1. This Privacy Policy defines the principles for the processing of personal data obtained via the website https://d-tech.com.pl/, hereinafter referred to as the “Website.”
   
   
2. The owner of the Website and simultaneously the Data Controller is D-TECH sp. z o. o. ., 15-113 Białystok, Andersa 40A, VAT ID: PL9662097109, hereinafter referred to as the “Controller.”
   
   
3. Personal data collected by the Controller via the Website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
   
   
4. The Controller exercises particular diligence in respecting the privacy of Clients visiting the Website.
   
   

§1 Type of processed data, purposes, and legal basis

1. The Controller collects information regarding natural persons performing legal actions not directly related to their business activity, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units without legal personality, to which the law grants legal capacity, conducting business or professional activity on their own behalf, hereinafter collectively referred to as “Clients.”
   
   
2. The Controller processes Clients’ personal data in the scope of using the contact form service on the Website for purposes necessary to perform a contract or to take actions prior to its conclusion – the legal basis of processing is Art. 6(1)(b) RODO.
   
   
3. When using the contact form service, the Client provides the following data:
   
   

e-mail address
first name
phone number

1. During the use of the Website, additional information may be collected, in particular: IP address assigned to the Client’s computer or external IP address of the Internet provider, domain name, browser type, access time, type of operating system. Clients may also have navigation data collected, including information about links and references they decide to click on or other actions taken on the Website for purposes related to service provision, as well as for technical, administrative, analytical, and statistical purposes – in this scope, the legal basis of processing is also Art. 6(1)(f) GDPR, i.e., necessity for purposes arising from the legitimate interest of the Controller, which is to ensure IT security and management of the Website as well as to improve the functionality of the Website and provided services.
   
   

§2 Recipients of data

1. Clients’ personal data is transferred to service providers used by the Controller in operating the Website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, either follow the Controller’s instructions regarding purposes and methods of processing such data (processors) or independently determine purposes and methods of their processing (controllers).
   1.1 Processors. The Controller uses providers who process personal data exclusively on the Controller’s instructions. These include, among others, providers providing hosting services, accounting services, marketing systems, website traffic analysis systems, and systems for analyzing the effectiveness of marketing campaigns.
   1.2 Controllers. The Controller uses providers who do not act exclusively on instructions and independently determine the purposes and methods of using Clients’ personal data. They provide electronic payment and banking services.
   
   
2. Location. Service providers are mainly located in Poland and other countries of the European Economic Area (EEA).
   
   
3. Upon request, the Controller provides personal data to authorized state authorities, in particular organizational units of the Prosecutor’s Office, Police, President of the Personal Data Protection Office, President of the Office of Competition and Consumer Protection, or President of the Office of Electronic Communications.
   
   

§3 Data retention period

1. Clients’ personal data is stored:
   1.1 If the legal basis of data processing is consent, then Clients’ personal data is processed by the Controller as long as the consent is not withdrawn, and after the withdrawal of consent, for a period corresponding to the limitation period of claims which the Controller may raise and which may be raised against it. Unless a specific provision states otherwise, the limitation period is six years, and for claims of periodic performance and claims related to conducting business activity – three years.
   1.2 If the legal basis of data processing is the performance of a contract, then Clients’ personal data is processed by the Controller as long as it is necessary to perform the contract, and thereafter for a period corresponding to the limitation period of claims. Unless a specific provision states otherwise, the limitation period is six years, and for claims of periodic performance and claims related to conducting business activity – three years.
   
   

§4 Cookies mechanism, IP address

1. The Website uses small files called cookies. They are stored by the Controller on the end device of the person visiting the Website if the web browser allows it. A cookie file usually contains the domain name from which it originates, its “expiration time,” and an individual randomly selected identifying number for this file. Information collected via such files helps customize the products offered by the Controller to the individual preferences and actual needs of Website visitors.
   
   
2. The Controller uses two types of cookies:
   2.1 Session cookies: after the end of the browser session or shutting down the computer, the stored information is deleted from the device memory. The session cookies mechanism does not allow the collection of any personal or confidential information from Clients’ computers.
   2.2 Persistent cookies: are stored in the memory of the Client’s end device and remain there until deletion or expiration. The persistent cookies mechanism does not allow the collection of any personal or confidential information from Clients’ computers.
   
   
3. The Controller uses its own cookies for:
   3.1 analyses and research as well as traffic auditing, in particular for creating anonymous statistics, which help understand how Clients use the Website, enabling improvement of its structure and content.
   
   
4. The Controller uses external cookies for:
   4.1 displaying on informational pages of the Website a map showing the location of the Controller’s office via the internet service maps.google.com (administrator of the external cookies: Google Inc., USA).
   
   
5. The cookies mechanism is safe for the computers of Clients visiting the Website. In particular, it is not possible for viruses or other unwanted or malicious software to enter Clients’ computers through this mechanism. Nevertheless, Clients have the option in their browsers to limit or disable the access of cookies to their computers. If this option is used, using the Website will be possible, except for functions which by their nature require cookies.
   
   
6. The Controller may collect Clients’ IP addresses. An IP address is a number assigned to the computer of a person visiting the Website by the Internet service provider. The IP number enables access to the Internet. In most cases, it is dynamically assigned to the computer, i.e., it changes with each Internet connection, and is therefore commonly treated as non-personal identifying information. The IP address is used by the Controller when diagnosing technical problems with the server, creating statistical analyses (e.g., determining from which regions the most visits occur), as information useful for administering and improving the Website, as well as for security purposes and potential identification of server-loading or undesirable automated programs browsing the Website content.
   
   

§5 Rights of data subjects

Individuals whose data is processed have the following rights:

1. Right to withdraw consent at any time for data processing:
   1.1 The Client has the right to withdraw any consent previously given.
   1.2 Withdrawal of consent takes effect from the moment of withdrawal.
   1.3 Withdrawal of consent does not affect the lawfulness of processing conducted based on consent before its withdrawal.
   1.4 Withdrawal of consent does not entail any negative consequences for the Client but may prevent further use of services or functionalities which by law the Controller may provide only with consent.
   
   
2. Right to object to data processing:
   2.1 The Client has the right to object at any time – for reasons related to their particular situation – to the processing of their personal data based on Art. 6(1)(e) or (f) GDPR, including profiling under these provisions. The Controller may no longer process such personal data unless it demonstrates the existence of legally justified grounds overriding the interests, rights, and freedoms of the data subject, or grounds for establishing, asserting, or defending claims.
   2.2 Opting out via e-mail from receiving marketing communications regarding products or services will constitute the Client’s objection to the processing of their personal data, including profiling for these purposes.
   
   
3. Right to erasure (“right to be forgotten”):
   3.1 The Client has the right to request the deletion of all or part of their personal data.
   3.2 The Client has the right to request deletion of personal data if:
   3.2.1 personal data is no longer necessary for the purposes for which it was collected or processed;
   3.2.2 consent has been withdrawn, to the extent that data was processed based on consent;
   3.2.3 the Client objected under Art. 21(1) GDPR against processing and there are no overriding legitimate grounds for processing or they objected under Art. 21(2) GDPR;
   3.2.4 personal data is processed unlawfully;
   3.2.5 personal data must be deleted to comply with a legal obligation under EU law or the law of a Member State to which the Controller is subject;
   3.2.6 personal data was collected in connection with the provision of online services.
   3.3 Despite a deletion request, due to objection or withdrawal of consent, the Controller may retain certain personal data to the extent necessary for establishing, pursuing, or defending claims, as well as to comply with a legal obligation under EU or Member State law. This particularly concerns personal data including: first name, last name, e-mail address, retained for the purpose of handling complaints and claims related to the use of the Controller’s services, and additionally residential/correspondence address, order number, retained for handling complaints and claims related to concluded sales agreements or service provision.
4. Right to restriction of data processing:
   4.1 The Client has the right to request the restriction of the processing of their personal data. Submitting the request, until it is considered, prevents the use of certain functionalities or services, the use of which would involve processing of the data covered by the request. The Controller will also not send any communications, including marketing ones.
   4.2 The Client has the right to request restriction of data use in the following cases:
   4.2.1 when the accuracy of personal data is contested – in such case the Controller restricts their use for the time necessary to verify accuracy, but no longer than 7 days;
   4.2.2 when the processing is unlawful, and instead of erasure, the Client requests restriction of use;
   4.2.3 when data is no longer necessary for the purposes for which it was collected or used, but is needed by the Client to establish, assert, or defend claims;
   4.2.4 when the data subject objected to the processing of their data – until it is determined whether the Controller’s legally justified grounds override the objection.
   
   
5. Right to request access to personal data and receive a copy:
   5.1 The Client has the right to obtain from the Controller confirmation as to whether personal data concerning them is being processed, and if so, the Client has the right to:
   5.1.1 access their personal data;
   5.1.2 obtain information about the purposes of processing, categories of processed personal data, recipients or categories of recipients of the data, the planned period of storage of the Client’s data or the criteria for determining this period (when determining the planned period is not possible), rights granted under GDPR, and the right to lodge a complaint with the supervisory authority; if data were not collected from the data subject – all available information about their source, about automated decision-making, including profiling referred to in Art. 22(1) and (4) GDPR, as well as – at least in these cases – important information on the principles of such decision-making, significance, and expected consequences for the data subject, and safeguards applied in connection with transferring personal data outside the European Union;
   5.1.3 receive a copy of their personal data. The right to receive a copy shall not adversely affect the rights and freedoms of others.
   
   
6. Right to rectification (correction) of data:
   6.1 The Client has the right to request from the Controller immediate rectification of inaccurate personal data concerning them. Considering the purposes of processing, the Client has the right to request completion of incomplete personal data, including by submitting an additional statement, by sending a request to the e-mail address in accordance with §6 of the Privacy Policy.
   
   
7. Right to data portability:
   7.1 The Client has the right to receive personal data they provided to the Controller and subsequently transmit them to another chosen data controller. The Client also has the right to request that the data be sent by the Controller directly to such a data controller, if technically feasible. In such case, the Controller will send the Client’s personal data in a csv file format, which is widely used, machine-readable, and allows transferring the received data to another data controller.
   
   
8. Right to lodge a complaint with the supervisory authority:
   8.1 The Client has the right to lodge a complaint with the President of the Personal Data Protection Office regarding a breach of their personal data protection rights or other rights granted under GDPR.
   
   
9. In the event the Client exercises any of the above rights, the Controller shall fulfill or refuse the request without delay, no later than within one month of its receipt. However, if – due to the complex nature of the request or the number of requests – the Controller cannot comply within one month, it will comply within the next two months, informing the Client in advance within one month from receipt of the request about the intended extension and its reasons.
   
   
10. The Client may submit complaints, inquiries, and requests regarding the processing of their personal data and the exercise of their rights to the Controller.
    
    

§6 Changes to the Privacy Policy

1. The Privacy Policy may change, about which the Controller is not obliged to inform.
   
   
2. Questions related to the Privacy Policy should be directed to the e-mail address: biuro@d-tech.com
   
   

Date of last modification: 25.07.2025