PRIVACY POLICY WWW.DESIGNLIGHT.UK

1. PRIVACY POLICY CONTENT

In this privacy policy you will find information about the rules of processing and protection of personal data by the data controller.

The controller of personal data processed for the purposes described in the privacy policy is Design Light Sp. z o.o. with its registered office at ul. Wrocławska 1B, 48-340 Głuchołazy, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Opole, 8th Commercial Department of the National Court Register under KRS number 0000459222 (hereinafter referred to as: Company or Controller), e-mail: rodo@designlight.pl.

The Company processes personal data of natural persons within its business activity, including through the website at the following address: https://www.designlight.uk (hereinafter referred to as: Website).

The Company pays special attention to the protection of personal data and that is why personal data of the Website users (hereinafter referred to as: Users or User) processed with the use of the Website are processed in a manner consistent with the provisions of the law on personal data protection in force in the Republic of Poland. By processing your personal data, the Company fulfils its obligations resulting from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter referred to as the GDPR), and from the national law applicable:

The Privacy Policy includes in particular the information which the Company, as the personal data controller, is obliged to provide to the data subjects pursuant to Art. 13 and 14 of the GDPR. The Company applies personal data processing policies aimed at personal data protection. Only employees and other persons acting on behalf of the Company who have been authorised to process personal data and who have undertaken to maintain confidentiality are allowed to process personal data.

2. CONTACT

Should you have any doubts or questions regarding the privacy policy or protection of your personal data, you can contact the Company by email at: rodo@designlight.pl. Moreover, any inquiries or requests may be addressed to the Company’s correspondence address: Design Light Sp. z o.o., ul. Wrocławska 1B, 48-340 Głuchołazy.

3. GENERAL RULES OF USING THE WEBSITE

The Company makes every possible effort to ensure the security of your data and to protect them against improper use by third parties. Therefore, the connection to the Website is made via an encrypted HTTPS protocol. This helps to prevent data being intercepted and changed. By clicking on the padlock symbol in the address bar you will obtain information about the security certificate of the Website and, depending on the browser, you can also view detailed information about the cookies stored in your device. However, the actions taken by the Company may turn out to be insufficient if you do not observe the general safety rules when using the Website and the Internet.

Users’ data (including in particular IP address, other identifiers and information collected by means of cookies or other similar technologies), if they constitute personal data, shall be processed by the Company:

a) in order to provide services by electronic means in the scope of making the content of the Website available to the Users – processing is necessary in order to perform the contract [Art. 6 sec. 1 (b) of the GDPR];

b) for analytical and statistical purposes – the legal basis for the processing of personal data is the implementation of the legally justified interest of the Company, i.e. conducting analyses of Users’ activities and their preferences in order to improve the functionality of the Website and the services rendered [Art. 6 sec. 1 (f) of the GDPR];

c) for marketing purposes, consisting in personalisation of the content and advertisements displayed to the User – based on the consent given by the User [Art. 6 sec. 1 (f) of the GDPR];

d) in order to establish and pursue possible claims or to defend against claims, which constitutes a legitimate interest of the Company [Art. 6 sec. 1 (f) of the GDPR]

4. COOKIES

Cookies are text files. They are stored on the disk of the end device (i.e. device that you use to browse the Website). They aim at identifying your end device (e.g. computer, phone, tablet) when reconnected to the Website. Cookies are used to better determine the individual needs of the User. As part of the Website, the following types of cookies are used:

  • cookies, enabling the use of services available on the Website, e.g. authentication cookies used for services which require authentication within the Website;
  • “performance” cookies used to collect information on how the pages of the Website are used;
  • “functional” cookies, enabling “remembering” the settings selected by the User and personalisation of the user’s interface.

The Website uses the above mentioned cookies for the following purposes:

  • maintaining the Website User session (after logging in);
  • adjusting the content of the Website pages to the User’s preferences and optimising the use of the web pages; in particular, these files enable recognition of the User’s device and displaying the web page, adjusted to his or her individual needs;
  • analysis and statistics concerning the Website traffic;
  • adjustment of the marketing content to the User’s preferences.

By default, web browsers (User software) enable storing cookies in the end device. You can always change the settings of your web browser that determine the use of cookies. The User may therefore not agree on the storing of cookies in the end device by means of which he or she connects to the Website. In order to do so, use the option that disables the possibility of downloading and storing cookies in your browser. Providers of popular web browsers offer information on how to disable cookies. However, disabling cookies may have a negative impact on the use of some functionalities of the Website.

During the first visit to the Website, the User will be displayed a message concerning his/her cookie consent. The User has two options – he or she can accept all the cookies used on the Website or go to the section that enables manual selection of cookies that will be stored in the User’s device. In the selection section it is not possible to refuse the use of cookies necessary for the proper functioning of the Website. Consent to the remaining cookies requires an active consent of the User (opt-in).

After agreeing to specific cookie files during the first visit to the Website, failure to change cookie settings during subsequent visits while continuing to use the Website means acceptance of the cookies used by the Website. The user can remove cookies from his or her device and change the cookie settings at any time.

The suppliers of particular Website functionalities indicated below may also place their cookies in the User’s device.

The Company uses Google Analytics which is a tool used to analyse the Users’ visits to the Website. You may refuse to accept Google Analytics cookies. This tool does not collect data that enable the identification of the User. The Google Analytics application enables the control of the Website traffic and its adjustment to the User’s needs. At the following address you will find detailed information on the security of the data collected with Google Analytics:

https://support.google.com/analytics/answer/6004245

When the User uses the Website tabs with the videos that are stored on YouTube.com servers, the operator of YouTube.com, i.e. Google Inc., may place cookies on the User’s device in order to play and in connection with playing the video. The Company does not manage these files, but only decides to use the YouTube plug-in on the Website, within which cookies are placed by the YouTube operator, and configures the possibility of placing cookies by YouTube maintaining the highest level of User’s privacy. For more information on the functioning and data processing by the YouTube’s operator, please visit:

https://policies.google.com/privacy?hl=pl.

Data processed by these entities within the framework of cookies may be processed outside the European Economic Area.

5. LINKS TO EXTERNAL WEBSITES AND PLUG-INS

The Website contains links or plug-ins to external websites, such as twitter.com, pinterest.com, youtube.com and facebook.com. The personal data processed through these websites are in principle controlled by third parties. The processing of your personal data by these entities is governed by the law to which the controllers of these websites are subject and by their internal regulations (e.g. privacy policies). To some extent, the Company may be an independent controller of your personal data processed as part of plug-ins or links placed on the Website.

If you are logged into pinterest.com, twitter.com, youtube.com or facebook.com while browsing the Website, the Website may identify your account on these websites. The Company may be the controller of your personal data to the extent necessary to redirect from the Website to pinterest.com, twitter.com, youtube.com or facebook.com. The legal basis for processing your data is the legitimate interest of the Company, i.e. extending the Website’s functionality and conducting marketing activities by the Company by means of external websites, such as pinterest.com, twitter.com, youtube.com or facebook.com.

Personal data processed in this way are transmitted to the operator of pinterest.com, twitter.com, youtube.com or facebook.com, and on these websites are controlled by the websites’ operators.

Personal data may be processed by these entities outside the European Economic Area.

6. PROCESSING OF PERSONAL DATA IN CONNECTION WITH E-MAIL CORRESPONDENCE

The Company made available i.a. on the Website contact details that enable contacting it by electronic means of communication (via e-mail).

The contact is possible by clicking on a hyperlink on the Website consisting of the Company’s e-mail address, which may result in automatic redirection to the User’s e-mail program. The use of this form of contact requires the disclosure of personal data necessary to provide the User with response, i.e. primarily the e-mail address. Lack of e-mail address will make it impossible for the Company to handle the User’s inquiry. You may also voluntarily provide other data to identify yourself, to facilitate contact or to make it easier to handle your request. The Company processes personal data on the same principles when you contact the Company by email directly from your email box to the Company’s e-mail address.

The legal basis for the processing of personal data is the legitimate interest of the Company, referred to in Art. 6 sec. 1 (f) of the GDPR, i.e. keeping up correspondence with you. Personal data are processed by the Company in order to handle the correspondence sent.

Depending on the content of the message received from you, your personal data may also be processed for other purposes, e.g. to take actions before concluding a contract or to conclude and implement a contract [Art. 6 sec. 1 (b) of the GDPR]

In principle, personal data will be processed for as long as the purpose for which the correspondence is carried out exists and until the expiry of the limitation period for claims, increased by one year.

7. PROCESSING OF PERSONAL DATA IN TELEPHONE CONTACT

The Company will request personal data during the telephone conversation only if this is necessary to fulfil the purpose of the telephone conversation, including identity verification.

If the phone all is recorded, you will be informed before you speak with a Company representative. You have the right not to consent to the telephone call recording. If you do not consent to the recording, please end the phone call. If telephone conversations are recorded, the purpose of the recording is to control the quality of services provided by the Company and to defend against claims or to make claims, which constitutes a legitimate interest of the Company [Art. 6 sec. 1 (b) of the GDPR]

The provision of personal data will be in principle voluntary, but may be required by the Company depending on the purpose of providing it. Personal data obtained in this way will be processed in accordance with the rules applicable to the specific purpose of processing resulting from a telephone call, no longer than until the expiry of the limitation period for claims, increased by one year.

8. PROCESSING OF DATA ON SOCIAL NETWORKING SITES

The Websites contains links to external websites – including Facebook, where the Company maintains its profile (the so-called fan page) and YouTube, where the Company runs its channel. The personal data processed through these external websites are controlled by third parties. The processing of your personal data by these entities is governed by the law to which the controllers of these websites are subject and by their internal regulations (e.g. privacy policies). This privacy policy does not regulate the processing of personal data by these entities.

However, the Company may also be an independent controller of personal data processed as part of the Company’s fan page or channel, processing personal data under the following rules. Personal data are processed by the Company on a social media fan page or channel:

  • to carry out marketing activities consisting in providing information about the Company and its services through a fan page or channel, including sharing posts, which constitutes a legitimate interest pursued by the Company [Art. 6 sec. 1 (f) of the GDPR];
  • in order to reply to private messages sent by means of the social networking site functionality; in such a case, the basis for processing the data is the Company’s legitimate interest that consists in handling correspondence [Art. 6 sec. 1 (f) of the GDPR];
  • for the purposes of discussions held within the framework of posts published on a fan page or channel, as part of a social networking site or on websites enabling discussion by means of accounts set up on a social networking site, which constitutes a legitimate interest pursued by the Company [Art. 6 sec. 1 (f) of the GDPR];
  • in order to obtain statistical data – the Company may obtain statistical data concerning the fan page or channel from the operator of the social networking site; such data are created on the basis of information on your activity on the fan page or channel acquired by the operator of the given social networking site; in such a situation, a legitimate interest pursued by the Company is the analysis of statistical data concerning the fan page or channel [Art. 6 sec. 1 (f) of the GDPR]

The provision of personal data is voluntary. In the case of any form of communication with the Company through a social networking site, your account details (name, surname or pseudonym, as well as a photo and other publicly available information) will be automatically made available to the Company. You may stop following the Company’s fan page or channel at any time and remove your comments.

9. PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF EXECUTING CONTRACTS

The Company processes personal data in connection with the execution of contracts with other entities. Personal data may concern the other contracting party as well as persons representing the other contracting party (e.g. as board members, proxies, contact persons). In such a case, personal data are processed:

  • for the purpose of taking steps that aim at concluding a contract and of the execution of the contract with the data subject [Art. 6 sec. 1 (b) of the GDPR] or with the entity which is represented by the data subject [Art. 6 sec. 1 (f) of the GDPR];
  • for the purposes resulting from the legitimate interests pursued by the Company, i.e. for the purposes of making claims or defending against claims, direct marketing, archiving [Art. 6 sec. 1 (f) of the GDPR];
  • in order to fulfil the tax and accounting obligations imposed on the Company by the law [Art. 6 sec. 1 (c) of the GDPR].

The provision of personal data is in principle voluntary, however, it is required by the Company and necessary for the conclusion and implementation of the contract. Failure to provide data may prevent the conclusion or implementation of the contract. In the case of processing personal data for the purpose of fulfilling tax and accounting obligations, the provision of data may be obligatory (e.g. to issue a VAT invoice), which results from the provisions of generally applicable law.

10. DATA RECIPIENTS

Depending on the purpose of processing, your personal data may be disclosed to entities providing certain services to the Company. The scope of the data disclosed shall not exceed the need justified by the nature of such services. The data recipients may include entities providing postal, courier or forwarding services if the use of a traditional correspondence form proves necessary. The recipient of any data processed in electronic form may be an entity providing the Company with IT services or IT solutions (e.g. software, including analytical solutions).

Moreover, the recipients of the data may be entities providing legal, administrative or accounting services.

Personal data may also be made available to competent public authorities if required by applicable provisions of law.

11. PERSONAL DATA STORAGE PERIOD

The Company does not store personal data longer than it is necessary for the specific purpose of processing. The period of processing your personal data by the Company depends on the type of services provided and the purpose of processing. The period of personal data processing was indicated in the individual processing activities listed in the privacy policy.

If the processing of personal data is necessary to establish and assert possible claims or to defend against claims, the data will be processed until the expiry of the limitation period for these claims, increased by one year.

Personal data processed for the purposes of performing the legal obligations incumbent on the Company are processed for the period required by generally applicable law (e.g. period for keeping accounting documents).

In the case of personal data processing on the basis of the Company’s legitimate interest, personal data are processed for the period necessary to perform such interest or to raise an effective objection to the processing of personal data.

Personal data processed on the basis of consent shall be processed until the withdrawal of consent, unless another ground for processing arises.

12. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

In principle, the Company does not transfer personal data to third countries (outside the European Economic Area – EEA). However, if the transfer of personal data to the countries outside the EEA is necessary, the Company shall inform about it when acquiring personal data. The Privacy Policy describes the IT solutions or business activities in case of which the Company uses the services of entities established or affiliated outside the EEA, in particular in the USA. Information related to the traffic on the Website is usually provided to these entities anonymously, i.e. do not constitute personal data of the User. In any case, the Company shall make every effort to ensure that the processing of personal data outside the EEA is carried out according to the highest standards, which will be achieved in particular through:

  • use of the services of entities that process personal data in third countries for which a decision on the provision of an adequate level of personal data protection has been issued by the European Commission;
  • application of standard contractual clauses approved by the European Commission;
  • application of binding corporate rules approved by the competent supervisory authority.

13. USER’S RIGHTS

With regard to the processing of your personal data, you are entitled to:

  • request the access to your personal data,
  • request the amendment to your personal data,
  • request the deletion of your personal data,
  • request the restriction of your personal data processing,
  • transfer your personal data to another controller where the personal data are obtained from you and the processing is carried out in an automated way on the basis of an agreement pursuant to Article 6 sec. 1(a) or 9 sec. 2(a) of the GDPR or on the basis of a contract pursuant to Article 6 sec. 1(b) of the GDPR,
  • object to the processing of your data for the purposes of direct marketing,
  • object to the processing of your personal data pursuant to Art. 6 sec. 1 (f) of the GDPR, i.e. processing necessary for the purposes resulting from the legitimate interests pursued by the Company.

Your consent may be withdrawn at any time without affecting compliance with the law of the processing carried out pursuant to the consent prior to the withdrawal of the same.

You can exercise the above rights by reporting them:

  • in writing to the following address: Design Light Sp. z o.o., ul. Wrocławska 1B, 48-340 Głuchołazy;
  • electronically via e-mail: rodo@designlight.pl.

You have also the right to submit a complaint to a supervisory authority:

14. DURATION OF THE PRIVACY POLICY

The privacy policy shall be updated. This version of the privacy policy has been effective from 8 June 2020 until it is amended by the Company.