Privacy Policy

INTRODUCTION

At wamtechnik.pl, we respect our users’ privacy and protect their personal data. This policy explains how we collect, process, and use personal data, in accordance with applicable law, including the GDPR and the Act of 12 July 2024 – Electronic Communications Law (Journal of Laws 2024, item 1221).

 

BASIC INFORMATION

The Privacy Policy provides information regarding the processing of personal data and other information regarding visitors to the website https://wamtechnik.pl/ , as well as Customers of the b2b platform https://b2b.wamtechnik.pl/, referred to in the Terms and Conditions . The Privacy Policy defines the principles for the processing of personal data obtained through the wamtechnik.pl website, available services such as the Newsletter, the b2b platform, and the technologies used on the website.

The purpose of the Privacy Policy is to define the actions taken by us in the scope of personal data collected via the website https://wamtechnik.pl/ , including our b2b Platform, services and tools used to perform activities such as creating an Account, placing an Order or sending regular marketing communications as part of the Newsletter service.

Capitalized terms used in this Privacy Policy should be understood in accordance with the definitions contained in the Website Terms and Conditions, Newsletter Terms and Conditions , or b2b Platform Terms and Conditions. Regardless, some of the terms used in this Privacy Policy are presented below:

  1. Privacy Policy – this Privacy Policy,
  2. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),
  3. PKE – Act of 12 July 2024, Electronic Communications Law (Journal of Laws 2024, item 1221).
  4. PERSONAL DATA CONTROLLER

The controller of your personal data is Wamtechnik Sp. z o. o., ul. Techniczna 2, building H, 05-500 Piaseczno, entered into the National Court Register maintained by the District Court for the capital city of Warsaw, 13th Commercial Division, under the KRS number 0000179475, Tax Identification Number (NIP): 5220104603, National Business Registry Number (REGON): 012110050, e-mail address: office@wamtechnik.pl, tel. (+48) 22 701 26 00, owner of the website https://wamtechnik.pl/ and the b2b Platform https://b2b.wamtechnik.pl/.

hereinafter referred to as “Administrator”, “We”, “Us”.

Contact with the Administrator:

  • by mail to the address: ul. Techniczna 2, building H, 05-500 Piaseczno,
  • electronically to the e-mail address: office@wamtechnik.pl,
  • by phone: (+48) 22 701 26 00.

 

SCOPE, PURPOSE, LEGAL BASIS AND PERIOD OF PERSONAL DATA PROCESSING BY US

 

Account Registration

Registering an account on the b2b Platform requires the user to provide personal data necessary to create the account and ensure the full functionality of our services. This data is processed in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

  1. Scope of data processed:

In connection with account registration, we may process the following personal data:

  • Name and surname – to identify the user.
  • Email address , including business email address – for communication, including registration confirmation, password recovery and sending information related to the functioning of the account.
  • Telephone number – for contact in matters related to the provision of services, if the user decides to provide it.
  • Password – encrypted, used to securely log in to your account.
  1. Purpose of data processing:

We process personal data for the following purposes:

  • Creating and maintaining a User account – to enable the use of the functionalities of the Website and the b2b Platform, including placing orders, viewing purchase history and managing preferences.
  • Communication with the User – regarding the functioning of the account, updates to regulations and policies, as well as technical support.
  • Fulfillment of contractual obligations – arising from the regulations of the Website and the b2b Platform.
  • Account security – to protect against unauthorized access or illegal activities.
  1. Basis for data processing:

We process personal data on the basis of:

  • Article 6, paragraph 1, letter b of the GDPR – processing is necessary for the performance of a contract to which the User is a party (creation and management of an account), i.e. the performance of an agreement for maintaining an Account in accordance with the Regulations of the b2b Platform.
  • Article 6(1)(f) of the GDPR – the legitimate interest of the controller in ensuring the security of the website and communication with the user.
  1. Data storage period:

We retain personal data processed in connection with account registration for the duration of the user’s account’s activity. After account deletion, data is retained for the period required by law (e.g., for tax purposes) or until the statute of limitations for claims expires.

  1. Voluntary provision of personal data

Providing personal data is voluntary, but necessary to create and use an account on the Website. Failure to provide it will prevent you from registering and using the full functionality of the Website.

  1. Automatic data processing and profiling

Personal data provided during registration is not used for automated decision-making or profiling.

 

Orders

  1. Personal data:

When you purchase our goods from the available range on the b2b Platform, in addition to identification data (such as name and surname) and contact data (such as telephone number, address or e-mail address), we also collect information regarding your purchases and payments (e.g. information about the goods purchased, order value, payment method, invoice details and delivery address).

  1. Purpose of data processing:

Personal data are processed for the following purposes:

  • Order fulfillment – including payment processing, preparation and delivery of products to the specified address.
  • Issuing accounting documents – such as invoices or bills – in accordance with applicable law.
  • Providing customer service – including answering questions related to your order or its fulfillment.
  • Ensuring compliance with legal regulations – in particular tax and consumer protection regulations.
  1. Basis for data processing:

Personal data processed in connection with placing orders is based on:

  • Article 6(1)(b) of the GDPR – processing is necessary for the performance of a contract to which the person placing the order is a party.
  • Article 6(1)(c) of the GDPR – processing is necessary to comply with legal obligations, such as maintaining accounting records.
  • Article 6(1)(f) of the GDPR – the legitimate interest of the controller in ensuring effective customer service and handling any complaints.
  1. Data storage period/criteria for determining the storage period
  • We store data related to the execution of an order for the period necessary to process it.
  • We retain accounting documents containing personal data, such as invoices, for the period required by tax law.
  • In the event of complaints or claims, data may be stored for the limitation period of such claims, in accordance with applicable regulations.

5. Sharing personal data

Personal data may be made available to the following entities:

  • Courier companies and logistics operators – to deliver the order to the indicated address.
  • Accounting offices or tax authorities – for the purpose of fulfilling accounting and tax obligations.

6. Voluntary provision of data

Providing personal data is voluntary but necessary to place and process an order. Failure to provide it will prevent you from making a purchase in our store.

7. Automatic data processing and profiling

Data processed in connection with orders are not subject to automated decision-making or profiling.

 

Contact form, hotline, complaints

Https://wamtechnik.pl website, we provide a variety of channels of communication with our customers, such as a contact form, a hotline, and a complaint handling service. Personal data provided in connection with the use of these channels is processed in accordance with the law, including Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

  1. Scope of personal data processed:

When using the contact form, hotline, messenger or submitting a complaint, we process the following data:

  • Name and surname, Company – to identify the person contacting us.
  • Email address – for responding to requests and maintaining contact.
  • Telephone number – in case of telephone contact or notification requiring a quick response.
  • Order details – if the inquiry or complaint concerns a specific order (e.g. order number, date of purchase).
  • Content of the report – all information contained in a message, telephone conversation, chat or complaint.
  1. Purpose of data processing:

We process personal data collected through these communication channels for the following purposes:

  • Responses to inquiries and requests for information submitted via the contact form or hotline
  • Handling complaints, including clarifying problems related to orders or products.
  • Providing the highest level of customer service, including advice and technical support.
  • Maintaining internal documentation of reports to improve our service and ensure compliance with legal regulations.
  1. Basis for data processing:
  • Article 6(1)(b) of the GDPR – processing is necessary for the performance of a contract or to take steps at the request of the data subject before entering into a contract (e.g. answering questions about products before purchasing).
  • Article 6(1)(c) of the GDPR – processing is necessary to comply with legal obligations,
  • Article 6(1)(f) of the GDPR – our legitimate interest in ensuring effective communication with customers and protection against possible claims.
  1. Data storage period/criteria for determining the storage period:
  • We store data related to inquiries that do not concern an order for up to 12 months from the date of the last contact, unless there is another legal basis for their continued storage (e.g. a complaint).
  • We store data relating to complaints for the period required by law or until the complaint procedure is completed.
  • We will process data necessary to defend against potential claims, in justified cases, for the limitation period for claims.

In the event of a dispute or ongoing proceedings, in particular court proceedings, the storage period will be counted from the date of termination of the dispute or final conclusion of the proceedings.

  1. Sharing personal data

Personal data may be shared:

  • Entities cooperating with us to process your request (e.g. service technicians, suppliers or carriers).
  • Entities providing technical and hosting services that support the operation of our website and communication tools.
  • Public authorities, if we are obliged to provide it by law.
  1. Automatic data processing and profiling

Data provided in connection with the contact form, hotline, messenger or complaint submissions are not subject to automated decision-making or profiling.

 

Newsletter

  1. Personal data:

If you subscribe to the newsletter in accordance with the “Newsletter” service regulations, you provide us with your e-mail address, first name, last name and company name.

  1. Purpose of data processing:

Personal data provided as part of the newsletter service are processed for the purpose of sending information containing image and product advertisements, containing information about promotions and products offered by the Data Administrator or its partners. You can unsubscribe from the newsletter at any time free of charge.

  1. Basis for data processing:

The processing of personal data is based on:

  • Article 6, paragraph 1, letter b of the GDPR – an agreement in accordance with the Newsletter Regulations. Sending marketing communications meets the requirements of Article 398 of the GDPR – sending commercial information to the end user requires prior consent, which is obtained by subscribing to the Newsletter.
  1. How to subscribe and unsubscribe from the Newsletter?
  • Subscription to the Newsletter requires the user to provide and confirm their e-mail address (e.g. double opt-in procedure) opt -in).
  • You can unsubscribe from the Newsletter at any time, without affecting any previous data processing. To do so, use the unsubscribe link in the Newsletter footer or contact us at office@wamtechnik.pl .
  1. Data storage period/criteria for determining the storage period:

We retain the personal data of users who subscribe to the Newsletter for the duration of their consent to receive commercial information. If they unsubscribe from the Newsletter and withdraw their consent, the data will be deleted immediately, but no later than 30 days from the date of withdrawal, unless there is another legal basis for further processing (e.g., establishing, pursuing, or defending legal claims).

  1. Sharing of personal data:

Newsletter user data may be shared:

  • Entities providing us with technical, hosting or marketing services related to the operation and sending of the Newsletter (e.g. providers of mailing tools).
  • Public authorities in cases specified by law.
  1. Automatic data processing and profiling:

As part of the Newsletter service, we may conduct profiling activities aimed at tailoring the content of messages to the user’s interests and preferences. Profiling is based on the analysis of data regarding user activity (e.g., opening messages, clicking links). We do not make decisions that have legal effects or otherwise significantly affect users solely based on automated data processing.

8. Additional information:

The Newsletter is sent only with prior consent and does not involve any costs for the end user or subscriber.

 

PERSONAL DATA SECURITY MEASURES

At wamtechnik.pl and the b2b Platform, we exercise the utmost care to ensure the security of our users’ personal data. We have implemented a number of organizational, technical, and procedural measures to protect data against unauthorized access, loss, alteration, or destruction.

  1. Technical security
  • Data encryption : All data transferred between the user and the server is protected by SSL/TLS protocol, ensuring its confidentiality and integrity.
  • Monitoring systems : We regularly monitor traffic on our servers to detect and prevent potential threats, such as hacking attempts or unauthorized access.
  • Access control : Access to IT systems in which personal data is processed is limited only to authorized employees who have appropriate authorizations.
  1. Organizational security
  • Staff training : Our employees receive regular training in personal data protection and cybersecurity to minimize the risk of breaches.
  • Policies and procedures : We have adopted internal personal data protection policies that define the principles of data processing and storage in accordance with the GDPR and other applicable regulations.
  1. Security tests and audits

We regularly conduct security tests and audits of our IT systems to identify potential vulnerabilities and implement appropriate patches.

  1. Cooperation with trusted entities

We only transfer personal data to entities that guarantee the implementation of appropriate security measures in accordance with applicable law. We only work with service providers who comply with the GDPR and contractually obligate them to protect the data entrusted to us.

  1. Security Incident Management

If a personal data breach is detected, we have incident management procedures in place, which include:

  • Immediate notification to the relevant supervisory authorities.
  • Informing individuals whose data may have been breached about the nature of the incident and the actions taken.
  • Minimizing the effects of the incident and preventing similar situations in the future.

We are constantly working to improve our security measures to meet the growing demands for personal data protection and counteract new threats.

 

RECIPIENTS OF PERSONAL DATA

Your personal data may be disclosed to third parties who support us in providing the services we offer, including suppliers and partners:

  1. technology and IT support services (for example, support for our website and other systems we use to provide our services to you),
  2. services related to the optimization of our order fulfillment processes in the online store,
  3. providing cloud services and an online store management platform,
  4. providing logistics, transport and delivery services,
  5. providing services related to marketing and advertising (including newsletter),
  6. providing legal and other specialized services,
  7. other services related to customer service.

We only share personal data with our suppliers and partners that enables them to provide services to us, and we require them to maintain confidentiality and security of this information. We also verify that they provide adequate personal data protection measures.

Additionally, your personal data may be disclosed to entities authorized to obtain it under applicable law, such as law enforcement agencies. To the extent permitted by applicable law, we may also share personal data with debt collection and receivables management agencies.

Data transfer outside the European Economic Area

The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European Union law. For this reason, Wamtechnik only transfers Personal Data outside the EEA when necessary and with an adequate level of protection, in particular by:

  1. cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;
  2. use of standard contractual clauses issued by the European Commission;
  3. cooperation with US organizations certified under the Transatlantic Data Privacy Framework, adopted by the European Commission.

 

DATA SUBJECT RIGHTS

The person to whom the personal data relates has:

  1. The right of access (Article 15 of the GDPR), i.e., to request information from Wamtechnik about the processing of their personal data, i.e., confirmation as to whether the personal data of the data subject is being processed. If personal data are being processed, they are entitled to access them, obtain copies thereof, and obtain the following information: the purposes of processing, the categories of personal data, information about the recipients or categories of recipients to whom the data have been or will be disclosed, the data storage period or the criteria for determining them, the rights of the data subject related to the processing of their personal data, the possibility of filing a complaint with a supervisory authority, the source of the personal data if they were not obtained directly from the data subject, and information about profiling and automated decision-making;
  2. The right to rectification (Article 16 of the GDPR), i.e. if a person obtains information that their personal data processed by Wamtechnik are incorrect, outdated or incomplete, they have the right to request their immediate rectification or completion;
  3. The right to erasure of data (Article 17 of the GDPR), i.e. the right to request the erasure of one’s personal data, and if the person has consented to the processing of personal data, the request for erasure will have the same effect as the withdrawal of consent;
  4. The right to restrict data processing (Article 18 of the GDPR), i.e. to request the cessation of data processing, with the exception of their storage, in situations where:
  5. the data subject contests the accuracy of the personal data;
  6. the data subject questions the lawfulness of the processing of personal data by Wamtechnik;
  7. Wamtechnik no longer needs the data, but the data subject requires it to establish, pursue or defend his or her claims;
  8. the data subject has objected to the processing and this objection has been recognised by Wamtechnik;
  9. The right to data portability (Article 20 of the GDPR), which means the right to receive the personal data provided to Wamtechnik in a structured, commonly used format that can be read by a specific device, so that it can be transferred directly to another entity, provided that this is technically possible;
  10. The right to object to processing (Article 21 of the GDPR), which means the right for the data subject to object to the use of their personal data for purposes related to direct marketing of products and services, as well as other marketing activities carried out by Wamtechnik via email or text messages. An objection does not result in the deletion of the data, but only in the cessation of their use by Wamtechnik for marketing purposes.
  11. The right to withdraw consent, which means that in cases where data processing is based on consent, the data subject has the right to withdraw their consent for specific processing purposes at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal of consent;
  12. Right to lodge a complaint with the competent supervisory authority. If a data subject believes that their data is being processed unlawfully, they have the right to lodge a complaint with the competent supervisory authority:

Office for Personal Data Protection

CHANGES TO PRIVACY POLICY

The provisions of the Privacy Policy may be changed or updated from time to time, so we recommend that you regularly check for changes. We will notify you of any changes or additions by posting appropriate information on the Website. In the case of significant changes, we may also send separate notifications to the email address you provided.