This Privacy Policy (hereinafter: “Privacy Policy”) sets out the rules for the collection, processing and use of the personal data we obtain in connection with the use of the Website and the Contact Form. This Privacy Policy also contains information on your rights in relation to the processing of your data.

1. Definitions

Whenever the following capitalised phrases are used in the subsequent sections of this Privacy Policy, they shall be construed as follows:

• Controller — LB THERM Sp. z o.o., Mazańcowice 963, 43-391 Mazańcowice 

NIP [Tax ID No.]: 697-221-45-59, EU VAT NIP [EU Tax ID No.]: PL6972214559 REGON [Business Registry No.]: 300623565 

• User — any person using the Website or Contact Form;
• Website — the website at www.lbtherm.com, the administrator of which is LB Therm Sp. z o.o.;
• Contact Form — a service provided electronically, available on the Website (in the “Contact” tab), which enables Users to message to the Controller;
• GDPR — the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

2. Data Protection Officer

The Controller declares that a Data Protection Officer (hereinafter: “DPO”) has been appointed at LB Therm Sp. z o.o. The DPO can be contacted via e-mail at iod@lbtherm.com

3. Legal basis for the processing of personal data

The Controller processes the User’s personal data to provide the Contact Form services. Providing data is voluntary but necessary for the use of the above services.

Personal data is processed based on the User’s consent (pursuant to Article 6(1)(b) of the GDPR) in order to pursue the legitimate interests of the Controller (pursuant to Article 6(1)(f) of the GDPR) as well as in cases where the Controller is legally authorised to process it.

4. Personal data processing period

The User’s personal data will be processed for as long as necessary to fulfil the indicated processing purposes; however, no longer than until the consent is withdrawn or an objection is raised to their processing.

5. Data recipients

While pursuing the purpose of processing, the User’s personal data may be shared with other recipients or categories of recipients of personal data. Data recipients may include processors performing processing activities on behalf of the Controller under a personal data processing agreement.

6. Data subjects’ rights

The Controller limits the collection and use of information about Users to the necessary minimum required to provide an appropriate level of service. The Controller applies technical and organisational measures to ensure respect for the privacy and protection of the Users’ personal data.

Data subjects have the right to:

• Request information from the Controller about the processing of their personal data, i.e. confirmation as to whether the personal data of the data subject is being processed. If personal data is processed, the data subject has the right to access and receive a copy of this data, as well as the right to the following information: the purposes of the processing; the categories of personal data; information about the recipients or categories of recipients to whom the data has been or will be disclosed; the period for which the data will be stored or the criteria used to determine that period; the data subject’s rights applicable to the processing of their personal data; the possibility to file a complaint with a regulatory authority; the source of the personal data if it was not obtained directly from the data subject; the profiling and automated decision-making (right of access, Art. 15 of the GDPR);
• Rectify their data. If a person becomes aware that their personal data processed by the Controller is inaccurate, outdated or incomplete, they have the right to request that it be rectified or completed without delay (right to rectification, art. 16 of the GDPR);
• Request the erasure of their personal data, whereby if the person has given their consent to the processing of personal data, the request for erasure will have the same effect as the withdrawal of consent (right to be forgotten, Art. 17 of the GDPR);
• Request the restriction of the processing of personal data (right to restriction of processing, Art. 18 of the GDPR, i.e. to request the cessation of their processing except for their storage, in situations where:
  1. The data subject questions the accuracy of the personal data — for a period during which the Controller will verify the accuracy of the personal data;
  2. The data subject questions the lawfulness of the processing of the personal data by the Service Provider;
  3. The Service Provider no longer needs the data, but the data are needed by the data subject to establish, assert or defend their claims;
  4. The data subject has objected to the processing — pending the Controller’s decision on the validity of the objection;
• Object to the processing of their personal data for the legitimate purposes of the Service Provider;
• Transmit their personal data as well as receive the personal data provided to the Controller in a structured, commonly used machine-readable format, if the processing is based on consent, or request that the data be transmitted to another controller designated by the data subject (right to data portability, Art. 20 of the GDPR).

To exercise the above rights, data subjects must send an email to the contact address provided at the beginning of this Privacy Policy, specifying which right they wish to exercise, to what extent and how. Please provide your contact details so that we may contact you promptly at the stage of exercising the data subject’s right, particularly if there is a need to ascertain the identity of the requester or to determine which right or to what extent the applicant wishes to exercise (ideally a phone number, but this is not obligatory).

7. Right to withdraw consent

Where the processing of User data is based on their consent, the User has the right to withdraw that consent at any time, without affecting the lawfulness of the processing carried out on its basis prior to its withdrawal.

Where your data has been processed based on consent, withdrawal of consent prevents you from continuing to use the services offered by the Controller (i.e. the Contact Form).

8. Data processing outside the EU

The Controller declares that it will not transfer the entrusted personal data outside the European Union without the prior written consent of the data subject and ensures the fulfilment of all GDPR obligations regarding the transfer of personal data to third countries.

9. Right to submit a complaint to the supervisory body

If the Controller has processed the data unlawfully, the User may lodge a complaint with the President of the Personal Data Protection Office.

10. Cookies privacy policy

Cookies are files stored on the device (computer, smartphone, tablet) on which the internet browser used to access the Website is installed.

To improve the functionality of the Website, the Controller uses several types of cookies:

• cookies necessary for the proper functioning of the Website. Some cookies are necessary to ensure that the User is able to make full use of the Website and the functions it offers. For example, if the User wants to compare the parameters of two products, the Controller uses cookies to record the product being compared. At that time, the User can find the second product to compare on the website;
• cookies identifying visitors. These are cookies which record the User’s visits to the Website, subpages and links which the User has clicked on. They make it possible to personalise certain content and adapt it to the individual preferences of Users.

Cookies used by the Controller do not store any personal data of the User. The User’s identity is not exposed through the use of cookies.

Information collected by the Controller may not be shared with entities or persons other than those authorised under generally applicable laws and those authorised to administer the Websites.

The User can block cookies or delete permanent cookies at any time by using the appropriate web browser options. In the event of problems, please consult your browser’s help file or contact the browser’s developer.

Users who do not consent to the use of cookies must modify their web browser settings accordingly. By configuring their systems to use cookies, Users consent to the storage by the Controller of the information referred to in Article 173(2) of the Act of 16 July 2004 — Telecommunications Law.

Third-party cookies may also be stored on the User’s device, in particular from Facebook, Google and LinkedIn. Information on cookies from these service providers can be found on their respective websites.

11. Contact Form 

The Website includes a Contact Form that allows any User to send a message to the Controller. To use the Contact Form, the User must:

1. fill in the “Message Subject” and “Message Content” fields, providing the title and content of the message addressed to the Controller;
2. fill in the “E-mail Address” field, indicating the e-mail address to which the Controller’s reply will be sent;
3. consent for the Controller to process the personal data provided by the User by ticking the box containing the relevant consent clause.
4. What data is collected when using the Contact Form?

The e-mail address is collected every time the Contact Form service is used. Providing an e-mail address will enable the Controller to respond to the User’s message. Nonetheless, the User can provide additional information in the Contact Form, including first name, last name, phone number, company name and mailing address. Providing the above data is voluntary on the part of the User.

13. Profiling

The Controller collects information about Users and their behaviour in the following ways:

• through the information voluntarily entered in the form (use of the Contact Form service);
• by storing cookies.

The data provided by Users is only processed in accordance with the purposes for which they have given their consent.

Users who are natural persons have the right to object to profiling at any time. The Controller declares that it has the technical tools to enable Users who are natural persons to express their objection.

14. Final Provisions

The Controller reserves the right to amend this Privacy Policy due to such factors as the advancement of Internet technology, as well as possible changes in the law on personal data protection. Users will be informed of any changes in a prominent and comprehensible manner.

If in doubt about any of the provisions of this Privacy Policy, please contact the Controller at the addresses provided herein.