PRIVACY POLICY IN ML FURNITURE LLC. LLP. /ML MEBLE SP. Z O.O. SP. K./
Table of contents
- Data of the company
- General provisions
- The use of personal data
- The rules for processing personal data
- Legal rights
- Contact details
- Deadline for fulfilling the requests
- Subcontractors, processors
- Control for personal data processing
- Data retention
- Authorisation
- The Cookiem files
I.Data of the company
As a responsible organization that is aware that the information is of a certain value and a resource that requires appropriate protection, we are committed to properly informing you about matters relating to the processing of personal data, particularly as regards the content of the new data protection rules, of which Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘RODO’).For this reason, this document provides key information about the legal bases for processing personal data, how they are collected and used, and about the rights of the data subjects.
ML furniture Ltd Limited partnership /Ml Meble Sp. z o.o. Sp. k./ Liw, 14 Zawadzka Street, 07-100 Węgrów entered in the Register of Entrepreneurs of the National Court Register kept by Commercial Division of the National Court Register for the Capital City of Warsaw, XIV Commercial Division of the National Court Register, under National Court Register number: 0000836453, NIP: 8241810213. Personal data is collected and processed in the manner and under the rules set out in this Policy.
II.General provisions
ML furniture Ltd Limited partnership we pay special attention to protecting the privacy of our customers, contractors, employees and co-workers. One of its key aspects is to protect the rights and freedoms of individuals in connection with the processing of their personal data.
The processing data is carried out in accordance with the provisions of the General Data Protection Regulation 2016/679/EC (called "GDPR"), the Act on Personal Data Protection,
and also special regulations (contained, among others, in the Labour Law or the Accounting Act).
ML furniture Ltd Limited partnership is the administrator of personal data within the meaning of Art. 4 pt. 7 of the GDPR, we also use the services of the processing entities referred to in Art. 4 pt. 8 GDPR - they process personal data on behalf of the administrator (e.g. accounting, IT and security companies).
ML furniture Ltd Limited partnership implements appropriate technical and organizational measures to ensure security degree corresponding to the possible risk of violation of the rights or individuals freedoms with different probability of occurrence and severity of the threat. Our activities in the field of personal data protection are based on adopted policies and procedures as well as regular training to raise the knowledge and competence of our employees and co-workers.
III.The use of personal data
As an employer, we process the data of employees and persons who cooperate with us on a basis other than the employment relationship. The contact data obtained from contractors (e.g. their employees) are used for concluding and efficient realization of contracts. We also conduct marketing activities and try to reach the widest possible range of stakeholders in order to provide them the latest information about our products and services.
The data is shared with third parties based on your consent or when we are obliged to do so by law.
IV.The rules for processing personal data
The interests of the data subjects are protected and, in particular, we ensure that the data remains:
- processed lawfully, reliably and clearly for the individual concerned;
- collected for specified, explicit and legitimate purposes and not further processed in a manner inconsistent with these objectives;
- pertinent, relevant and limited to what is necessary to achieve the purposes for which they are processed;
- appropriate and, where necessary, updated. We take steps to ensure that personal information that is inaccurate in light of the purposes for which it is processed is immediately deleted or corrected;
- kept in a form which permits identification of the data subject for no longer than is necessary for the purposes of processing;
- processed in a manner ensuring adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss or destruction.
Data is usually processed on the basis of consent, which can be withdrawn at any time. Another case is when the processing of your data is necessary for the performance of a contract to which you are a party or to take action at your request, even before the contract is concluded.
In some situations, the processing is necessary to fulfil a legal obligation incumbent on us as administrator. Such obligations arise, for example, from the provisions of labor law or the law about accounting.
Processing may also be necessary for the purposes of our legitimate business interests, as exemplified by the recovery of claims from our business activities.
V.Legal rights
We take appropriate measures to provide you with all relevant information in a concise, clearly, understandable and easily accessible form and to communicate with you on the processing of personal data in connection with the exercise of your right to access:
- information provided while collecting personal data;
- information provided on request - about whether the data are processed and other issues defined in Article 15 of the GDPR, including the right to a copy of the data;
- rectification of data;
- being forgotten;
- limitations of processing;
- data transfer;
- objections;
- not being subject to a decision based solely on automated processing (including profiling);
- information about a data breach.
Furthermore, if your personal data is processed on the basis of consent, you have the right to withdraw it. Consent can be withdrawn at any time, which does not affect the legitimacy of the processing carried out before withdrawal.
In order to contact us regarding the realization of a given law, please inform us via:
E-mail address: iodo@mlmeble.pl
Correspondence address: Liw, 14 Zawadzka Street, 07-100 Węgrów.
The security of your data is a priority for us, however, if you consider that by processing your personal data we are violating the rules of the GDPR you have the right to lodge a complaint to the Polish Data Protection Commissioner.
VI.Contact details
We provide information in writing or otherwise, where appropriate – electronically. If you request it, we may provide information orally as long as we confirm your identity by other means. If you submit your request electronically, the information will also be provided electronically, where possible, unless you indicate to us another preferred form of communication.
VII.Deadline for fulfilling the requests
We try to provide information immediately – as a rule, within one month of receiving the request. If necessary, this period may be extended by another two months due to the complexity of the request. In any case, however, we will inform you within one month after receiving the request about the action taken and (where applicable) the extension of the deadline, giving the reason for such delay.
VIII.Subcontractors, processors
If we cooperate with entities that process personal data on our behalf, we use only the services of such processing entities that provide sufficient guarantees of implementing appropriate technical and organizational measures to ensure that the processing of data fulfils the requirements of the GDPR and protects the rights of the data subjects.
We check in detail the entities we entrust to process your data. We conclude detailed agreements with them, as well as periodically check the compliance of processing operations with the content of such agreements and legal regulations.
The receivers of your personal data may be:
- entities and organs authorized to process personal data on the basis of the law, banks in case of the necessity of billing,
- institutions granting funding for the implementation of the contract concluded with the Administrator,
- entities cooperating within marketing campaigns,
- couriers,
- transport and forwarding companies,
- a company providing accounting services,
- a company providing IT services,
- hosting provider,
- systems and software providers,
- insurance company,
- the owner of the social network Facebook on the unchanged rules for data specified by Facebook available at https://www.facebook.com/about/privacy.
We may receive your personal information from our partners, online stores with which we operate on a drop-shipping model. The role of the webshop in this logistics model is to collect orders and send them to ML MEBLE Ltd Limited partnership, which carries out the shipment to the customer.
IX.Control of personal data processing
To fulfill legal requirements, we have established detailed procedures covering such issues as:
- data protection in the design phase and default data protection;
- data protection impact assessment;
- notification of violations;
- keeping a register of data processing operations;
- data retention;
- exercising data subjects' rights;
We regularly check and update our documentation in order to be able to demonstrate compliance with legal requirements in accordance with the GDPR principle of accountability, but also in the interests of the data subjects, we try to incorporate best market practices.
X.Data retention
We store personal data in a form that allows us to identify the data subject for no longer than is necessary for the purposes for which the data are processed. After such a period, we either anonymize the data (deprive the characteristics of identifying the person concerned) or delete it. In the retention procedure we ensure that the period of retention of personal data is limited to a strict minimum.
First of all, we determine the period of data processing on the basis of legal regulations (e.g. time of storage of employee records, accounting documents), as well as the justified interest of the administrator (e.g. marketing activities). The retention policy covers both data processed in paper and electronic form.
XI.Authorization
We ensure that anyone acting under our authority and having access to your personal data will only process it on our instruction, unless other requirements arise under Union or law of the Member State.
XII.The cookie files
The website's policy of using cookies.
- Cookie files (called "cookies") are IT data, in particular text files, which are stored in the final device of the Website User and are intended to use the Website. Cookies usually contain the name of the website from which they come from, the time they are stored on the terminal equipment and a unique number.
- The entity that places cookies on the terminal equipment of the Service User and obtaining access to them is the owner of the service.
- The cookie mechanism is not used to obtain any information about the website users or to track their navigation. Cookies used on the website do not store any personal data or other information collected from users and are used for statistical purposes.
- The default software used to browse the web sites (browser) allows the handling of cookies on the User's device on which it is activated. In most cases, the software can be configured by itself, including forcing automatic blocking of cookies. Issues related to the configuration of the way cookies are handled can be found in the software settings (web browsers). Please note that the settings of restrictions on the use of cookies may affect the operation of some functionalities of the site.
- The cookies are used to:
- adjusting the content of the Service's web sites to the User's preferences and optimizing the use of them; in particular, these files allow to recognize the Service User's device and to properly display the web site, adjusted to his individual needs;
- create statistics that help to understand how Service User operates the Web pages, which allows to improve their structure and content;
- maintaining the Service User session (after logging in), thanks to which the User does not have to re-enter his login and password on each subpage of the Service.
- The Website uses two basic types of cookies: "session" (session cookies) and "persistent" (persistent cookies). "Session" cookies are temporary files that are stored in the User's terminal device until the User logs out, leaves the website or turns off the software (web browser). "Persistent" cookies are stored in the User's terminal equipment for the time specified in the parameters of the cookies or until the User removes them.
- The following types of cookies are used in the Service:
- "necessary" cookie files, enabling the use of services available within the Service, e.g. authentication of cookie files used for services requiring authentication within the Service;
- “security cookies”, e.g., used to detect authentication fraud within the Service;
- "performance" cookies to collect information about how the Service's websites are used;
- "functional" cookies, enabling "remembering" the settings selected by the User and personalizing the User's interface, e.g. in the scope of the selected language or region from which the User comes from, font size, website appearance, etc.
Links to other pages on the website
The owner of the service informs that the service contains links to other websites. The owner of the site recommends that you read the privacy policies applicable there, as he is not responsible for them.
Protection of user data in the Service
The description of technical and organizational security measures is included in the Security Policy (personal data protection) of the service owner. In particular, the following safeguards are applied:
a) Data downloaded automatically by the server are secured by a mechanism of access authentication to the service.
b) The data collected from users during the registration process are secured by SSL (Secure Socket Layer) protocol and through the mechanism of access authentication to the service.
c) Access to the administration of the service is done using an authentication mechanism.