§1 Who is the Controller of your personal data?
The data controller is Przemysław Staszek, conducting business activity under the name BOSS BUILDING PRZEMYSŁAW STASZEK, NIP: 6342974174, REGON: 385633296, address: ul. 3 Maja, no. 22, unit 2c, 40-096 Katowice, business address: ul. 3 Maja, no. 22, unit 2c, 40-096 Katowice,
§2 For what purpose do we collect your data and how long do we store it?
We may process your data for the following purposes:
1. Communication with you, including responding to questions submitted via the contact form, e-mail, etc.;
The data will be processed on the basis of the Controller’s legitimate interest in communicating with Website Users (Art. 6(1)(f) GDPR). Your data will be processed no longer than until you object or the business purpose ceases. Providing this data is voluntary, but necessary to communicate with you. The data may also be processed during the archiving process for internal purposes, based on the Controller’s legitimate interest (Art. 6(1)(f) GDPR), until you object or the business purpose ceases.
2. Conclusion and performance of a contract (booking an appointment);
3. Establishment, defense and pursuit of claims;
4. Fulfillment of legal obligations incumbent on the Controller (including tax and archiving obligations);
Data necessary to conclude and perform a contract will be processed for the duration of the contract, including the period of exercising rights arising from the contract, such as the right to warranty claims (Art. 6(1)(b) and (f) GDPR). Providing this data is voluntary, but necessary to conclude and perform the contract.
Additional data provided for the purpose of facilitating contract performance will be processed no longer than until you object or the business purpose ceases, based on the legitimate interest of customer service (Art. 6(1)(f) GDPR).
After this period, the data will be processed for the limitation period of claims, based on the Controller’s legitimate interest in defending against claims, as well as establishing and pursuing claims (Art. 6(1)(f) GDPR).
Where data is necessary to comply with the Controller’s legal obligations (e.g. issuing and storing invoices, implementing procedures arising from the Digital Services Act), the data will be processed for this purpose for no longer than 6 years (archiving obligations regarding accounting documents), unless the law provides otherwise (Art. 6(1)(c) GDPR).
The data may also be archived for internal and statistical purposes, until you object or the business purpose ceases, based on the Controller’s legitimate interest (Art. 6(1)(f) GDPR).
5. Providing marketing information (including sending newsletters and information about services, products, promotions, free content through other tools, e.g. chatbot, telephone);
The data will be processed on the basis of the Controller’s legitimate interest in marketing the Controller’s products and services (Art. 6(1)(f) GDPR). The data will be processed no longer than until you object or the business purpose ceases – whichever occurs first. Providing the data is voluntary, but necessary to receive marketing/commercial information.
In accordance with Article 10 of the Act on the provision of electronic services, for the purposes of maintaining commercial and telephone communication, I need your consent. You can withdraw it at any time by sending a message to admin@bossbuilding.pl
6. Administering and managing pages and groups on social media platforms (including Facebook (Meta), Instagram, LinkedIn), in the case of processing data on social media platforms, including communication and targeting marketing content;
This data will be processed only if you decide to: like the page / join the group / select the “Follow” option or otherwise leave your data on the platform managed by me, e.g. by posting or commenting. The data will be processed for the duration of the page/group or until you object, which may occur by unliking, unfollowing, deleting a comment/post, or otherwise as provided by the platform/page, or by contacting me. Please note that the rules relating to the page/fanpage/group are set by the Administrator, while the rules for using the social media platform on which the page/fanpage/group is located are set by the entity managing that platform.
7. Analytical and statistical purposes;
Processing data for analytical and statistical purposes involves, in particular, the analysis of data obtained automatically when using the website, including cookies. The data is processed on the basis of the Controller’s legitimate interest in adapting the content of the Website to the User’s preferences and optimizing the use of the Website; creating statistics that help to understand how Users use the Website, which enables improvement of its structure and content (Art. 6(1)(f) GDPR). The data may also be archived for internal and statistical purposes, based on the Controller’s legitimate interest (Art. 6(1)(f) GDPR), until you object or the business purpose ceases.
8. Posting comments;
The data visible on our Website with the posted comment is processed by us for the purpose of administering and maintaining the Website, as well as for communication with you, based on the Controller’s legitimate interest (Art. 6(1)(f) GDPR), for as long as necessary to achieve business purposes or until an objection is raised.
9. Promotion and marketing;
If you provide us with your data, in particular in the form of an opinion regarding a product or service, including image data, it will be processed on the basis of the Controller’s legitimate interest in marketing, to improve the quality of services and products and to promote the Controller’s services and products. This data will be processed for as long as necessary to achieve business purposes or until you object. Providing the data is voluntary.
10. Collecting sensitive data;
Sensitive data is collected for the purpose of contract performance and its proper execution – based on your informed and voluntary consent (Art. 9(2)(a) GDPR) – until the business purpose ceases or the consent is withdrawn. Providing the data is voluntary, but necessary for the proper performance of the contract.
11. Recruitment;
The data may be processed for the time necessary for the recruitment process and the conclusion of a contract (Art. 6 sec.1 letter b and Art. 6 sec.1 letter c GDPR), and in the case of additional data voluntarily provided – on the basis of your consent. They may also be used for future recruitment purposes – based on your consent – for a maximum period of 3 years (this period is counted from the end of the year in which the application was received). Providing personal data is voluntary, however, providing certain data may be necessary for carrying out the recruitment process as well as for concluding a contract. The consequence of not providing this data will be the inability to take the above-mentioned actions.
§3 To whom may we transfer your data?
We transfer your data to other entities only when it is necessary to achieve the processing purposes referred to in §2, and only to the extent necessary to achieve this purpose. As a rule, we collect and process only the data that you have provided to us, subject to data collected automatically (cookies). More about cookies can be found in §7.
If necessary, your data may be transferred to entities with which we cooperate in achieving the above-mentioned purposes, in particular to the hosting company, the company handling online reservations, the IT company / website management entity, the accounting and bookkeeping service provider, the company providing invoicing software, the cloud service provider, the social media platform, and other entities supporting the Controller in achieving the purposes of processing.
As a rule, data will not be transferred outside the EEA, except in the situations described below. In other cases, when data will be transferred outside the EEA, it will be based on your consent, standard contractual clauses, or other safeguards provided by the GDPR, after fulfilling, among other things, the information obligation.
Services provided by Google or Facebook (META) are generally performed by entities based in the European Union. However, due to the global nature of these entities, your data may be transferred to the USA in connection with their storage on American servers (in whole or in part). Regardless of this, Google and Facebook have implemented safeguards compliant with the requirements of the GDPR to protect personal data, through the use of standard contractual clauses. More information on the rules of data processing by these providers can be found in the Privacy Policies of each of these entities.
§4 What rights do you have?
In connection with the GDPR, you have the right to access your personal data, rectify personal data, delete personal data, restrict the processing of personal data, object to the processing of personal data, transfer personal data, withdraw consent to data processing; withdrawal of consent does not affect the lawfulness of the processing carried out before its withdrawal. Detailed information regarding the above-mentioned rights is included in the GDPR, i.e. in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
If you believe that your personal data is being processed unlawfully, you have the right to lodge a complaint with the President of the Office for Personal Data Protection. However, in such a case, I encourage you to contact me first in order to clarify your concerns.
§5 Is your data subject to profiling?
The Controller analyzes personal data in an automated manner, using tools provided by software providers (e.g., through statistics, history), solely to the extent that does not create any legal effects concerning you or significantly affect your situation, including your guaranteed rights and freedoms. The purpose of processing data in an automated manner is to learn about Users’ preferences (more information on analysis can be found in §7 Cookie Policy).
§6 Legal provisions applicable to personal data
In matters not regulated herein, the applicable provisions of law shall apply, including European law (in particular GDPR).
§7 Cookie Policy
The website does not automatically collect any information, except for the information contained in cookies. These data are collected in a way that does not allow the User to be identified, so-called anonymous data.
Cookies are IT data, in particular text files, which are stored on the User’s end device and are intended for use with the Website. Cookies usually contain the name of the website they come from, the time of storage on the end device, and a unique number.
Cookies are used to: adapt the content of the Website to the User’s preferences and to optimize the use of the Website, as well as to create statistics that help understand how Users use the Website, which allows improving its structure and content.
You can independently change your cookie settings. In many cases, the web browser by default allows cookies to be stored on the User’s end device. Detailed information on the possibilities and ways of handling cookies is available in the settings of the software (web browser). Not giving consent to cookies may limit the functionality of certain features of the Website.
You can independently change your cookie settings. In many cases, the web browser by default allows cookies to be stored on the User’s end device. Detailed information on the possibilities and ways of handling cookies is available in the settings of the software (web browser). Not giving consent to cookies may limit the functionality of certain features of the Website.
The Controller uses technologies to track actions taken by the User on the Website:
– Facebook (Meta) conversion pixel provided by Meta Platforms Ireland Limited – for the purpose of managing ads on Meta and conducting remarketing activities; Facebook Pixel is a piece of code published on a website that allows reaching a target group based on data of people who have used the website. As part of the Facebook Pixel function, it is therefore possible to display published ads on Meta-owned portals only to portal users who have shown interest in products or services or share common factors with such people. These data are processed based on the legitimate interest of the Controller (Art. 6 sec. 1 letter f GDPR). Detailed information about the Facebook Pixel can be found on Meta’s Privacy Policy page.
– Google tools, including Google Analytics, Google Ads provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data obtained when using these tools are used for analyzing Website statistics. Google Analytics and Google Ads use their own cookies to analyze actions and behaviors of Website Users. These files are used to store information, e.g., from which site the User came to the current website. They help improve the Website. These data are processed based on the legitimate interest of the Controller (Art. 6 sec. 1 letter f GDPR). Detailed information about Google Analytics and Google Ads can be found on the Google Tools Terms of Use page.
§8 Social Media Plugins
The Website uses plugins, widgets, and other social tools provided by platforms such as Facebook (Meta), Instagram, YouTube, and LinkedIn. The rules regarding the processing of personal data are described directly on the websites of the aforementioned providers.
§9 Joint Controllership
Data processed for the purpose of statistics collected within the Facebook (Meta) platform is jointly controlled by the Administrator and Meta Platforms Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as the Joint Controller. Detailed rules concerning joint controllership, including information about your rights, are described on the Privacy Policy page.
Data processed within the LinkedIn platform is jointly controlled by the Administrator and LinkedIn Ireland Unlimited Company, address: Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland, hereinafter referred to as the Joint Controller. Detailed rules concerning joint controllership, including information about your rights, are described on the Privacy Policy page.
The Administrator processes data based on the Administrator’s legitimate interest, which consists of analyzing User activity as well as their preferences in order to improve the functionalities used and the services provided. In matters related to personal data, you may contact either the Administrator or the Joint Controller.