Privacy Policy

www.oteko.pl

Effective date: June 9, 2025

§ 1 GENERAL PROVISIONS

  1. The Administrator of personal data collected via the website www.oteko.pl is [COMPANY NAME], conducting business under the name [COMPANY NAME], with its registered office at: 05-155 Leoncin, Nowy Secymin 7, mailing address: [MAILING ADDRESS], NIP: 5311715784, REGON: 522610384, entered into the Central Registration and Information on Economic Activity (CEIDG), email: kontakt@oteko.pl, hereinafter referred to as the “Administrator,” who is also the Service Provider.

  2. The personal data collected by the Administrator via the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), the Polish Personal Data Protection Act of May 10, 2018, and other applicable laws.

§ 2 TYPES OF PROCESSED PERSONAL DATA, PURPOSE, LEGAL BASIS AND SCOPE OF DATA COLLECTION

1. PURPOSE OF PROCESSING AND LEGAL BASIS

The Administrator processes personal data via www.oteko.pl in the following cases:

a) When the user uses the contact form – the legal basis is the Administrator’s legitimate interest (Article 6(1)(f) GDPR), i.e., handling user inquiries and correspondence.

b) When the user subscribes to the newsletter to receive commercial information electronically – the legal basis is the user’s consent (Article 6(1)(a) GDPR).

2. TYPES OF PROCESSED PERSONAL DATA

The Administrator may process the following categories of personal data:

  • First and last name

  • Email address

  • Phone number (if provided)

  • Address (only if necessary for correspondence or service performance)

Note: The Administrator does not collect date of birth or NIP (Tax Identification Number) unless required by law for specific contracts (e.g., B2B sales or invoicing).

3. VOLUNTARINESS OF PROVIDING DATA

Providing personal data is voluntary, but necessary to use the contact form or receive the newsletter. Failure to provide required data may prevent the execution of the requested service.

4. CONSEQUENCES OF NOT PROVIDING DATA

If you do not provide the required data, you may not be able to use certain services (e.g., receive responses via the contact form, subscribe to the newsletter).

5. STORAGE PERIOD

Personal data are stored:

a) If processing is based on contract performance – for the time necessary to execute the contract and thereafter for the period corresponding to the statute of limitations for claims.

b) If processing is based on consent – until consent is withdrawn, and thereafter for the period corresponding to the statute of limitations for claims.

§ 2A AUTOMATED DECISION-MAKING AND PROFILING

Personal data may be processed automatically, including profiling, if the user has given consent (Article 6(1)(a) GDPR). Profiling may involve analyzing preferences based on browsing history to customize marketing messages. Profiling does not result in legal effects or similarly significantly affect the user.

§ 3 SHARING PERSONAL DATA

  1. User data may be shared with service providers that support the operation of the website. These may be entities acting as data processors (processing data on behalf of the Administrator) or as independent data controllers (determining the purposes and means of processing).

  2. Recipients may include:

  • Hosting providers (e.g., nazwa.pl)

  • Newsletter service providers (e.g., MailerLite)

  • Analytical services (e.g., Google Analytics by Google Ireland Ltd.)

  • IT support providers

  1. Personal data are stored only within the European Economic Area (EEA).

    If personal data may be transferred outside the EEA (e.g., by Google Analytics), this will only occur in accordance with legal requirements and appropriate safeguards (e.g., standard contractual clauses).

§ 4 RIGHTS OF DATA SUBJECTS

  1. Each person whose data is processed has the right to:

  • Access their data (Article 15 GDPR)

  • Rectify their data (Article 16 GDPR)

  • Delete their data (“right to be forgotten,” Article 17 GDPR)

  • Restrict processing (Article 18 GDPR)

  • Data portability (Article 20 GDPR)

  • Object to processing (Article 21 GDPR)

  • Withdraw consent at any time (Article 7(3) GDPR) – withdrawal does not affect the lawfulness of processing based on consent before its withdrawal

  1. To exercise these rights, you can send an email to: kontakt@oteko.pl

  2. The Administrator will process your request without undue delay, no later than within one month of receipt. If an extension is necessary, you will be notified within one month.

  3. If you believe your personal data are being processed unlawfully, you have the right to lodge a complaint with the supervisory authority:

    • President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland, https://uodo.gov.pl/

§ 5 COOKIES POLICY

  1. The website uses “cookies” – small text files stored on the user’s device.

  2. Cookies are necessary for the proper provision of services. Some cookies are essential for the functioning of the site and do not require consent (technical/necessary cookies).

  3. The website uses:

    • Session cookies – temporary files, deleted when you leave the site or close the browser.

    • Persistent cookies – stored for a specified period or until deleted by the user.

  4. Analytical and marketing cookies are used only after the user gives explicit consent via the cookie banner (Article 6(1)(a) GDPR, ePrivacy Directive 2002/58/EC). You can manage your preferences in the banner or your browser settings.

  5. The Administrator uses its own cookies to better understand how users interact with the site, e.g., page visits, time spent, etc. These cookies do not directly collect personal data.

  6. You can configure your browser to decide whether and how cookies are accepted or rejected. Details are available in your browser’s settings.

§ 6 CHILDREN’S DATA

Services provided via the website are not intended for individuals under the age of 16. The Administrator does not knowingly collect personal data from children without parental consent.

§ 7 FINAL PROVISIONS

  1. The Administrator applies appropriate technical and organizational measures to ensure data security and protection against unauthorized access, unlawful acquisition, alteration, loss, damage, or destruction.

  2. Matters not covered by this Privacy Policy are governed by the provisions of the GDPR, the Personal Data Protection Act, and other relevant Polish laws.

  3. This Privacy Policy is effective as of June 9, 2025. The Administrator may update it from time to time. Any changes will be published on this website with a revised date.