability provisions.

Webflow (Webflow, Inc)

Webflow is utilized by our organization as a tool for designing, building, and hosting websites. It enables the creation of responsive and visually engaging online platforms without the need for extensive coding, thanks to its visual design interface. This approach facilitates a more efficient design and development process, allowing for rapid deployment of updates and new content.

In terms of data protection and privacy, Webflow's commitment is outlined in their Privacy Policy, which provides detailed information on how user data is collected, used, and protected. The policy is available for review at Webflow's Privacy Policy page (https://webflow.com/legal/privacy). Webflow's infrastructure is designed to ensure secure management and storage of data, with the majority of their hosting services located in the United States. The company implements comprehensive security measures to prevent unauthorized access and data breaches, reflecting a strong commitment to maintaining high standards of data security and privacy for its users.

Place of processing: United States – Privacy Policy. Data transfers outside the EEA are based on the standard contractual clauses concluded by the Controller with Webflow Inc. You can read the document at (when you click on the link, you will be redirected to an external page): https://webflow.com/legal/dpa/. For more information, you may contact the Controller as set forth above.

GetResponse

Our organization uses GetResponse for email marketing, automation, and managing subscriber lists. This tool allows us to create, deploy, and manage email campaigns effectively, adapting to our subscribers' interactions and preferences.

GetResponse is committed to data protection and privacy, ensuring that all personal data is handled securely. Their privacy practices are outlined in detail in their Privacy Policy. This includes comprehensive information on how they collect, use, and protect user data to prevent unauthorized access and data breaches.

Data Hosting and Security: The data is hosted on servers located in various global locations, with stringent security measures in place to safeguard personal information.

Data Transfer: For data transfers outside of the European Economic Area (EEA), GetResponse employs standard contractual clauses as a safeguard for maintaining data protection standards.

For more details or to review their Privacy Policy, you can review GetResponse's Privacy Policy by visiting their official website at this link: GetResponse Privacy Policy.

System logs and maintenance

For operation and maintenance purposes, the Website and any third-party services may collect files that record interaction with thewidlarzgroup.com (System logs) use other personal data (such as the IP Address) for this purpose.

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Controller at any time. Please see the contact information at the beginning of this document.

How “Do Not Track” requests are handled

The Website does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Changes to this Privacy and Cookie policy

The Controller reserves the right to make changes to this Privacy and cookie policy at any time by notifying its users within the Website and/or - as far as technically and legally feasible - sending a notice to users via any contact information available to the Controller.

It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Should the changes affect processing activities performed on the basis of the user’s consent, the Controller shall collect new consent from the user, where required.

Latest update: May 2024