Privacy policy

§ 1 General Provisions

  1. The administrator of personal data is Goraj.com sp. z o.o., located at św. Marcin 29/8, 61-806 Poznań, with tax identification number NIP: 7831709101 and company registration number KRS: 0000497343. You can contact Goraj.com sp. z o.o. in writing at the address mentioned above or via email at info@goraj.com.
  2. Based on Article 37 of GDPR, the company “Goraj.com sp. z o.o.” has not appointed a Data Protection Officer.
  3. By using our services, you entrust us with your information. This document describes and helps to understand what information and data are collected, for what purpose, and how they are used. This data is very important to us, so please review this document carefully as it outlines the principles and methods of processing and protecting personal data. This document also defines the rules for using “Cookies.”
  4. We comply with the principles of personal data protection and all legal regulations provided by the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (“GDPR“).
  5. At the request of the person whose personal data is processed, we will provide additional explanations about how we use their personal data. We always strive to clearly inform about the data we collect, how we use it, its purposes, who we share it with, and how we protect it when shared with third parties. We also provide information about institutions to contact in case of concerns.

§ 2 Privacy Principles

    1. We respect your privacy. We aim to ensure the convenience of using our services, including those provided via our website (contact form, newsletter).
    2. We value the trust you place in us by entrusting your personal data to provide services. We always use personal data fairly and responsibly, ensuring it is used only to the extent necessary to provide services.
    3. As a User, you have the right to obtain complete and clear information about how we use your personal data and for what purposes it is necessary. We clearly inform you about the data we collect, how and to whom we share it, and provide details about entities to contact in case of doubts.
    4. If you have any doubts regarding the use of your personal data, we will promptly take steps to clarify and resolve such doubts. We provide comprehensive answers to all related questions.
    5. We take all reasonable actions to protect your data against improper and uncontrolled use.
    6. The legal basis for processing your personal data is:
  • Article 6(1)(a) GDPR

The data subject has given consent to the processing of their personal data for one or more specific purposes (e.g., subscribing to the newsletter, using the contact form, scheduling an appointment, conducting email correspondence).

  • Article 6(1)(b) GDPR

Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract (e.g., using the contact form, scheduling an appointment, conducting email correspondence to conclude a contract, delivering services under the concluded agreement).

  1. Your personal data related to concluding and performing the contract will be processed for the duration of its performance and no longer than required by law, including the Civil Code and Accounting Act, i.e., no longer than 10 years from the end of the calendar year in which the last contract was performed.
  2. Your personal data processed for concluding and performing future contracts will be processed until you object. If an objection is raised, we may be unable to continue providing services under the concluded contract.
  3. You have the right to: access your personal data and receive a copy of the personal data being processed, correct inaccurate data; request the deletion of data (right to be forgotten) under circumstances specified in Article 17 of GDPR; request the restriction of data processing in cases specified in Article 18 of GDPR, object to data processing in cases specified in Article 21 of GDPR, transfer the provided data processed automatically.
  4. If you believe your personal data is being processed unlawfully, you may file a complaint with the supervisory authority (Office for Personal Data Protection, ul. Stawki 2, Warsaw). If you need additional information related to data protection or want to exercise your rights, contact us in writing at the correspondence address.
  5. We comply with all applicable regulations and laws concerning data protection and cooperate with data protection authorities and law enforcement agencies. In the absence of specific data protection regulations, we will act in accordance with generally accepted data protection principles, social norms, and established customs.
  6. If you have any questions, please contact us via the website that directed you to this Privacy Policy. The request will be promptly forwarded to the appropriate person.
  7. To help us respond or address the information provided, please include your name.

§ 3 Scope and Purpose of Data Collection

  1. We process necessary personal data to provide services, pursue claims, respond to inquiries, and for accounting or advisory purposes within the scope of your consent.
  2. We collect, process, and store the following user data:
    1. Name and surname,
    2. Email address,
    3. Phone number (mobile or landline),
    4. Information about the web browser used,
    5. Other voluntarily provided personal data.
  3. Providing the above data is entirely voluntary but also necessary for full service delivery.
  4. Access to your data may be granted to entities providing services necessary for the operation and maintenance of the website, such as:
    1. Hosting companies providing hosting or related services for the Administrator
    2. Companies through which the newsletter service is provided
    3. Companies through which appointment scheduling is offered
    4. IT support companies responsible for maintenance or infrastructure upkeep
    5. Accounting and consulting service providers, including legal advisors.
  5. Your personal data will not be processed to make decisions based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you.
  6. We do not foresee transferring personal data outside the European Union – the servers of IT solution providers are located within the European Union.
  7. We do not use widgets or plugins from third-party social networks, such as the Facebook “Like” button or Twitter widget. However, our website may contain links to social network services that are not an integral part of it. External social network services may collect and use your activity data. Any personal data you provide via such social networks may be collected and used by other users of those networks, and interactions conducted through them are subject to the privacy policies of the companies providing the applications. We are not responsible for these companies or how they use your data in connection with the links placed on the website.

§ 4 Cookies

  1. We use cookies or similar technologies (hereinafter collectively referred to as “cookies”), meaning IT data, particularly text files, intended for using the website and stored on end devices of users browsing the pages. Information collected using cookies allows tailoring services and content to individual needs, as well as user preferences, and serves to compile general statistics on how users utilize the website. Data collected using cookies is used exclusively for performing specific functions for users and is encrypted to prevent unauthorized access.
  2. On our website, we use cookies:
    1. Internal cookies – files placed and read from the user’s device by the website’s IT system
    2. External cookies – files placed and read from the user’s device by IT systems of external services. Scripts of external services that can place cookies on the user’s device were consciously placed in the service via scripts and services provided and installed in the service
    3. Session cookies – files placed and read from the user’s device by the website during one session of a given device. After the session ends, the files are deleted from the user’s device.
    4. Persistent cookies – files placed and read from the user’s device by the website until they are manually deleted. Files are not automatically deleted after the session ends unless the user’s device configuration is set to delete cookies after ending the session.
  3. Within our website, the following types of cookies are used, depending on their necessity for service provision:
    1. Necessary cookies, enabling the use of services available on the website, particularly authentication cookies used for services requiring authentication;
    2. Cookies used to ensure security, particularly used to detect authentication abuses;
    3. Performance cookies, enabling the collection of information on how websites are used;
    4. Functional cookies, enabling “remembering” user settings and personalizing the user interface;
    5. Advertising cookies, enabling the delivery of advertising content tailored to user interests.
  4. Web browsing software (web browsers) usually allows cookies to be stored on the end user’s device by default. A user browsing the website can independently and at any time change cookie settings, defining storage conditions and access by cookies to their device. These changes can be made using web browser settings. In particular, settings can be changed to block automatic handling of cookies in the web browser settings or inform about their placement on the user’s device each time. Detailed information on the possibility and methods of handling cookies is available in the software (web browser) settings. Upon first entering our website, you will notice a note and a short form allowing you to select which cookies we can store on your end device.
  5. Using the website without changing cookie settings means consent to saving cookies. Users can always withdraw consent by changing cookie settings. Information on how to configure cookie settings in exemplary web browsers can be found here:
    1. Chrome
    2. Opera
    3. Firefox
    4. Edge
    5. Safari
    6. Internet Explorer 11

§ 5 Rights and Obligations

    1. We have the right, and in cases defined by law, the statutory obligation, to provide selected or all information regarding personal data to public authorities or third parties who request such information under applicable Polish legal regulations.
    2. The user has the right to:
  • Access personal data

The user has the right to access their personal data, executed upon request submitted to the Administrator.

  • Rectify personal data

The user has the right to request immediate rectification of incorrect personal data or completion of incomplete personal data by the Administrator, executed upon request submitted to the Administrator.

  • Delete personal data

The user has the right to request immediate deletion of personal data by the Administrator, executed upon request submitted to the Administrator. For user accounts, data deletion involves anonymizing data enabling user identification. The Administrator reserves the right to withhold the request to delete data to protect the Administrator’s legitimate interest (e.g., if the user violated the Terms and Conditions or data was obtained during correspondence). For the Newsletter service, the user can delete their personal data using the link provided in each email.

  • Restrict personal data processing

The user has the right to restrict personal data processing in cases specified in Article 18 of GDPR, including disputing the correctness of personal data, executed upon request submitted to the Administrator.

  • Transfer personal data

The user has the right to obtain their personal data from the Administrator in a structured, commonly used, machine-readable format, executed upon request submitted to the Administrator.

  • Object to personal data processing

The user has the right to object to the processing of their personal data in cases specified in Article 21 of GDPR, executed upon request submitted to the Administrator.

  • Lodge a complaint

The user has the right to lodge a complaint with the supervisory authority responsible for personal data protection.
 

  1. We reserve the right to make changes to this document that reflect the current Privacy Policy. In case of modifications, we will specify the date of the Privacy Policy change, and if the changes affect the way and scope of processing personal data you have provided, we will additionally inform you via email.