Privacy Policy

Privacy Policy

This Privacy Policy has been prepared in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”), as well as other applicable national regulations.

I.

Controller of the website www.lanonabytok.sk

Business name: “LANO MEBLE” Siwik Cezary

Registered office/place of business: Tyble 63a, 98-420 Sokolniki, Republic of Poland

Company ID: (NIP) 6190013551

Tax ID: (REGON) 100363308

(hereinafter referred to as the “Controller”)

The Controller obtains the personal data of data subjects via the website www.lanomeble.pl.

Our company has appointed a person responsible for personal data protection, namely Cezary Siwik. If you have any questions regarding this document, the use of your personal data or the exercise of your rights under this document, please contact the responsible person by e-mail at biuro@lanomeble.pl or in writing at: “Lano Meble” Siwik Cezary, Tyble 43C, 98-420 Sokolniki.

II.

List of processed personal data

When providing services, the Controller obtains the following data about the data subject:

1. Data required to process a purchase – Only data without which the Controller cannot ship the purchase or process the order are mandatory. Such personal data include: name, e-mail address, delivery address, telephone number and the subject of the order itself. In the case of business customers, also company registration number, tax identification number and business name.
2. If the data subject decides to create a user account on the Controller’s website (www.lanomeble.pl), the Controller also processes all data related thereto. The only mandatory data for registering a user account is the data subject’s e-mail address, which the Controller uses to communicate with the data subject. Creating an account in order to place an order via the website is not mandatory.
3. If the data subject logs in to the user account with the Controller via their Google or Facebook account, these networks provide the Controller with data such as name or e-mail address. The data subject may terminate the sharing of such data between the Controller and Google or Facebook at any time in the settings of their user profile on these networks.
4. If the data subject uses the Controller’s services, the Controller also obtains data on how the data subject uses those services. This includes information regarding the data subject’s interactions with the Controller’s services, such as when the data subject accesses the Controller’s website, what they search for, when the data subject creates an account and when they log in to the account.
5. The Controller also obtains data about the devices and computers used by the data subject to access the Controller’s services, including IP addresses, browser settings, information about operating systems, possibly information about the data subject’s mobile device, information about the website from which the data subject accessed the Controller’s website, websites visited by the data subject, and information from cookies and similar tools.

III.

Purpose, scope, duration and legal basis of personal data processing

The Controller processes personal data for the following purposes, within the following scope, for the following duration and on the following legal basis:

1. Conclusion and performance of a contract for the provision of electronic services or taking steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR). Data are stored for the period necessary to perform, terminate or otherwise end the validity of the concluded contract. Scope of processed personal data: first name and surname, e-mail address, contact telephone number, delivery address (street, house number, flat number, city, country, residential/business/registered office address if different from the delivery address). This scope may change, in particular in the case of personal collection of the consignment;
2. Compliance with the Controller’s legal obligations in connection with the processing of orders, including the complaints process as well as accounting and tax obligations (Article 6(1)(c) GDPR). The Controller processes data provided in connection with placing an order for the period necessary to complete it, including settlement of the concluded contract and obligations arising therefrom, including accounting and tax obligations. Scope of processed personal data: first name and surname, e-mail address, mobile phone number, residential/business/registered office address;
3. Establishing, exercising or defending claims in court, administrative or other legal proceedings that may be initiated by or against the Controller (Article 6(1)(f) GDPR). Personal data are stored for the purpose of asserting or defending against potential claims for the statutory limitation period. Scope of processed data: first name and surname, e-mail address, contact telephone number, delivery address (street, house number, flat number, city, country, residential/business/registered office address if different from the delivery address);
4. Communication in connection with an enquiry sent to the Controller by e-mail or telephone (Article 6(1)(b) and (f) GDPR). Personal data provided in connection with an enquiry are processed for the duration of our legitimate legal interest related to handling the enquiry sent by the data subject, including providing a response. Scope of processed data: e-mail address, telephone number and data provided in the form;
5. Contacting the data subject in connection with a telephone order at the data subject’s request (Article 6(1)(b) and (f) GDPR). Personal data are processed until the end of telephone communication with the data subject. Scope of processed data: telephone number and data provided during the conversation;
6. Marketing activities, direct marketing including the electronic sending of commercial information – if consent has been given (Article 6(1)(f) GDPR). Personal data are stored for the duration of the Controller’s legitimate interest, but no longer than until the data subject raises an objection or for the duration of the Controller’s legitimate interest. Scope of processed data: first name and surname, e-mail address;
7. Personalised marketing and advertisement customisation (Google Customer Match) – if consent has been given (Article 6(1)(f) GDPR). Personal data in the form of an e-mail address may be used to carry out personalised marketing campaigns within the Google advertising ecosystem (e.g. Google Search, YouTube, Gmail). This process involves sending an encrypted version of your e-mail address to Google, which compares the received data with its user database to determine whether you have a Google account. If a match is found, you will be added to a list of custom audiences, allowing us to target you with personalised advertising messages. Personal data are processed until you withdraw your consent.

IV.

Disclosure of processed personal data

1. The Controller does not publish, disclose or provide the personal data of data subjects to any other entities in any manner. The Controller provides the data subject’s personal data only to the entities listed in points 2–4 of this section.
2. The Controller discloses personal data to third parties providing delivery services to the data subject in connection with processing their order. (Specify the delivery companies providing services for the Controller)
3. Poczta Polska Spółka Akcyjna with its registered office in Warsaw (00-940), ul. Rodziny Hiszpańskich 8, NIP (VAT ID): 525-000-73-13, KRS: 0000334972
4. The Controller discloses personal data to certain suppliers who process them for the Controller on the basis of its instructions and in accordance with this document. They comply with all necessary security, technical and organisational measures to ensure the required protection of the data subject’s personal data. These partners currently include: (Specify the supplier companies providing external services for the Controller)

1. The Controller provides personal data to the following entities:

1. entities supporting the recovery of receivables for the Controller’s company;
2. entities providing accounting services to the Controller’s company;
3. entities providing legal services related to the Controller’s activity;
4. entities providing IT services related to the Controller’s activity, including hosting services;
5. providers of tools used to analyse traffic on the Controller’s website;
6. entities providing services supporting the Controller in carrying out marketing activities;
7. entities that process personal data on behalf of the Controller.

1. All of these entities process data on the basis of a contract concluded with the Controller and only in accordance with its instructions.
2. The Controller does not transfer the personal data of data subjects to third countries or international organisations.

V.

Conditions of processing

1. The Controller undertakes to process and handle all personal data of the data subject in accordance with applicable European Union and Slovak Republic legislation. For this purpose, the Controller implements all necessary security, technical and organisational measures to protect the personal data of data subjects. Electronic data are stored in a protected database on a server owned by the Controller or dedicated to the Controller. The database containing personal data is protected against damage, destruction, loss and misuse.

VI.

Rights and obligations of the data subject

The data subject has the right to:

1. access their data, including confirmation of processing, obtaining a copy of the data and information on processing purposes, recipients of the data, whether data have been transferred to a third country and the period for which the data will be stored;
2. rectify incorrect data or request completion of incomplete data. The data subject may do so directly in their account or request us to do so;
3. request immediate erasure of data if:

1. the data are no longer necessary for the purposes for which they were collected or otherwise processed;
2. the data subject has withdrawn consent on which the processing is based and there is no other legal basis for processing;
3. the data subject has objected to processing based on legitimate interest and there are no overriding legitimate grounds for processing, or has objected to processing for direct marketing purposes;
4. the personal data have been processed unlawfully;
5. the personal data must be erased to comply with a legal obligation;

1. request restriction of processing if:

1. the personal data are inaccurate – processing will be restricted until their accuracy is verified;
2. processing is unlawful and the data subject requests restriction instead of erasure;
3. the Controller no longer needs the data, but the data subject requires them to establish, exercise or defend legal claims;
4. the data subject has objected to processing pending verification of whether the Controller’s legitimate grounds override those of the data subject;

1. receive personal data processed on the basis of consent and/or a contract and processed by automated means, in a structured, commonly used and machine-readable format. At the data subject’s request, such data may be transferred to another controller chosen by the data subject, provided this is technically feasible;
2. lodge a complaint with a supervisory authority if the data subject believes that processing of personal data relating to them infringes the GDPR; the supervisory authority is: the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic;
3. withdraw consent at any time where processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal;
4. object to processing on grounds relating to the data subject’s particular situation, including the right to object to profiling based on the Controller’s legitimate interest. The data subject also has the right to object to processing of personal data for direct marketing purposes.

VII.

Information on the exercise of data subject rights

1. The data subject has the right to exercise the rights set out in Section VI by submitting a written request to the Controller. The Controller is obliged to provide information on the actions taken within 30 days of receipt of the request. In justified cases, this period may be extended to 60 days. The Controller must inform the data subject of any extension.

VIII.

Automated processing

1. The Controller processes personal data by automated means, including profiling, consisting of creating personalised product offers available in the LanoMeble.pl store assortment, presenting them on the website, including product recommendations, and sending them in marketing communications, thereby enabling the data subject – the customer – to purchase products at the prices indicated in the offer sent by the Controller. Personal data will be processed in this manner only if the data subject gives voluntary consent.

IX.

Marketing information and Cookies

1. The data subject may consent to receiving commercial and marketing information electronically. The data subject may withdraw consent at any time by sending an e-mail to biuro@lanomeble.pl or by sending a registered letter to the Controller’s address: Tyble 63a, 98-420 Sokolniki, Republic of Poland.
2. The Controller uses SALESmanago for marketing purposes and for sending newsletters. The Controller uses cookies to personalise transmitted content and for statistical purposes. As part of marketing campaigns, the Controller also uses the following tools: third-party cookies Google Tag, Extended Google Ads Conversion Tag, Facebook Pixel and Pinterest Pixel.