Privacy policy

PERSONAL DATA PRIVACY POLICY (GDPR)

 

www.fourmacja.com

Effective from: 01.08.2025

§1

Identity of the Data Controller

  1. The controller of personal data provided during the use of the online service under the name www.fourmacja.pl is Fourmacja Sp. z o.o., with its registered office at Rubinowa 62, 26-200 Koczwara, Poland, NIP 522 303 34 01, KRS 0000566356.

  2. Data is processed in accordance with the applicable law, i.e., Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter: GDPR), the Polish Personal Data Protection Act of 10 May 2018, and the Act of 12 July 2024 on Electronic Communications Law.

  3. This Privacy Policy covers the rules of processing data of Users of the Website, persons entering into contracts with the Data Controller, data collected through contact with the Data Controller (email, telephone, traditional correspondence), as well as persons who like and/or follow the Controller’s social media fanpage, if operated.

§2

Definitions

  1. For the purpose of this policy, the following definitions apply:
    • Data Controller – the entity that decides on the purpose and means of processing data; in this policy, it refers to: Fourmacja Sp. z o.o., Rubinowa 62, 26-200 Koczwara, Poland, email: biuro@fourmacja.pl, tel.: +48 570 771 354.
    • Personal data – any information that, without excessive time or cost, may lead to the identification of a natural person, including identification, address, and contact details.
    • Third country – a country outside the European Economic Area (EEA).
    • Service/Website – the website available at www.fourmacja.pl, through which the User may browse content, subscribe to the newsletter, or contact the Data Controller using the data or forms available on the site.
    • User/data subject – a natural person whose data is processed and who uses the services available on the Website.

§3

Purposes of Personal Data Processing

  1. The Data Controller processes personal data only when permitted by applicable law, including for the following purposes:
    • preparing and executing a contract to which the data subject is a party, and exercising rights arising therefrom – based on Art. 6(1)(b) GDPR,
    • issuing invoices or bills, maintaining accounting and tax records – based on Art. 6(1)(c) GDPR, i.e., for compliance with legal obligations under the Polish Tax Ordinance Act of 29 August 1997,
    • taking actions at the request of the data subject, including responding to inquiries sent electronically or handling traditional correspondence – based on Art. 6(1)(b) GDPR,
    • sending requested marketing information electronically (newsletter) to the User’s email address – based on the User’s consent under Art. 6(1)(a) GDPR and Art. 398 of the Electronic Communications Law of 12 July 2024,
    • marketing of the Controller’s own products and services by traditional means – based on Art. 6(1)(f) GDPR, i.e., the legitimate interests of the Data Controller or the data subject,
    • pursuing claims and rights by the Data Controller or the data subject – based on Art. 6(1)(f) GDPR.
  2. Providing personal data is necessary for contract performance, issuing accounting documents, pursuing claims, or responding to User inquiries. Providing data in other cases is voluntary.
  3. Failure to provide required data makes it impossible to perform the contract, issue invoices, or respond to the User’s request.

§4

Methods of Collecting Personal Data

  1. User’s personal data is collected directly from the data subject, including:
    • completing the contact form on the Website,
    • completing the newsletter subscription form,
    • providing data for preparing, concluding, and executing a contract through available contact methods,
    • direct contact with the Data Controller via the contact details provided on the Website or in person at the business premises.

§5

Scope of Processed Personal Data

  1. The scope of processed personal data is limited to the minimum necessary to provide services, including:
    • inquiry via contact form or using the contact details provided on the Website: email address, telephone number, first and last name,
    • newsletter subscription: first name, email address,
    • issuing invoices or other accounting documents: first and last name or business name, business address, VAT number (TIN),
    • preparing, concluding, and executing a contract: first and last name, business name, business address, VAT number (TIN).

§6

Retention Period of Personal Data

  1. The data retention period depends on the purpose for which the data was collected:
    • contract execution – for the period necessary to document it, including invoices – 5 years from the end of the calendar year in which the tax payment deadline expired, under the VAT Act of 11 March 2004 and the Tax Ordinance Act of 29 August 1997,
    • sending marketing information (newsletter) – until consent is withdrawn, without affecting the lawfulness of processing prior to withdrawal,
    • responding to inquiries via contact form or phone – for no longer than 6 months, unless a contract is concluded,
    • pursuing claims – under Art. 118 of the Polish Civil Code of 23 April 1964 (general limitation period is six years, three years for periodic claims and those related to business activity).

§7

Recipients of Personal Data

  1. Personal data may be shared with third parties providing services for the Controller, including:
    • website hosting,
    • email hosting,
    • IT systems support and maintenance (including newsletter automation, invoicing),
    • accounting services (accounting office),
    • marketing services (virtual assistant, marketing agency, social media manager, etc.).
  2. Personal data may also be disclosed to courier/postal services and banks.

§8

Transfer of Data Outside the EEA

  1. User’s personal data is not transferred outside the European Economic Area (EEA) or to international organizations.

§9

Data Controller’s Social Media Fanpage

  1. The Data Controller is also a joint controller of the data of followers of its social media fanpage – in particular those who interact via Facebook at https://www.facebook.com/fourmacja
  2. In other respects, the controller of Users’ data on these platforms is Meta Platforms, Inc., Menlo Park, California/Meta Platforms Ireland Limited. Processing is carried out under the terms and privacy policies of these services, available at: https://www.facebook.com/privacy
  3. Personal data of Users will be processed in the United States. Transfer of data to the USA takes place under the European Commission’s adequacy decision of 10 July 2023 regarding the EU-US Data Privacy Framework, applicable to providers listed by the US Department of Commerce, including Meta Platforms, Inc.

§10

Rights of Data Subjects

  1. Data subjects have the right to:
    • access their personal data, including obtaining a free copy,
    • rectify incorrect or outdated data,
    • erase data unless other legal provisions require retention,
    • data portability, where processing is based on a contract or consent and is carried out by automated means,
    • withdraw consent, if processing was based on consent (withdrawal does not affect lawfulness of prior processing),
    • object to processing – on grounds relating to their particular situation, if processing is based on Art. 6(1)(e) or (f) GDPR, including the right to restrict processing,
    • not be subject to automated decision-making, including profiling, if such decisions produce legal effects or similarly significantly affect them,
    • obtain information about the Data Controller, purposes, scope, methods of processing, content, source, and recipients of data.
  2. To exercise these rights, contact the Data Controller.
  3. Data subjects also have the right to lodge a complaint with the Polish Data Protection Authority (UODO), ul. Stawki 2, 00-193 Warsaw, if processing violates the GDPR.

§11

Final Provisions

If this Privacy Policy is amended, particularly due to technical changes or legal updates, modifications will be introduced and become effective within 14 days of publication on the Website.

Visit our online store
Visit our online store