PERSONAL DATA PROCESSING POLICY

I. GENERAL PROVISIONS AND DEFINITIONS

1. This Privacy Policy is for informational purposes only.

2. The Controller of personal data collected via the contact form is DLP Sp. z o.o. (registered office and service address: ul. G. Morcinka 7D, 43-417 Kaczyce, Poland); entered into the Register of Entrepreneurs under KRS: 0001105711; NIP (Tax ID): 5482760314; REGON: 528858903; e-mail address: office@dlp-poland.com, contact telephone number: +48 32 49 44 305.

3. In connection with its business activities, the Data Controller collects and processes personal data in accordance with applicable regulations, in particular with GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) and the Polish Personal Data Protection Act of 29 August 1997, as well as the Act on Providing Services by Electronic Means of 18 July 2002.

4. The following definitions and terms are used in this Privacy Policy:

   • Personal Data – any information relating to an identified or identifiable natural person through one or more specific factors determining physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, online identifier, and information collected via Cookies and other similar technologies.

   • Policy – this Privacy Policy.

   • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

   • Service User or Customer – any natural person visiting the Website or using one or more services or functionalities described in the Policy.

5. The Controller exercises special care to protect the interests of data subjects, ensuring that data is processed lawfully, transparently, and only to the extent necessary for the conclusion, performance, or termination of an Agreement. Data is collected for specified, legitimate purposes, kept accurate, and stored in a form that permits identification for no longer than is necessary.

II. PURPOSE AND SCOPE OF DATA COLLECTION AND RECIPIENTS:

1. The purpose, scope, and recipients of data processed by the Controller result from the actions taken by the Service User or Customer.

2. Possible purposes for collecting personal data:

   • Preparation and delivery of a personalized offer to the Customer.

   • Direct marketing of the Controller's own products or services.

3. The Controller may process the following data: name and surname; e-mail address; contact telephone number; content of the inquiry. For non-consumer Customers, the Controller may additionally process the company name and Tax Identification Number (NIP).

4. Providing personal data is voluntary but necessary for the correct submission of the contact form.

III. COOKIES AND OPERATIONAL DATA:

1. Cookies are small text files sent by the server and saved on the visitor's side (e.g., on a computer hard drive or smartphone memory).

2. Collected information includes IP address, browser type, language, operating system, Internet Service Provider, time and date, location, and information sent via the contact form.

3. The Controller may process Cookie data for:

   • Remembering data from completed Contact Forms;

   • Maintaining anonymous statistics on website usage;

   • Analyzing visitor behavior (repeated visits, keywords, etc.).

4. Most web browsers accept Cookies by default. Users can limit or disable Cookies in their browser settings; however, this may affect certain functionalities of the Website.

5. Data is not disclosed to third parties.

IV. BASIS FOR DATA PROCESSING:

1. Providing personal data is voluntary but necessary for proper correspondence.

2. The legal basis for processing is the necessity to perform a contract or take action at the request of the data subject prior to entering into a contract. For direct marketing, the basis is (1) prior consent or (2) fulfillment of legally justified purposes pursued by the Controller.

3. The Data Controller reserves the right to process data after the termination of the Agreement or withdrawal of consent only to the extent necessary to pursue potential claims or if required by national, EU, or international law.

4. The Controller may share data with entities authorized under applicable law (e.g., law enforcement).

5. Data is processed only by persons authorized by the Controller or by processors with whom the Controller strictly cooperates (e.g., hosting, administration, accounting services) based on written entrustment agreements.

V. RIGHTS OF DATA SUBJECTS:

1. The Service User or Customer has the right to lodge a complaint with the supervisory authority (PUODO – President of the Personal Data Protection Office in Poland).

2. Data subjects have the following rights:

   • Right to information regarding the processing of personal data;

   • Right to obtain a copy of the data;

   • Right to rectification of inaccuracies or incomplete data;

   • Right to erasure ("right to be forgotten");

   • Right to restriction of processing;

   • Right to data portability in a computer-readable format;

   • Right to object to processing for marketing purposes;

   • Right to withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal).

3. To exercise these rights, contact the Controller using the address provided in Section I.

VI. FINAL PROVISIONS:

1. The Controller applies technical and organizational measures to protect data against unauthorized access, loss, or damage. Access is granted only to authorized persons to the extent necessary for their tasks.

2. The Controller provides the following technical measures to secure electronic data transmission:

   • Securing data sets against unauthorized access;

   • Access to Accounts only via individual login and password;

   • SSL Certificate.

3. This document is effective as of March 14, 2019.