version effective from May 1, 2021

WHAT IS A PRIVACY POLICY?

We would like to familiarize you with the details of how we process your personal data to provide you with full knowledge and comfort in using our website.

Since we operate in the internet industry ourselves, we know how important it is to protect your personal data. Therefore, we take special care to protect your privacy and the information you provide to us.

We carefully select and implement appropriate technical measures, particularly programming and organizational measures, to protect the personal data being processed. Our website uses encrypted data transmission (SSL), which protects your identifying information.

Our Privacy Policy contains all the most important information regarding our processing of your personal data. We encourage you to read it, and we promise it won’t take you more than a few minutes.

Who is the administrator of the xymen.pl website?

The administrator of the website is XYMEN SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office in Warsaw, ul. Twarda 18, 00-105 Warsaw, registered by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register, KRS number 0000871644, NIP 5252844527, REGON 387648681, with a share capital of PLN 5,000.00 (i.e., us).

PERSONAL DATA

What legal act regulates the processing of your personal data?

Your personal data are collected and processed by us in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1), commonly referred to as the GDPR. To the extent not regulated by the GDPR, the processing of personal data is governed by the Personal Data Protection Act of 10 May 2018.

Who is the controller of your personal data?

The administrator of your personal data is XYMEN SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office in Warsaw, ul. Twarda 18, 00-105 Warsaw, registered by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register, KRS number 0000871644, NIP 5252844527, REGON 387648681, with a share capital of PLN 5,000.00, phone: +48 600521272, e-mail: biuro@xymen.pl

You can contact us regarding your personal data by:

HOW DO WE PROCESS THE PERSONAL DATA YOU PROVIDE US WITH?

What personal data do we process and for what purposes do we process it?

On our website, we offer you many different services for which we process different personal data based on different legal bases.

GoalPersonal dataLegal basis for processingData retention period
conclusion and performance of the contractfirst name, last name, mailing address, Tax Identification Number (NIP), email address, phone numberArticle 6(1)(b) of the GDPR, i.e., processing for the purpose of taking actions at your request prior to entering into a contract, as well as processing necessary for the performance of a contract to which you are a party.to revoke any prior notice of termination of the agreement
contact formemail addressArticle 6(1)(f) of the GDPR, i.e., processing for the purpose of pursuing our legitimate interest, consisting in maintaining continuity of communication and enabling contact with us regarding our business activitiesuntil you object to the processing of your personal data
establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authoritiesfirst name, last name, address, PESEL, Tax Identification Number (NIP), REGON, email address, phone number, IP address, bank account number, payment card numberArticle 6(1)(f) of the GDPR, i.e., processing for the purpose of pursuing our legitimate interest, consisting in establishing, asserting, and enforcing claims, as well as defending against claims in proceedings before courts and other public authoritiesto revoke any prior notice of termination of the agreement
fulfillment of legal obligations arising from the law, in particular tax and accounting regulationsfirst name, last name, company name, PESEL, NIP or REGON, email address, phone number, correspondence address, payment card numberArticle 6(1)(c) of the GDPR, i.e., the processing is necessary for compliance with the legal obligations to which we are subject, arising from the provisions of law, in particular tax and accounting regulations.until the expiration of the legal obligation imposed on the Administrator that justified the transfer of personal data

 

Voluntary provision of personal data

Providing the required personal data is voluntary, but it is a condition for us to provide services to you.

Recipients of personal data

You can find the current list of entities to which we disclose your personal data here.

Automated decision-making (including profiling)

Based on the information you provide in your account, such as data regarding the services you use, information obtained through cookies—including location data—as well as your previous behavior and interests in specific goods or services, personalized offers and marketing information, such as products complementary to those you have viewed, will be prepared. The Administrator uses cookies on its website, which are short text files stored on your phone, tablet, computer, or other device used to access the website. These files can be read by the system, as well as by systems of other entities whose services the Administrator uses, such as Facebook, Google, and Instagram. More information about cookies can be found in the Cookie Policy.

Will we transfer your personal data outside the EEA or to an international organisation?

To use the Hotjar statistical tool, your personal data may be transferred to the United States. In accordance with the privacy policy of the tool, Hotjar has taken appropriate safeguards to protect your personal data and requires that external service providers and partners also have appropriate safeguards in place. For more information, please see Hotjar’s Privacy Policy at the following link: https://www.hotjar.com/legal/policies/privacy/

WHAT RIGHTS DO YOU HAVE IN CONNECTION WITH OUR PROCESSING OF YOUR PERSONAL DATA?

Under the GDPR, you have the right to:

If you submit any of the above-mentioned requests to us, we will provide you with information about the actions taken in response to your request without undue delay, and in any case, within one month of receiving it.

If necessary, we may extend the one-month period by an additional two months due to the complex nature of the request or the number of requests.

In any case, we will inform you within one month of receiving the request about the extension of the period and provide you with the reasons for the delay.

Right of access to personal data (Article 15 of the GDPR)

You have the right to obtain information about whether we are processing your personal data. If we are processing your personal data, you have the right to:

If you wish to request access to your personal data, please submit your request to: biuro@xymen.pl.

The right to rectification of personal data (Article 16 of the GDPR)

If your personal data are incorrect, you have the right to request that we promptly correct your personal data. You also have the right to request that we complete your personal data. If you wish to request the correction or completion of your personal data, please send your request to: biuro@xymen.pl.

The right to have personal data deleted, the so-called “right to be forgotten” (Article 17 GDPR)

You have the right to request the deletion of your personal data when:

Even if you have submitted a request to delete your personal data, we may continue to process your data for the purpose of establishing, pursuing, or defending claims, and you will be informed accordingly.

If you wish to request the deletion of your personal data, please submit your request to the following address: biuro@xymen.pl.

The right to request the restriction of the processing of personal data (Article 18 of the GDPR)

You have the right to request the restriction of the processing of your personal data when:

If you wish to request a restriction on the processing of your personal data, please submit your request to: biuro@xymen.pl.

The right to object to the processing of personal data (Article 21 of the GDPR)

You have the right to object at any time to the processing of your personal data, including profiling, in connection with:

If you wish to object to the processing of your personal data, please submit your request to: biuro@xymen.pl.

The right to data portability (Article 20 of the GDPR)

You have the right to receive your personal data from us in a structured, commonly used, machine-readable format and to transmit it to another data controller.
By default, your personal data will be provided in CSV format. If you prefer a different format, please indicate your preferred format in your request. Whenever possible, we will make every effort to provide your data in the format you prefer.

You can also request that we transfer your personal data directly to another controller (if technically possible).

If you wish to request the transfer of your personal data, please submit your request to the following address: biuro@xymen.pl.

Lodging a complaint with the supervisory authority

If you believe that the processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, your place of work, or the location of the alleged infringement.

In Poland, the supervisory authority within the meaning of the GDPR is the President of the Personal Data Protection Office, who replaced the former GIODO on 25 May 2018.