RODO information obligation

The following information is a concise, understandable and clear summary of the information provided in Privacy Policy regarding the Data Controller, the purpose and manner of processing of personal data and your rights in connection with such processing, in the form required to comply with the information obligation of the DPA. Details of the manner of processing and the entities involved in the process are available in the indicated policy.

Who is the data controller?

The Administrator of the Personal Data (hereinafter referred to as the Administrator) is the company "WENAR sp. z o.o.", conducting business at: 322 Ciezynska Street, 43-300 Bielsko-Biała, with assigned tax identification number (NIP): 9372662222, with assigned KRS number: 0000412028, providing services electronically through the Service

How can the data controller be contacted?

The Administrator can be contacted in one of the following ways

Postal address - WENAR sp. z o.o., 322 Ciezynska St., 43-300 Bielsko-Biala
E-mail address - info@wenar.pl
Phone connection - +48 33 445 13 31
Contact form - available at: /contact

Has the Administrator appointed a Personal Data Inspector?

The Administrator has appointed a Data Protection Supervisor, who is Roberto Ventura.

The Supervisor can be contacted via:

via email by writing to: ventura@wenar.pl,
by telephone at: +48 33 445 13 31,
or in writing by writing to the address ul. Cieszynska 322, 43-300 Bielsko-Biała.

The Data Protection Officer can be contacted on all matters concerning the processing of personal data.

Where do we obtain personal data from and what are its sources?

Data is obtained from the following sources:

from data subjects
in the case of registrations using social networks, with the informed consent of those individuals, from those social networks

What is the scope of the personal data we process?

The site processes ordinary personal data, voluntarily provided by the subjects
(E.g., name, login, email address, phone, IP address, etc.)

The detailed scope of data processed is available in the Privacy Policy

What are the purposes of our data processing?

Personal data voluntarily provided by Users is processed for one of the following purposes:

Realization of electronic services:
- Services of registration and maintenance of the User's account on the Website and functionalities related to it
- Newsletter services (including sending advertising content with consent)
- Services for commenting / liking posts on the Service without registering
The Administrator's communication with Users on matters related to the Service and data protection
Provide for the legitimate interest of the Administrator

What are the legal bases for data processing?

The Service collects and processes Users' data on the basis of:

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
- Article 6(1)(a)
  the data subject has consented to the processing of his/her personal data for one or more specified purposes

The Act of May 10, 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)

Act of July 16, 2004. Telecommunications Law (Journal of Laws 2004 No. 171 item 1800)

Act of February 4, 1994 on Copyright and Related Rights (Journal of Laws 1994 No. 24 item 83)

What is the legitimate interest pursued by the Administrator?

For the purpose of possibly establishing, investigating or defending against claims - the legal basis for processing is our legitimate interest (Article 6(1)(f) RODO) in protecting our rights, including but not limited to;
For the purpose of risk assessment of potential customers
For the purpose of evaluating planned marketing campaigns
For the purpose of direct marketing

For what period of time do we process personal data?

As a general rule, the personal data indicated are kept only for the period of providing the service within the framework of the service provided by the Administrator. They are deleted or anonymized within a period of up to 30 days from the termination of the provision of services (e.g. deletion of a registered user account, unsubscribing from the Newsletter list, etc.)

In exceptional situations, in order to secure the legitimate interest pursued by the Administrator, this period may be extended. In such a situation, the Administrator will keep the indicated data, from the time of the User's request for deletion, no longer than for a period of 3 years in case of violation or suspected violation of the provisions of the Terms of Service by the data subject.

Who is the recipient of data including personal data?

As a rule, the only recipient of data is the Administrator.

Data processing may, however, be entrusted to other entities that perform services for the Administrator in order to maintain the operations of the Service.

Such entities may include, but are not limited to:

Hosting companies, providing hosting or related services to the Administrator
Firms through which the Newsletter service is provided
IT service and support companies performing maintenance or responsible for maintaining IT infrastructure
Firms mediating online payments for goods or services offered on the Site (when making purchase transactions on the Site)
Firms responsible for the Administrator's bookkeeping (in case of making purchase transactions on the Service)
Firms responsible for the delivery of physical products to the User (postal/courier services in case of making purchase transactions on the Service)

Will your personal data be transferred outside the European Union?

Personal data will not be transferred outside the European Union unless published as a result of an individual action of the User (e.g., entering a comment or entry), which will make the data available to any visitor to the Service.

Will personal data be the basis for automated decision-making?"

Personal data will not be used for automated decision-making (profiling).

What rights do you have related to the processing of personal data?

Right to access personal data
Users have the right to obtain access to their personal data, exercised upon request made to the Administrator
Right to rectify personal data
Users have the right to request the Administrator to promptly rectify personal data that is incorrect and/or to complete incomplete personal data, exercised upon request submitted to the Administrator
Right to delete personal data
Users have the right to request the Administrator to delete their personal data immediately, exercised upon request submitted to the Administrator.

In the case of user accounts, deletion of data consists in anonymization of data allowing identification of the User.

In the case of the Newsletter service, the User has the possibility to delete his/her personal data on his/her own by using the link placed in each e-mail message sent.
Right to limit processing of personal data
Users have the right to restrict the processing of personal data in the cases indicated in Article 18 of the RODO, such as questioning the correctness of personal data, exercised upon request submitted to the Administrator
Right to portability of personal data
Users have the right to obtain from the Administrator, personal data concerning the User in a structured, commonly used, machine-readable format, exercised upon request made to the Administrator
Right to object to the processing of personal data
Users have the right to object to the processing of their personal data in the cases specified in Article 21 of the RODO, exercised upon request made to the Administrator
Right to lodge a complaint
Users have the right to lodge a complaint with a supervisory authority dealing with personal data protection.