Privacy Policy

This Privacy Policy (hereinafter referred to as the “Policy”) defines the rules for processing and protecting personal data provided by Users in connection with their use of the website https://zwa.pl/ (hereinafter referred to as the “Service”).

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”), we inform you that the Administrator of the personal data contained in the Service is:

ZW Automation Sp. z o.o.
ul. Fabryczna 10, 53-609 Wrocław
NIP: 8943137171, REGON: 382379578, KRS: 0000767867
(hereinafter referred to as the “Administrator”), who can be contacted in the following ways:

• by mail at the company’s registered address,
• by email: biuro@zwautomation.pl

The Administrator reserves the right to make changes to this Policy, and every User of the Service is obliged to be familiar with the provisions of the current Policy. The most common reasons for changes may include, in particular, the development of internet technology, changes in generally applicable law, or the development of the Service through the implementation of new functionalities by the Administrator. Any changes will be communicated to Users of the Service by posting an updated version on the Service or in a manner customarily used by the Administrator in contact with Users, including, in particular, via email.

 

I. Processing of Personal Data in Connection with the Use of the Service

In connection with the User’s use of the Service, the Administrator collects data to the extent necessary for the provision of the specific offered services. Below, the detailed principles and purposes of processing personal data collected during the User’s use of the Service are described.

II. Purpose of Processing Personal Data, Legal Basis, and Retention Period

Taking actions necessary for the conclusion and performance of a contract

Legal basis: Art. 6(1)(b) GDPR – performance of a contract.

Retention period: for the duration of the contract and for the period required by legal provisions regarding the retention of accounting documents, as well as for the limitation period of any potential claims.

III. Fulfillment of the Administrator’s Legal Obligations, in Particular Regarding Accounting and Financial Documentation

Legal basis: Art. 6(1)(c) GDPR – legal obligation.

Retention period: Data are processed for the period required by applicable law. In the case of accounting and financial documentation, this period is generally 5 years from the end of the year in which the event occurred that resulted in the issuance of the accounting document.

 

IV. Conducting correspondence in connection with handling matters, including responding to questions submitted via the contact phone number and e-mail address provided on the Service

Legal basis: Art. 6(1)(f) GDPR – legitimate interest of the Administrator.

Retention period: no longer than necessary to provide a response and/or handle the matter, provided that after this period the data may be processed for the limitation period of any potential claims.

V. Analysis of network traffic, ensuring security within the Service, and tailoring content to Users’ needs

Legal basis: Art. 6(1)(f) GDPR – legitimate interest of the Administrator.

Retention period: Data related to network traffic analysis collected via cookies and similar technologies may be stored until the cookie expires. Some cookies never expire; therefore, the retention period of the data will be equivalent to the time necessary for the Administrator to achieve the purposes related to data collection, such as ensuring security and analyzing historical traffic data on the website.

 

VI. Determination, Assertion, and Defense of Claims

Legal basis: Art. 6(1)(f) GDPR – legitimate interest of the Administrator

Retention period: until the limitation period for any legal claims has expired.

Voluntariness of providing data:

Providing the data is voluntary but necessary for the performance of the contract and other purposes indicated above by the Administrator. Refusal to provide data may result in the inability to perform the contract and other aforementioned processing purposes.

Profiling

The Administrator will not use the collected User data for decisions based solely on automated processing of personal data, including profiling within the meaning of Art. 22 GDPR.

Data recipients

The Administrator may disclose processed User data to:

• its employees and collaborators who, within a defined, limited authorization, may have access to User data in connection with performing their official duties;
• external entities to whom the Administrator has entrusted the processing of User personal data, in particular: technical service providers (e.g., IT services, IT system providers), transport companies, debt collection agencies, etc.;
• authorized entities, to the extent and under the conditions specified by applicable law.

Transfer of data to third countries

User personal data will, as a rule, not be transferred outside the European Economic Area (hereinafter “EEA”). However, taking into account the provision of services by our subcontractors in the support of IT and telecommunication services, the Administrator may entrust certain tasks or IT activities to recognized subcontractors operating outside the EEA, which may ultimately result in the transfer of User data outside the EEA.

Recipient countries outside the EEA, in accordance with the European Commission’s decision, provide an adequate level of personal data protection in line with EEA standards. For recipients in countries not covered by a European Commission decision, to ensure an adequate level of protection, the Administrator or an entity acting on its behalf enters into agreements with the recipients of personal data based on the European Commission’s standard contractual clauses or implements other appropriate safeguards required by data protection regulations.

 

Rights Related to Data Processing

The GDPR specifies certain rights that natural persons are entitled to in connection with the processing of their personal data by Data Controllers. Accordingly, Users of the Service have the right to:

• access their personal data and obtain a copy thereof (Art. 15 GDPR);
• rectify or update their personal data (Art. 16 GDPR);
• erase their personal data (Art. 17 GDPR);
• restrict the processing of their personal data (Art. 18 GDPR);
• withdraw consent previously given (Art. 7(3) GDPR) – withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
• object to processing when the legal basis is the legitimate interest of the Administrator (Art. 21 GDPR);
• lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw) if they suspect that the processing of data by the Administrator violates the GDPR.

To exercise these rights, Users should contact the Administrator at the email address: biuro@zwa.pl or in writing at the address of the registered office provided above.

At the same time, please note that the rights listed above are not absolute and may not apply in every instance of User data processing by the Administrator. Before executing the aforementioned rights, the Administrator is obliged to verify the identity of the person submitting the request as the data subject to which the request relates.

VII. Processing of Personal Data via Social Media Platforms

In connection with the User’s use of Social Media Platforms, i.e.:

• https://pl.linkedin.com/company/zwautomation
• https://www.facebook.com/zwautomation
• https://www.youtube.com/@zwautomatione

the Administrator processes Users’ personal data.

Below, the detailed principles and purposes of processing personal data collected during the User’s use of Social Media Platforms are described.

 

VIII. Purpose of processing personal data, legal basis, and retention period

Effective management of profiles on social media platforms, in particular by providing users with information about products, initiatives, and other activities related to promoting various events, services, and products.

Legal basis: Art. 6(1)(f) GDPR – legitimate interest of the Administrator.

Retention period: No longer than necessary to respond and/or resolve matters, provided that thereafter the data may be processed for the period of limitation of potential claims. Processing may also continue until an objection is raised (or the user account is deleted on social media platforms).

Enabling activity on the Administrator’s profiles, in particular by conducting correspondence through services offered by the providers of the used social media platforms (e.g., private messages, comments, etc.), as part of handling matters, including answering questions asked.

Legal basis: Art. 6(1)(f) GDPR – legitimate interest of the Administrator.

Retention period: Until an objection is raised (or the user account is deleted on social media platforms).

IX. Establishment, pursuit, and defense of claims

Legal basis: Art. 6(1)(f) GDPR – legitimate interest of the Administrator.

Retention period: Until the limitation period of potential legal claims.

Voluntariness of providing data:

Providing data is voluntary but necessary for the execution of the contract and other purposes indicated above. Refusal to provide data may result in the impossibility of achieving the above-mentioned purposes of processing.

Profiling:

The Administrator will not use the collected data of users to make decisions based solely on automated processing of personal data, including profiling within the meaning of Art. 22 GDPR.

Data Recipients

The catalogue of recipients of personal data processed by the Administrator mainly depends on the products and services used by the user of the given social media platform, as well as their consent or applicable legal provisions. The Administrator may share the processed user data with, among others:

• their employees and collaborators who, within a defined and limited authorization, may have access to user data in connection with performing their official duties;
• external entities to which the Administrator has entrusted the processing of users’ personal data, in particular: providers of technical services (e.g., IT services, IT system providers), transport companies, entities providing debt collection services, etc.;
• authorized entities, to the extent and under the terms specified by law.

Transfer of Data to Third Countries

As a rule, users’ personal data will not be transferred outside the European Economic Area (hereinafter “EEA”). However, considering the provision of services by our subcontractors in supporting IT and telecommunication services and infrastructure, the Administrator may commission specific tasks or IT-related activities to recognized subcontractors operating outside the EEA, which may ultimately result in the transfer of users’ data outside the EEA.

Recipient countries outside the EEA, in accordance with the decision of the European Commission, ensure an adequate level of personal data protection in line with EEA standards. In the case of recipients in countries not covered by a European Commission decision, in order to ensure an appropriate level of data protection, the Administrator or an entity acting on behalf of the Administrator enters into agreements with the recipients of personal data based on the standard contractual clauses issued by the European Commission, or the Administrator applies other appropriate safeguards required by data protection regulations.

Rights Related to Data Processing

The GDPR specifies certain rights that individuals have in connection with the processing of their personal data by data controllers. Accordingly, users have the right to:

• access their personal data and obtain a copy thereof (Art. 15 GDPR);
• rectify or update their personal data (Art. 16 GDPR);
• erase their personal data (Art. 17 GDPR);
• restrict the processing of their personal data (Art. 18 GDPR);
• withdraw consent at any time (Art. 7(3) GDPR);
• object to the processing where the basis is the legitimate interest of the administrator (Art. 21 GDPR);
• lodge a complaint with the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw) if they suspect that the administrator’s data processing violates GDPR provisions.

To exercise these rights, please contact the Administrator via e-mail at biuro@zwa.pl or by post at the address of the headquarters indicated above.

Please note that the rights listed above are not absolute and may not apply in every case of processing users’ data by the Administrator. Before fulfilling the above rights, the Administrator is obliged to verify the identity of the person making the request as the individual to whom the personal data relates.

Joint Control of Social Media Users’ Data

The Administrator may process the personal data of users visiting the Administrator’s corporate profiles on social media platforms (e.g., Facebook, LinkedIn) in order to analyze how users interact with the Administrator’s corporate profile and its associated content (e.g., following or unfollowing the Administrator’s corporate profile on a given social media platform, recommending the corporate profile in a post, reacting to the Administrator’s posts, etc.) (legal basis: Art. 6(1)(f) GDPR – the legitimate interest of the Administrator, which is maintaining statistics). In such cases, the Administrator together with the owner of the respective social media platform act as joint controllers of the users’ personal data.

Details regarding the processing of users’ personal data in this context are specified:

• in this Privacy Policy,
• LinkedIn: www.pl.linkedin.com/legal/privacy-policy,
• Facebook: www.facebook.com/privacy/policy,
• YouTube: https://policies.google.com/privacy.

The responsibility for informing users of the products and services of a given social media platform about the processing of data for statistical purposes and for enabling them to exercise their rights under the GDPR lies with the owner of that social media platform.

 

X. Use of Cookies

Cookies are data files stored on users’ devices, intended for use with websites.

The Service allows for collecting information about the User through cookies and similar technologies, usually involving the installation of such tools on the User’s device (computer, smartphone, etc.). This information is used to remember the User’s decisions on the Service (e.g., font choice, contrast, acceptance of the Policy), maintain the User session (e.g., after logging in), remember passwords (with consent), gather information about the User’s device and visit to ensure security, as well as for visit analysis and content customization.

The Administrator uses cookies for the following purposes:

• Increasing the usability of the Service and tailoring its content to individual User preferences;
• Creating anonymous statistics using Google Analytics and Google Search Console (analysis of User activity on the Service and demographic data) without the ability to identify the User;
• Displaying remarketing ads via Google Ads to Users who visited the Service;
• Displaying personalized ads tailored to Users’ interests and online behavior;
• Measuring the effectiveness of advertising and promotional campaigns.

The following types of cookies are used within the Service:

• “Essential” cookies, enabling the use of services available within the Service, e.g., authentication cookies for services requiring login;
• Security cookies, e.g., for detecting misuse of authentication within the Service;
• “Performance” cookies, collecting information on how the Service’s web pages are used;
• “Functional” cookies, remembering User-selected settings and personalizing the User interface, e.g., chosen language or region, font size, appearance of the website, etc.;
• “Advertising” cookies, providing Users with advertising content better matched to their interests.

The Service does not automatically collect any information except that contained in cookies. This includes: IP address, domain name, browser type, operating system type, and data about the User’s navigation path and time spent on specific subpages.

Detailed information on handling cookies can be found in the internet browser settings. Through these settings, Users can specify the scope of consent for placing such files in their browser. Limiting or disabling cookies may affect some functionalities of the Service. Users can also use the Service in “incognito” mode, which blocks data collection about their visit.

Cookies stored on Users’ devices may also be used by advertisers and partners cooperating with the Service operator.

The Administrator informs that restricting the use of cookies may affect some functionalities available within the Service. Additional information about the cookie policy can be obtained by contacting the Administrator at: biuro@zwautomation.pl