Models Offer Warsaw Katowice DNA FAQ Contact Request an offer
PL EN DE CZ UA
Lotus Poland · Legal information

Privacy Policy.

Note: Only the Polish version of this Privacy Policy is legally binding (Polish version). This English translation is provided for information purposes only.

This policy sets out the rules for processing the personal data of users of the lotuspoland.com website and the use of cookies. The data controller complies with the provisions of the GDPR and the Personal Data Protection Act.

1. Personal data controller

The controller of the personal data of the lotuspoland.com website is Pietrzak Premium Motors sp. z o.o. with its registered office at ul. Bocheńskiego 109, 40-816 Katowice.

2. Data protection commitments

The company complies with the provisions of the GDPR and the Personal Data Protection Act. Employees are trained in data processing, and procedures as well as technical and organisational safeguards ensuring the highest level of personal data protection have been implemented.

3. Data Protection Officer

The appointed Data Protection Officer: Witold Wlekliński.

Contact for matters relating to data processing:

4. Personal data collected

The website collects the following data:

5. Conditions for providing data

Providing data is necessary in the following cases:

6. Cookie technology

The website uses cookies in order to adapt the operation of the website to the individual needs of the user. Consent to store data is voluntary. The user may disable cookie handling in their browser settings.

7. Purpose and period of data processing

Data is processed for the purpose of providing the services offered within the website, applying the principle of minimisation. It is stored for the time necessary to achieve the purposes, with the possibility of a longer period where this results from legal provisions or from the nature of a continuous service (e.g. the newsletter).

8. Source of data

The source of the processed data is the data subjects themselves.

9. Transfer of data to third countries

As a rule, personal data is not transferred to third countries within the meaning of the GDPR provisions. The exception is aggregated statistical data processed by Google Analytics 4 (see point 11 and the Cookies Policy), which — solely with the user's consent — may be processed on Google's servers in the USA on the basis of the approved Data Privacy Framework mechanism.

10. Sharing data with third parties

Data is not shared with third parties without explicit consent, with the exception of public-law bodies (authorities, administration) authorised to do so under legal provisions.

11. Entrusting the processing

Data may be entrusted to entities processing it on behalf of the controller on the basis of a data processing agreement. This applies to:

12. Profiling

Personal data is not subject to profiling by the Controller.

13. Rights of the persons whose data is processed

In accordance with the GDPR, every person is entitled to the following rights:

Right to be informed (Art. 12 GDPR)

The Controller is obliged to provide information about its contact details, the details of the Officer, the purposes and legal bases of processing, the recipients of the data and the period of its storage.

Right of access to data (Art. 15 GDPR)

The right to view and access one's personal data. The first copy is issued free of charge, subsequent copies for a fee in accordance with the GDPR.

Right to rectification of data (Art. 16 GDPR)

The right to rectify, supplement and update data in the event of its change or inaccuracy.

Right to erasure of data — "the right to be forgotten" (Art. 17 GDPR)

The right to request the deletion of data, in particular where:

Right to restriction of processing (Art. 18 GDPR)

The right to request the restriction of processing where:

Right to data portability (Art. 20 GDPR)

The right to receive data in a machine-readable format and to transfer it to another controller, where the basis was consent or the data is processed automatically.

Right to object (Art. 21 GDPR)

The right to object to processing inconsistent with a legitimate purpose, in particular to direct marketing.

Right not to be subject to profiling (Art. 22 in conjunction with Art. 4(4) GDPR)

The user will not be subject to automated decision-making or profiling, unless they give their consent to it.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

The right to lodge a complaint with the President of the Personal Data Protection Office in the event of a violation of rights or non-compliance with the provisions.

14. Limitations of the right to erasure of data

The right to be forgotten does not apply where:

15. Exercising rights

In order to exercise your rights, you may:

16. Security breaches

Every identified security breach is documented. In the cases specified in the GDPR or the Act, the data subjects and the President of the Personal Data Protection Office (UODO) are informed of the breach.

17. Final provisions