version effective from May 1, 2021
WHAT IS A PRIVACY POLICY?
We would like to familiarize you with the details of how we process your personal data to provide you with full knowledge and comfort in using our website.
Since we operate in the internet industry ourselves, we know how important it is to protect your personal data. Therefore, we take special care to protect your privacy and the information you provide to us.
We carefully select and implement appropriate technical measures, particularly programming and organizational measures, to protect the personal data being processed. Our website uses encrypted data transmission (SSL), which protects your identifying information.
Our Privacy Policy contains all the most important information regarding our processing of your personal data. We encourage you to read it, and we promise it won’t take you more than a few minutes.
Who is the administrator of the xymen.pl website?
The administrator of the website is XYMEN SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office in Warsaw, ul. Twarda 18, 00-105 Warsaw, registered by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register, KRS number 0000871644, NIP 5252844527, REGON 387648681, with a share capital of PLN 5,000.00 (i.e., us).
PERSONAL DATA
What legal act regulates the processing of your personal data?
Your personal data are collected and processed by us in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1), commonly referred to as the GDPR. To the extent not regulated by the GDPR, the processing of personal data is governed by the Personal Data Protection Act of 10 May 2018.
Who is the controller of your personal data?
The administrator of your personal data is XYMEN SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office in Warsaw, ul. Twarda 18, 00-105 Warsaw, registered by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register, KRS number 0000871644, NIP 5252844527, REGON 387648681, with a share capital of PLN 5,000.00, phone: +48 600521272, e-mail: biuro@xymen.pl
You can contact us regarding your personal data by:
HOW DO WE PROCESS THE PERSONAL DATA YOU PROVIDE US WITH?
What personal data do we process and for what purposes do we process it?
On our website, we offer you many different services for which we process different personal data based on different legal bases.
| Goal | Personal data | Legal basis for processing | Data retention period |
| conclusion and performance of the contract | first name, last name, mailing address, Tax Identification Number (NIP), email address, phone number | Article 6(1)(b) of the GDPR, i.e., processing for the purpose of taking actions at your request prior to entering into a contract, as well as processing necessary for the performance of a contract to which you are a party. | to revoke any prior notice of termination of the agreement |
| contact form | email address | Article 6(1)(f) of the GDPR, i.e., processing for the purpose of pursuing our legitimate interest, consisting in maintaining continuity of communication and enabling contact with us regarding our business activities | until you object to the processing of your personal data |
| establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities | first name, last name, address, PESEL, Tax Identification Number (NIP), REGON, email address, phone number, IP address, bank account number, payment card number | Article 6(1)(f) of the GDPR, i.e., processing for the purpose of pursuing our legitimate interest, consisting in establishing, asserting, and enforcing claims, as well as defending against claims in proceedings before courts and other public authorities | to revoke any prior notice of termination of the agreement |
| fulfillment of legal obligations arising from the law, in particular tax and accounting regulations | first name, last name, company name, PESEL, NIP or REGON, email address, phone number, correspondence address, payment card number | Article 6(1)(c) of the GDPR, i.e., the processing is necessary for compliance with the legal obligations to which we are subject, arising from the provisions of law, in particular tax and accounting regulations. | until the expiration of the legal obligation imposed on the Administrator that justified the transfer of personal data |
Voluntary provision of personal data
Providing the required personal data is voluntary, but it is a condition for us to provide services to you.
Recipients of personal data
You can find the current list of entities to which we disclose your personal data here.
Automated decision-making (including profiling)
Based on the information you provide in your account, such as data regarding the services you use, information obtained through cookies—including location data—as well as your previous behavior and interests in specific goods or services, personalized offers and marketing information, such as products complementary to those you have viewed, will be prepared. The Administrator uses cookies on its website, which are short text files stored on your phone, tablet, computer, or other device used to access the website. These files can be read by the system, as well as by systems of other entities whose services the Administrator uses, such as Facebook, Google, and Instagram. More information about cookies can be found in the Cookie Policy.
Will we transfer your personal data outside the EEA or to an international organisation?
To use the Hotjar statistical tool, your personal data may be transferred to the United States. In accordance with the privacy policy of the tool, Hotjar has taken appropriate safeguards to protect your personal data and requires that external service providers and partners also have appropriate safeguards in place. For more information, please see Hotjar’s Privacy Policy at the following link: https://www.hotjar.com/legal/policies/privacy/
WHAT RIGHTS DO YOU HAVE IN CONNECTION WITH OUR PROCESSING OF YOUR PERSONAL DATA?
Under the GDPR, you have the right to:
- request access to your personal data,
- request rectification of your personal data,
- request the deletion of your personal data,
- request to limit the processing of personal data,
- object to the processing of personal data,
- request the portability of personal data.
If you submit any of the above-mentioned requests to us, we will provide you with information about the actions taken in response to your request without undue delay, and in any case, within one month of receiving it.
If necessary, we may extend the one-month period by an additional two months due to the complex nature of the request or the number of requests.
In any case, we will inform you within one month of receiving the request about the extension of the period and provide you with the reasons for the delay.
Right of access to personal data (Article 15 of the GDPR)
You have the right to obtain information about whether we are processing your personal data. If we are processing your personal data, you have the right to:
- access to personal data,
- obtaining information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the planned period of storing your data or the criteria for determining that period, the rights granted to you under the GDPR, as well as the right to lodge a complaint with the President of the Personal Data Protection Office, the source of the data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union;
- obtain a copy of your personal data.
If you wish to request access to your personal data, please submit your request to: biuro@xymen.pl.
The right to rectification of personal data (Article 16 of the GDPR)
If your personal data are incorrect, you have the right to request that we promptly correct your personal data. You also have the right to request that we complete your personal data. If you wish to request the correction or completion of your personal data, please send your request to: biuro@xymen.pl.
The right to have personal data deleted, the so-called “right to be forgotten” (Article 17 GDPR)
You have the right to request the deletion of your personal data when:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you have withdrawn specific consent to the extent that personal data were processed based on your consent;
- Your personal data have been processed unlawfully;
- you have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that such processing is related to direct marketing;
- you have objected to the processing of your personal data in connection with processing that is necessary for the performance of a task carried out in the public interest, or processing that is necessary for the purposes of legitimate interests pursued by us or a third party.
Even if you have submitted a request to delete your personal data, we may continue to process your data for the purpose of establishing, pursuing, or defending claims, and you will be informed accordingly.
If you wish to request the deletion of your personal data, please submit your request to the following address: biuro@xymen.pl.
The right to request the restriction of the processing of personal data (Article 18 of the GDPR)
You have the right to request the restriction of the processing of your personal data when:
- you contest the accuracy of your personal data – in such a case, we will restrict the processing of your personal data for a period allowing us to verify their accuracy.
- the processing of your data is unlawful, and instead of requesting the deletion of your personal data, you request the restriction of the processing of your personal data;
- Your personal data are no longer necessary for the purposes of processing, but they are required for establishing, pursuing, or defending your claims;
- you have objected to the processing of your personal data – until it is determined whether our legitimate interests override the grounds stated in your objection.
If you wish to request a restriction on the processing of your personal data, please submit your request to: biuro@xymen.pl.
The right to object to the processing of personal data (Article 21 of the GDPR)
You have the right to object at any time to the processing of your personal data, including profiling, in connection with:
- processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by the Data Controller or a third party;
- processing for direct marketing purposes.
If you wish to object to the processing of your personal data, please submit your request to: biuro@xymen.pl.
The right to data portability (Article 20 of the GDPR)
You have the right to receive your personal data from us in a structured, commonly used, machine-readable format and to transmit it to another data controller.
By default, your personal data will be provided in CSV format. If you prefer a different format, please indicate your preferred format in your request. Whenever possible, we will make every effort to provide your data in the format you prefer.
You can also request that we transfer your personal data directly to another controller (if technically possible).
If you wish to request the transfer of your personal data, please submit your request to the following address: biuro@xymen.pl.
Lodging a complaint with the supervisory authority
If you believe that the processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, your place of work, or the location of the alleged infringement.
In Poland, the supervisory authority within the meaning of the GDPR is the President of the Personal Data Protection Office, who replaced the former GIODO on 25 May 2018.
