Privacy Policy.
Note: Only the Polish version of this Privacy Policy is legally binding (Polish version). This English translation is provided for information purposes only.
This policy sets out the rules for processing the personal data of users of the lotuspoland.com website and the use of cookies. The data controller complies with the provisions of the GDPR and the Personal Data Protection Act.
1. Personal data controller
The controller of the personal data of the lotuspoland.com website is Pietrzak Premium Motors sp. z o.o. with its registered office at ul. Bocheńskiego 109, 40-816 Katowice.
- KRS: 0000390642
- NIP: 6342789407
- REGON: 242561886
2. Data protection commitments
The company complies with the provisions of the GDPR and the Personal Data Protection Act. Employees are trained in data processing, and procedures as well as technical and organisational safeguards ensuring the highest level of personal data protection have been implemented.
3. Data Protection Officer
The appointed Data Protection Officer: Witold Wlekliński.
Contact for matters relating to data processing:
- Email: rodo@grupapietrzak.pl
- Postal address: Pietrzak Premium Motors sp. z o.o., ul. Bocheńskiego 109, 40-816 Katowice
4. Personal data collected
The website collects the following data:
- Full name — for the provision of services and contact
- Telephone number — in the event of unusual circumstances
- E-mail address — confirmation of services, communication, commercial information (newsletter)
- NIP (tax identification number) — from businesses requesting an invoice
- IP address — for technical and statistical purposes
5. Conditions for providing data
Providing data is necessary in the following cases:
- Using services through the form on the website
- Voluntary registration in the database
- Subscribing to the newsletter (voluntary, with the option to unsubscribe at any time)
6. Cookie technology
The website uses cookies in order to adapt the operation of the website to the individual needs of the user. Consent to store data is voluntary. The user may disable cookie handling in their browser settings.
7. Purpose and period of data processing
Data is processed for the purpose of providing the services offered within the website, applying the principle of minimisation. It is stored for the time necessary to achieve the purposes, with the possibility of a longer period where this results from legal provisions or from the nature of a continuous service (e.g. the newsletter).
8. Source of data
The source of the processed data is the data subjects themselves.
9. Transfer of data to third countries
As a rule, personal data is not transferred to third countries within the meaning of the GDPR provisions. The exception is aggregated statistical data processed by Google Analytics 4 (see point 11 and the Cookies Policy), which — solely with the user's consent — may be processed on Google's servers in the USA on the basis of the approved Data Privacy Framework mechanism.
10. Sharing data with third parties
Data is not shared with third parties without explicit consent, with the exception of public-law bodies (authorities, administration) authorised to do so under legal provisions.
11. Entrusting the processing
Data may be entrusted to entities processing it on behalf of the controller on the basis of a data processing agreement. This applies to:
- Entities providing hosting services
- Google Ireland Ltd. — in the scope of audience statistics (Google Analytics 4), only after consent to analytics cookies has been given; details in the Cookies Policy
- Entities providing other services necessary for the operation of the website
12. Profiling
Personal data is not subject to profiling by the Controller.
13. Rights of the persons whose data is processed
In accordance with the GDPR, every person is entitled to the following rights:
Right to be informed (Art. 12 GDPR)
The Controller is obliged to provide information about its contact details, the details of the Officer, the purposes and legal bases of processing, the recipients of the data and the period of its storage.
Right of access to data (Art. 15 GDPR)
The right to view and access one's personal data. The first copy is issued free of charge, subsequent copies for a fee in accordance with the GDPR.
Right to rectification of data (Art. 16 GDPR)
The right to rectify, supplement and update data in the event of its change or inaccuracy.
Right to erasure of data — "the right to be forgotten" (Art. 17 GDPR)
The right to request the deletion of data, in particular where:
- The purposes of processing have been achieved
- The basis was consent that has been withdrawn
- An objection has been raised (Art. 21 GDPR)
- The data is processed unlawfully
- The requirement to delete results from legal provisions
- The data concerns a minor and was collected in information society services
Right to restriction of processing (Art. 18 GDPR)
The right to request the restriction of processing where:
- The accuracy of the data is contested
- Processing takes place without a legal basis
- The data is needed to establish, pursue or defend claims
Right to data portability (Art. 20 GDPR)
The right to receive data in a machine-readable format and to transfer it to another controller, where the basis was consent or the data is processed automatically.
Right to object (Art. 21 GDPR)
The right to object to processing inconsistent with a legitimate purpose, in particular to direct marketing.
Right not to be subject to profiling (Art. 22 in conjunction with Art. 4(4) GDPR)
The user will not be subject to automated decision-making or profiling, unless they give their consent to it.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
The right to lodge a complaint with the President of the Personal Data Protection Office in the event of a violation of rights or non-compliance with the provisions.
14. Limitations of the right to erasure of data
The right to be forgotten does not apply where:
- Processing is necessary for exercising the right to freedom of expression and information
- Processing is necessary to comply with legal obligations
- Processing is carried out for the purpose of pursuing, establishing or defending claims
15. Exercising rights
In order to exercise your rights, you may:
- Use the relevant sections of the website
- Send a message to: rodo@grupapietrzak.pl
- Contact the Data Protection Officer (point 3)
16. Security breaches
Every identified security breach is documented. In the cases specified in the GDPR or the Act, the data subjects and the President of the Personal Data Protection Office (UODO) are informed of the breach.
17. Final provisions
- Words written with a capital letter have the meaning assigned to them in the website's terms and conditions
- In matters not regulated herein, the relevant provisions of generally applicable law shall apply
- In the event of any inconsistency between the provisions of this policy and legal provisions, the legal provisions shall prevail