Privacy Policy

Definitions
• Administrator - Fulco System sp. Z o.o. based in Gliwice
• Personal data - all information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected via cookies and other similar technology
• Policy - this Privacy Policy
• GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC
• Website - a website maintained by the Administrator at www.fulco.pl
• User - any natural person visiting the Website or using one or more services or functionalities described in the Policy.

 

Data processing in connection with the use of the Website
In connection with the User's use of the Website, the Administrator collects data to the extent necessary to provide individual services offered, as well as information about the User's activity on the Website. The detailed rules and purposes of processing personal data collected during the use of the Website by the User are described below.

 

Purposes and legal grounds for data processing on the Website
Using the Website www.fulco.pl

Personal data of all persons using the Website (including IP address or other identifiers and information collected via cookies or other similar technologies) and not being registered Users (i.e. persons without a profile on the Website) are processed by the Administrator:
• in order to provide electronic services in the scope of making the content collected on the Website available to Users, sharing contact forms - then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR)
• in order to handle purchases made without registration on the Website - then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR)
• for analytical and statistical purposes - then the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in conducting analyzes of Users' activity, as well as their preferences in order to improve the functionalities and services provided
• in order to possibly establish and pursue claims or defend against them - the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in the protection of his rights
The User's activity on the Website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used for the provision of services by the Administrator). Information collected in the logs processed in connection with the provision of services. The administrator also processes them for technical purposes, in particular, the data may be temporarily stored and processed to ensure the security and proper functioning of IT systems, e.g. in connection with backing up, testing changes in IT systems, detecting irregularities or protecting against abuse and attacks.

 

Registration on the website www.fulco.pl
Persons who register on the Website are asked to provide the data necessary to create and operate the account. In order to facilitate service, the User may provide additional data, thus consenting to their processing. Such data can be deleted at any time. Providing data marked as mandatory is required to set up and operate an account, and failure to do so results in the inability to create an account. Providing other data is voluntary.

 

Personal data is processed:
• in order to provide services related to the maintenance and service of an account on the Website - the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR), and in the scope of optional data - the legal basis for processing is consent (Article 6 (1) (a) of the GDPR)
• for analytical and statistical purposes - the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in conducting analyzes of Users' activity on the Website and how to use the account, as well as their preferences in order to improve the functionalities used
• in order to possibly establish and pursue claims or defend against them - the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in the protection of its rights
If the User places any personal data of other people on the Website (including their first and last name, address, telephone number or e-mail address), they may do so only if they do not violate the applicable law and personal rights of these people.

 

Cookies
The administrator uses cookies primarily to provide the User with services provided electronically and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to him use cookies by storing information or accessing information already stored in the User's telecommunications end device (computer, telephone, tablet, etc.). Cookies used for this purpose include:
• cookies with data entered by the User (session ID) for the duration of the session (user input cookies)
• authentication cookies used for services that require authentication for the duration of the session (authentication cookies)
• cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies)
• persistent cookies used to personalize the User's interface for the duration of the session or a little longer (user interface customization cookies)
• cookies used to remember the contents of the basket for the duration of the session (shopping cart cookies)
• cookies used to monitor website traffic, ie data analytics

 

The period of personal data processing
The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the service or the performance of the order, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the Administrator's legitimate interest.
 
The data processing period may be extended if the processing is necessary to establish and pursue any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.

 

User permissions
Data subjects have the following rights:
• The right to information about the processing of personal data - on this basis, the person making such a request, the Administrator provides information on the processing of personal data, including, in particular, the purposes and legal grounds for processing, the scope of data held, entities to whom personal data are disclosed and the planned date of their deletion
• The right to obtain a copy of the data - on this basis, the Administrator provides a copy of the processed data relating to the person submitting the request
• The right to rectify - on this basis, the Administrator removes any inconsistencies or errors regarding the personal data being processed, and supplements or updates them if they are incomplete or have changed
• The right to delete data - on this basis, you can request the deletion of data, the processing of which is no longer necessary to achieve any of the purposes for which they were collected
• The right to limit processing - on this basis, the Administrator ceases to perform operations on personal data, with the exception of operations consented by the data subject and their storage, in accordance with the adopted retention rules, or until the reasons for limiting data processing (e.g. a decision of the supervisory authority will be issued, allowing for further data processing)
• The right to transfer data - on this basis, to the extent that the data is processed in connection with the concluded contract or consent, the Administrator issues data provided by the data subject in a format that can be read by a computer. It is also possible to request that this data be sent to another entity - provided, however, that there are technical possibilities in this regard, both on the part of the Administrator and that other entity.
• The right to object to other purposes of data processing - the data subject may at any time object to the processing of personal data on the basis of the Administrator's legitimate interest (eg for analytical or statistical purposes or for reasons related to the protection of property). The objection in this respect should contain a justification and is subject to the Administrator's assessment
• The right to withdraw consent - if the data is processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the consent was withdrawn
• Right to complaint - if it is found that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, the data subject may submit a complaint to the President of the Personal Data Protection Office
An application regarding the exercise of the rights of data subjects may be submitted:
• in writing to the following address: Fulco System sp. Z o.o., ul. Portowa 16J, 44-100 Gliwice
• by e-mail to the following address: biuro@fulco.pl
The application should, if possible, precisely indicate what the request concerns, i.e. in particular:
• what right the person submitting the application wants to use (e.g. the right to receive a copy of the data, the right to delete the data, etc.)
• what processing process the request concerns (e.g. using a specific service, activity on a specific website, receiving a newsletter containing commercial information to a specific e-mail address, etc.)
• what purposes of processing the request relates to (e.g. marketing purposes, analytical purposes, etc.)
If the Administrator is unable to determine the content of the request or identify the person submitting the application based on the submitted application, he will ask the applicant for additional information.
 
The answer to the applications will be given within one month of its receipt. If it is necessary to extend this period, the Administrator will inform the applicant about the reasons for such extension.
 
The answer will be given to the e-mail address from which the application was sent, and in the case of applications sent by letter, by regular mail to the address indicated by the applicant, unless the content of the letter indicates a desire to receive feedback to the e-mail address (in this case, please provide e-mail adress).

 

Data recipients
In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing accounting, legal, auditing, consulting services, couriers (in connection with the implementation of the order) and logistics companies.
 
If the User's consent is obtained, his data may also be made available to other entities for their own purposes, including marketing purposes.
 
The Administrator reserves the right to disclose selected information about the User to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.

 

Transferring data outside the EEA
The level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when it is necessary and with an adequate level of protection, primarily through:
• cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued
• application of standard contractual clauses issued by the European Commission
• application of binding corporate rules approved by the competent supervisory authority
• in the case of data transfer to the USA - cooperation with entities participating in the Privacy Shield program, approved by the decision of the European Commission
• The administrator always informs about the intention to transfer personal data outside the EEA at the stage of their collection

 

Security of personal data
The administrator conducts a risk analysis on an ongoing basis to ensure that personal data is processed by him in a safe manner - ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. . The administrator makes sure that all operations on personal data are recorded and performed only by authorized employees and associates.
 
The administrator takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process personal data at the request of the Administrator.

 

Contact details
Contact with the Administrator is possible via the e-mail address biuro@fulco.pl or the correspondence address of Fulco System LLC, Portowa 16J Street, 44-100 Gliwice.
 
Change of the Privacy Policy
The policy is verified on an ongoing basis and updated if necessary.