Privacy Policy

Privacy Policy of
VETRO SYSTEMS Sp. z o. o.
of October 29, 2023

VETRO SYSTEMS SP Z O.O., as the owner of the website www.vetrosystems.pl, makes every effort to ensure that your privacy is adequately protected. In order to implement the lawful (GDPR), transparent and secure processing of your personal data, we adopt the following privacy policy.

Pursuant to Art. 13 section 1 and section 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), we inform:

1. General information:

    • Personal Data Controller within the meaning of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ EU L 2016, No. 119) (hereinafter referred to as GDPR) is VETRO SYSTEMS SP Z O.O., tax ID [NIP] no.: 522-310-23-26, REGON no.: 368482040, National Court Register [KRS] no.: 00006985597, with its registered office at 05-082 WOJCIESZYN, ul. WARSZAWSKA 549, tel. 22 487 16 56, e-mail:biuro@vetrosystems.pl.
    • User within the meaning of this Privacy Policy is a natural person using the Controller’s websites, including the Controller’s contact forms
    • Contact in matters concerning the processing of personal data by the Controller: biuro@vetrosystems.pl
2. Purpose of data processing by the Controller.
    • The User entrusts the processing of personal data to the Controller in order to process recruitment, inquiries or orders placed via the contact form.
    • Providing personal data by the User during contact is voluntary, and the data provided will be used (where applicable) only for:
      • Provide an answer.
      • Presenting the Controller’s offer.
      • Security of the Controller’s network systems (e.g. protection against spam and DDOS attacks).
      • To measure audiences on the web.
      • Employee recruitment.
    • Expressing consent by providing contact details is voluntary, but in some cases failure to provide them may make it impossible to process an inquiry/order submitted via the contact form.

3. Legal basis for data processing by the Controller.

    • The legal basis for the processing of personal data for the purposes set out in 2.b.a. and 2.b.b. is the User’s consent (Article 6.1.a) of the GDPR), and/or Article 6.1.b) of the GDPR if the User expresses his/her willingness to conclude a contract.
    • The premise for the processing of personal data for the purpose specified in 2.b.c is the legitimate interest pursued by the Controller (Article 6.1.f) of the GDPR), and the legal basis is Recital 49 of the GDPR and the Regulation of the Minister of Interior and Administration of April 29, 2004 regarding documentation of personal data processing and technical and organisational conditions that should be met by devices and IT systems used to process personal data.
    • The premise for the processing of personal data for the purpose specified in point 2.b.d is the legitimate interest pursued by the Controller (Article 6.1.f) of the GDPR), and the legal basis is Article 8 point 1 d) of the Regulation of the European Parliament and of the Council on the respect for private life and protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on privacy and electronic communications).
    • Personal data for the purpose stated in 2.b.e. are processed due to the desire to conclude a contract (Article 6. 1. b) of the GDPR), and the legal basis for the collected data is Art. 221 § 1 of the Labor Code

4. The scope of data processing by the Controller

    • For the purposes specified in 2.b.a and 2.b.b., to the extent that the User voluntarily provides, the Controller may process:
      • name and surname (contact person)
      • contact telephone number
      • e-mail address for contact
      • Internet domain address (and possibly other related data provided by the User)
      • other data provided by the Use
    • For the purpose stated in 2.b.c.:
      • IP address
      • meta data sent by the browser (or other end device connecting to the Controller’s website)
    • For the purpose stated in b.d.:
      • meta data sent by the browser
    • For the purpose specified in point 2.b.e. (recruitment), we will ask the person applying for employment to provide data such as: name and surname, date of birth, place of residence (correspondence address), education and previous employment history.
    • Recipients of personal data and transfer of personal data to a third country:
      • The User’s personal data related to the purposes listed in points 2.b.a. until 2nd b.c. and 2.b.e. will only be processed by the Controller.
      • Data related to the purpose in point 2.b.d. will be processed by the Controller and its partner, Google Inc. based in the USA, whose web audience measurement tool (Google Analytics) is used by the Controller. This data is anonymous and is not shared further.
      • Google, which performs the web audience measurement service for the Controller, has joined the EU-US Privacy Shield agreement, and in accordance with the decision of the European Commission of July 12, 2016 IP/16/216 transfer of personal data to entities based in the United States that have joined the above-mentioned. agreement, ensures an adequate level of protection of personal data, in accordance with Art. 45 GDPR;
    • The User’s personal data may be made available to entities from the Controller’s capital group and to the Controller’s partners with whom the Controller cooperates by combining products or services. In the event of cooperation, subcontractors (processing entities) may also have access to the data, such as: accounting companies, hosting companies.

6. Rights of the User whose data is processed.

    • The User has the right to:
      • access to your personal data,
      • rectification of personal data,
      • deletion of personal data,
      • restrictions on the processing of personal data
      • transfer of personal data
      • object to the processing of personal data
      • Withdrawal of consent previously expressed to the processing of personal data
    • To exercise their rights, the User should send an e-mail to the address provided in 1.a., a letter to the registered office address provided in 1.a. or contact us by phone at the number provided in 1.a.
    • The Controller executes the User’s request immediately, provided that deleting or limiting the possibility of data processing may affect the possibility or scope of proper handling of the submitted inquiry/order.

6. Period of personal data processing by the Controller.

    • The Controller stores Users’ personal data for a period no longer than necessary to handle the submitted inquiry/order, including preparing a personalised commercial offer and enabling the Controller to perform his obligations.
    • At any time, the User may submit a request to delete his or her personal data. In such a case, they will be deleted immediately, but this may result in the processing of the submitted query being interrupted.

7. Information stored on the User’s end device (Cookies).

    • In order to ensure the correct operation of the website, and in particular to adapt the content of the website and advertisements to the User’s preferences and to optimise the use of the website, the Controller may use the processing and storage capabilities of the end device and may collect information from the User’s end device.
    • The data described in section 1 will be used by the Controller only to the extent necessary to provide the services requested by the User and to protect network systems.
    • The User can decide what data will be sent to the Controller by changing the settings of his browser (e.g. blocking the saving of cookies).
    • The website uses scripts analysing network traffic (Google Analytics) provided by Google Inc. based in the USA, (Google Adwords) provided by Google Ireland Limited based in Ireland, (Facebook) provided by Facebook Ireland Ltd. based in Ireland. These scripts may save data on the user’s end device (e.g. cookies). The user may not consent to this by blocking cookies and other data from third-party websites in his browser.
    • Instructions on how to change the settings described in items 3 and 4 can be found in the browser settings, its user manual or on the manufacturer’s website.
    • The user may delete cookies at any time using the available functions in the web browser he or she uses. Restricting the use of cookies may affect some of the functionalities available on the website.
    • In order to opt out of displaying personalised Google advertisements (AdWords and others) based on the use of the Website, the User may make appropriate changes to the advertising settings using the tool available at https://adssettings.google.pl/authenticated and clear cookies in the web browser. . If you wish to opt out of displaying personalised Facebook ads based on your use of the Website, you may make appropriate changes to your ad settings using the instructions provided at https://www.facebook.com/help/1075880512458213/ and clear cookies in your web browser. Blocking the collection of data by analytical tools of Google (Analytics, Optimise and others) and Facebook. The User can disable the acceptance of cookies and data from external websites in his browser settings, clear cookies in the web browser, use add-ons that block tools (e.g. https:/ /tools.google.com/dlpage/gaoptout/?hl=pl) or use the Website in a browser without saving information in cookies.
    • more information about cookies can be found on the website: http://wszystkoociasteczkach.pl/

8. Filing a complaint:

    • The User has the right to object to the processing of his personal data, on the basis of which the Controller will stop processing data in the indicated scope/purpose. To raise an objection, please send a message as described in point 5.b.
    • The User has the right to lodge a complaint against the Controller with the supervisory authority, which is the President of the Office for Personal Data Protection.

9. Controller’s duties

    • The Personal Data Controller undertakes to take measures to secure the processing of personal data within the scope specified in the Act, and in particular undertakes to:
    • Securing data against disclosure to unauthorised persons, removal by an unauthorised person, changes, damage or destruction.
    • Allowing personal data processing only to persons authorised by him.
    • Ensuring control over the accuracy of personal data processing.
    • Keeping records of persons authorised to process personal data, taking special care to ensure that persons authorised to process this data keep them secret, also after the Controller’s implementation is completed, including by informing them about the legal consequences of violating data confidentiality and receiving declarations on the obligation to keep this data secret.
    • Maintaining documentation required by law describing the method of processing entrusted personal data and technical and organisational measures ensuring protection of the processing of this data, including in particular: the Register of Data Processing Processes, the Personal Data Security Policy and the Instruction for Management of the IT System used for the Processing of Personal Data.
    • Ensuring that IT and telecommunications devices and systems used for the processing of personal data comply with the requirements of the Regulation of the Ministry of Internal Affairs and Administration of April 29, 2004 on the documentation of processed personal data and the technical and organisational conditions to be met by devices and systems.”