Privacy Policy

Controller

  1. The owner and controller of personal data processing of the online sales website www.lignau-wood.eu is Lignau sp. z.o.o. (hereinafter referred to as the “Controller”):
  • registration No. 524891571,
  • legal address: ul. Grzybowska 87, 00-844 Warszawa (mazowieckie),
  • telephone +48 535 798 095,
  • e-mail address info@lignau.pl.

The contact details of the Controller in matters related to the processing of personal data: e-mail address info@lignau.pl By using this contact information or arriving at the legal address of the Controller, information about the processing of personal data by the Controller may be obtained. 

General Provisions

  1. “Personal data” means any information about an identified or identifiable natural person (data subject).
  2. By registering or placing an order without registration, or agreeing to receive news on the website www.lignau-wood.eu (hereinafter referred to as the “website”), the buyer entrusts the Controller with their personal data and gives it the right to process such data in accordance with the purposes, in the amount and in the manner described in the Terms of Use and the Privacy Policy (hereinafter referred to as the “Privacy Policy”) of the Controller’s online store.
  3. “Processing” is any operation or set of operations on personal data carried out by or without automated means, including the collection, registration, arrangement, storage, adaptation, modification, retrieval, use, combination, recording, erasure or destruction.
  4. This Privacy Policy contains all the information about what personal data of the buyer are collected and processed by the Controller, for what purpose they are used, how long they are retained, and other information. 
  5. The Controller is entitled to make changes to the Privacy Policy by publishing its current version on the website.
  6. The Privacy Policy is applied to ensure the protection of privacy and personal data in relation to buyers – natural persons and related third parties (contact persons, legal representatives, authorised persons, payers), visitors to the website, participants of the Controller’s marketing campaigns, any other person who turns to the Controller (all hereinafter referred to as the “Client”).
  7. The Privacy Policy applies to data processing, regardless of the form and manner in which the Controller processes personal data: on the website, in mobile apps, in paper form, by telephone or in other ways.
  8. Additional specific rules may be set for the use of cookies, which the Client is informed about when the Controller obtains the relevant data.
  9.  To inform the Client of the processing of their personal data, the Controller provides information in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”) and the Personal Data Processing Law.
  10.  The Controller uses appropriate organisational and technical means to ensure permanent security of the Client’s personal data and to ensure that data processing complies with the requirements of data processing protection legislation. 

Personal data and purpose of processing thereof

  1.  The Controller processes the following categories of personal data:
    1. personal identification data – name, surname, personal identity number, date of birth, passport/ID number, signature;
    2. personal contact information – address, telephone number, email address;
    3. data of special categories – resident/non-resident;
    4. data of the person’s contact persons – name, surname, personal identity number, address, e-mail address, telephone number;
    5. Client data – Client registration date;
    6. registered Client profile data – Client number, actions performed on the website;
    7. transaction data – transaction (distance contract) number, date;
    8. purchase data of the goods – goods’ name, goods’ code, date of purchase, waybill number, method of receiving the goods, price, payment method, payment information;
    9. payment data – account number of the payment system, bank account number, invoice number, date, amount, method of receiving the invoice, date of payment, amount to be paid, payer;
    10. objection data – objection (claim) number, date of registration and resolution, type, description;
    11. actions performed on the website – IP address, actions performed, section of the website, date and time;
    12. access data to the systems – username and passwords assigned to the Client;
    13. consent data – mark of the Client’s expressed consent by topic, date and time of consent, source.
  2. The Controller processes personal data for the following purposes:
    1. preparation and conclusion of distance contracts;
    2.  Client identification;
    3.  Client’s registration and authentication on the website;
    4.  delivery of goods and services (for the performance of contractual obligations);
    5.  fulfilment of contractual obligations;
    6.  customer service and consultation;
    7.  review and processing of applications and objections;
    8.  administration of payments;
    9.  ensuring the security of information systems and the company;
    10. ensuring of data to be retained;
    11. record keeping, accounting and financial record-keeping;
    12. fulfilment of the requirements of laws and regulations or exercise of the Controller’s rights in accordance with laws and regulations.

Legal basis for the processing of personal data

  1. The Controller processes personal data according to the following legal bases:
    1.  conclusion and execution of a contract – this is one of the main legal bases used by the Controller in the processing of personal data in order to prepare and conclude a contract when the Client places an order, and to ensure its execution;
    2.  compliance with laws and regulations – to perform the duties that the Controller is required to perform under laws and regulations;
    3.  in accordance with the consent of the Client – the data subject;
    4.  respect of the legitimate (lawful) interests of the Controller – legitimate interests are rights, the implementation of which is permissible in accordance with laws and regulations or concluded agreements and which are balanced with the interests and rights of the Client.

Categories of recipients of personal data

  1. The Controller shall not disclose to third parties the Client’s personal data or any other information provided by the Client online, except:
    1.  if the data must be disclosed to the respective third party within the framework of the concluded contract to perform some action necessary for the performance of the contract or a function delegated by law;
    2.  in accordance with the clear and explicit consent of the Client;
    3.  to persons provided for in external laws and regulations upon their justified request;
    4.  for the protection of the Controller’s legitimate interests in accordance with the procedure laid down by laws and regulations, such as going to court or other state authorities against a person that has undermined the legitimate interests of the Controller.
  2. The Controller shall not transfer more personal data than is necessary for a specific processing purpose.

Retention period of personal data

  1. The Controller shall retain and process the Client’s personal data as long as at least one of the following criteria exists:
    1.  the contract with the Client is in force;
    2.  as long as the Controller or the Client may exercise their legitimate interests in accordance with the procedures specified in external laws and regulations;
    3.  as long as one of the parties has a legal obligation to retain the data (for example, according to the Accounting Law, invoices issued to the company must be kept for at least 5 years, etc.);
    4.  as long as the Client’s consent to data retention is valid (applies only to cases where there is no other legal basis for the retention of personal data (for example, in cases where the data have been obtained by implementing marketing activities)).
  2. If a complaint is received or the Controller’s legal interest is affected, the relevant information may be retained until the issue is resolved, for example, until the final court judgment comes into force.
  3. After none of the legal grounds for data processing exist, the Client’s personal data are deleted.

Rights of the data subject in the processing of personal data

  1. Access rights: the Client has the right to receive information as to whether the Controller processes the Client’s personal data, as well as the right to acquaint itself with the Client’s personal data processed by the Controller and information about the purposes of data processing, categories of data processed, categories of data recipients, data-processing period, data sources, automated decision-making, including profiling, as well as their importance and consequences in relation to Buyer.
  2. Right to rectification: in the case of inaccuracies, the Client has the right to request that the Controller rectifies inaccurate personal data.
  3. Right to erasure: the Client has the right to request that the Controller erases the Client’s personal data if:
    1.  the Client has withdrawn their consent to the processing of personal data, taking into account the fact that the withdrawal of consent does not affect the data processing that was carried out during the validity of the given consent;
    2.  the data are no longer necessary for the purposes for which they were processed;
    3.  the Client has objected to the processing, and the Controller’s legitimate reasons do not override the Client’s legitimate reasons, or if personal data are processed for direct marketing purposes;
    4.  the personal data are processed unlawfully;
    5.  the personal data must be deleted in accordance with the requirements of laws and regulations.

The right to erasure does not apply to cases where, in accordance with laws and regulations, the Controller is obliged to process personal data or data processing is necessary for archiving, implementation of public interest or statistical purposes, as well as in connection with the filing, implementation or defence of a legal claim.

  1. Right to restrict the processing of personal data: in certain circumstances mentioned in the data processing legislation (if personal data are processed illegally, the Client disputes the accuracy of the data, the Client raises objections to the processing of data for ensuring the legitimate interests of the Controller, etc.), the Client has the right to restrict the processing of their data. However, due to the restriction of data processing and for the period of this restriction, the Controller may not be able to provide the Client with the purchase of goods. 
  2. Right to object to the processing of personal data: if the processing is based on the Controller’s legitimate interests, as well as to object to processing for direct marketing.
  3. Right to withdraw consent: if the Controller processes the Client’s personal data in accordance with the Client’s consent, the Client has the right to withdraw the consent given for data processing at any time in the same way as it was given, namely on the website www.lignau-wood.eu, by calling the Controller’s telephone +48 535 798 095 or electronically by writing to the e-mail address info@lignau.pl. In the case of withdrawal of the consent, further processing based on prior consent regarding the specific purpose will not be performed. The withdrawal of consent does not affect the lawfulness of data processing performed during the period of validity of the Client’s consent. After withdrawing the Client’s consent to data processing, the Controller has the right to process the Client’s data, the processing of which has another legal basis. 
  4. Right to data portability: the Client has the right to receive their data, which they provided to the Controller, in a structured, widely used and machine-readable format and has the right to request that said data be sent to another controller if their data are processed on the basis of a contract by automated means or on the basis of consent.
  5. Right to lodge a complaint: the Client has the right to lodge a complaint to the Controller and the Data State Inspectorate if they believe that their personal data protection rights have been violated. However, before turning to the Data State Inspectorate, the Controller asks the Client to turn to Lignau sp. z.o.o. to find a solution should the Client’s right to personal data protection be violated. If the Client nevertheless believes that the Controller has not adequately resolved the issue, the Client has the right to lodge a complaint with the supervisory institution – The Data Protection Authority (Urząd Ochrony Danych Osobowych): ul. Stawki 2, 00-193 Warszawa, Poland.


Making and revision of claims

  1. For the exercise of all the above-mentioned rights, the Client can use the Controller’s contact information specified in this Privacy Policy to make a claim, specifying the following data: name, surname, personal identity number, postal address (if the Client wants to receive the answer by a registered letter) or e-mail address (if the Client wants to receive the answer electronically to the e-mail address from which the claim was sent). 
  2. The claim, prepared in free form, may be:
  3. sent by the Client to the Controller electronically to the e-mail address info@lignau.pl. The application must be signed with a secure digital signature;
    1.  sent by the Client signed by mail to the address: ul. Grzybowska 87, 00-844 Warszawa (mazowieckie).
  4. Upon receiving the Client’s application, the Controller will review its content and the Client’s identification possibilities and, if necessary, ask the Client to submit additional information in order to ensure as much as possible that the data will be sent to the relevant data subject and to reduce the risk of abuse of the Client’s data.
  5. The Controller will respond to the Client’s request within 30 days of receiving it. The request must be sufficiently identifiable. In the case of a complex request, the time for its consideration can be extended by up to two months. The Controller will also inform the Client if it cannot fulfil the request, for example, regarding the deletion of data that the Controller is legally obliged to retain.
  6. The Controller shall use a variety of security technologies and procedures to protect the Client’ personal data from unauthorised access, use, or disclosure. The cooperation partners of the Controller are required to use appropriate measures to protect the confidentiality of the Clients and ensure the safety of the Clients’ personal information. However, if the Client uses the internet or mobile communications to transfer information, the Controller cannot guarantee data security during the transfer process, so any transfer of information to the Controller in the above-mentioned ways is carried out under the sole responsibility of the Client.

Cookies

  1. The Controller uses cookies and similar technologies to collect and store information when the Client browses the website. Cookies are small text files which are sent to the Client’s computer or mobile device while visiting the website, and which the website saves to the Client’s computer or mobile device when the Client opens the page. During each next visit cookies are sent back to the website of origin or to any other website recognising the cookies. Cookies operate as memory of the particular webpage, enabling the page to remember the Client’s computer during next visits; cookies may remember the Client’s settings or improve user convenience. For more information on cookies, and how to manage or delete cookies, visit www.aboutcookies.org.
  2. The website currently only uses functionally necessary cookies:
    1.  necessary cookies: these cookies are used to ensure the operation of the website, including allowing the Client to use the services of Lignau sp. z.o.o. and to connect to their account. These cookies are used based on the Controller’s legitimate interest in ensuring the operation of the website and providing the Client with the possibility to purchase goods. Necessary cookies are stored until the Client closes their browser, i.e., until the end of the session;
    2. functional cookies: these cookies allow the website to remember the settings chosen by the Client and the choices made, which makes it more convenient to use the website. These cookies are used based on the Controller’s legitimate interest in providing, improving and making the use of the website convenient. Functional cookies are permanently stored on the Client’s device.
  3. If the Client wishes, they can control or delete the cookies. Most web browsers can be set up to block cookies stored on your device. Note that in such a case, the Client will need to adjust individual settings each time they visit the site, and some services and features on the site may not work.

Final Provisions

  1. If the Client has questions about the use of cookies or any other question regarding the processing of their data, they can contact the Controller using the contact information specified in the Privacy Policy.
  2. This version of the Privacy Policy enters into force on 1 January 2024.