PRIVACY POLICY OF THE WEBSITE

§ 1
GENERAL PROVISIONS

1. The administrator of personal data collected via the website www.brinovalighting.com is BRITOP LIGHTING SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, entered into the Register of Entrepreneurs by the DISTRICT COURT IN OPOLE, 8th COMMERCIAL DIVISION OF THE NATIONAL COURT REGISTER under KRS number: 0000362052, with its registered office and correspondence address at: ul. Nowe Osiedle 13D, 47-240 Bierawa, NIP: 7492068443, REGON: 160331997, e-mail address: brinova@brinovalighting.com, hereinafter referred to as the “Administrator” and at the same time the “Service Provider”.

2. The personal data collected by the Administrator via the website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR.

§ 2
TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes the personal data of the Service Users of the website www.brinovalighting.com in the following cases:
   
   1. subscribing to the Newsletter for the purpose of sending commercial information by electronic means. Personal data is processed upon separate consent, based on Article 6(1)(a) of the GDPR,
   2. using the Contact Form for the purpose of sending a message to the Administrator, based on Article 6(1)(f) of the GDPR (legitimate interest of the controller).
2. TYPE OF PERSONAL DATA PROCESSED. The Service User provides, in the case of:
   
   1. Newsletter: first name and last name, company name, company address, position, tax identification number (NIP), e-mail address,
   2. Contact Form: first name and last name, company name, profession, phone number, e-mail address.
3. PERIOD OF PERSONAL DATA STORAGE. The personal data of Service Users are stored by the Administrator:
   
   1. in cases where the basis for data processing is the performance of a contract, for as long as it is necessary to perform the contract, and thereafter for a period corresponding to the statute of limitations for claims. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity – three years,
   2. in cases where the basis for data processing is consent, for as long as the consent is not withdrawn, and after the withdrawal of consent, for a period corresponding to the statute of limitations for claims that the Administrator may assert and that may be asserted against him. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity – three years.
4. While using the Website, additional information may be collected, in particular: the IP address assigned to the Service User’s computer or the external IP address of the Internet service provider, domain name, type of browser, access time, and type of operating system.
5. Upon separate consent, based on Article 6(1)(a) of the GDPR, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes – in accordance with Article 398(1) and (2) of the Act of 12 July 2024 – Electronic Communications Law, including those directed as a result of profiling, provided that the Service User has given the appropriate consent.
6. As part of the User’s activity on the Website, profiling may take place, aimed at selecting appropriate advertising content that will be directed to the User.
7. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. Profiling does not produce legal effects on the Service User nor does it otherwise significantly affect their situation. Its sole purpose is to better tailor marketing content and offers.
8. Navigation data may also be collected from Service Users, including information about links and references they choose to click on or other activities undertaken on the Website. The legal basis for such processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting of facilitating the use of services provided electronically and improving the functionality of these services.
9. Providing personal data by the Service User is voluntary.
10. The Administrator exercises particular care to protect the interests of the data subjects, and in particular ensures that the data collected by him are:
    
    1. processed in accordance with the law,
    2. collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,
    3. factually correct and adequate in relation to the purposes for which they are processed and stored in a form that permits identification of the data subjects no longer than is necessary to achieve the purpose of the processing.

§ 3
DISCLOSURE OF PERSONAL DATA

1. The personal data of Service Users are transferred to service providers used by the Administrator in the operation of the Website, in particular to:
   
   1. the hosting provider,
   2. the provider of software enabling business operations,
   3. entities providing mailing systems,
   4. the provider of software necessary for the operation of the website.
2. The service providers referred to in point 1 of this paragraph, to whom personal data are transferred, depending on contractual arrangements and circumstances, either act on the instructions of the Administrator regarding the purposes and means of processing such data (processors) or independently determine the purposes and means of their processing (controllers).
3. The personal data of Service Users are stored exclusively within the European Economic Area (EEA), subject to § 5 point 5 of the Privacy Policy.
4. Personal data may be transferred outside the European Economic Area (EEA), in particular to the United States, in connection with the Administrator’s use of analytical and marketing tool providers (e.g., Google LLC, Meta Platforms Inc.).
   The transfer of data is carried out on the basis of Standard Contractual Clauses (SCC) approved by the European Commission, in accordance with Article 46(2)(c) of the GDPR.

§ 4
RIGHT TO CONTROL, ACCESS, AND RECTIFICATION OF PERSONAL DATA

1. The data subject has the right to access their personal data and the right to rectify, erase, restrict processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
2. Legal grounds for the Service User’s request:
   
   1. Access to data – Article 15 GDPR
   2. Rectification of data – Article 16 GDPR
   3. Erasure of data (the so-called right to be forgotten) – Article 17 GDPR
   4. Restriction of processing – Article 18 GDPR
   5. Data portability – Article 20 GDPR
   6. Objection – Article 21 GDPR
   7. Withdrawal of consent – Article 7(3) GDPR
3. To exercise the rights referred to in point 2, a relevant e-mail may be sent to: brinova@brinovalighting.com
4. If the Service User exercises a right arising from the above-mentioned rights, the Administrator shall fulfil the request or refuse to do so without undue delay, but no later than within one month of receiving it. However, if – due to the complex nature of the request or the number of requests – the Administrator is unable to fulfil the request within one month, it shall fulfil it within the following two months, informing the Service User in advance, within one month of receiving the request, of the intended extension of the deadline and the reasons for it.
5. If it is determined that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.

§ 5
“COOKIES” FILES

1. The Administrator’s website uses “cookies.”
2. The installation of “cookies” is necessary for the proper provision of services on the Website. The “cookies” files contain information necessary for the correct functioning of the website and also make it possible to compile general statistics on website visits.
3. Two types of “cookies” are used on the website: “session” and “persistent.”
   
   1. “Session” cookies are temporary files stored on the Service User’s end device until they log out (leave the website),
   2. “Persistent” cookies are stored on the Service User’s end device for the time specified in the “cookies” file parameters or until they are deleted by the Service User.
4. The Administrator uses its own cookies to better understand how Service Users interact with the website’s content. The cookies collect information about how the Service User uses the website, the type of page from which the Service User was redirected, as well as the number of visits and the duration of the Service User’s visit to the website. This information does not record specific personal data of the Service User but is used to compile statistics on website usage.
5. The Administrator also uses external cookies to collect general and anonymous statistical data through analytical tools such as Google Analytics (external cookie administrator: Google LLC, based in the USA).
6. Cookies may also be used by advertising networks, particularly the Google network, to display advertisements tailored to the way the Service User uses the Website. For this purpose, they may store information about the Service User’s navigation path or the time spent on a particular page.
7. The Service User has the right to decide on the access of “cookies” to their computer by:
   
   1. selecting the types of cookies they consent to be collected immediately after entering the Website and when the cookies notification appears,
   2. changing the settings in their browser window. Detailed information on the possibilities and methods of handling “cookies” is also available in the settings of the software (web browser).

§ 6
ADDITIONAL SERVICES RELATED TO USER ACTIVITY ON THE WEBSITE

1. The Administrator uses remarketing tools on its website, such as Google Ads, which involves the use of cookies from Google LLC related to the Google Ads service. Through the cookie settings management mechanism, the Service User can decide whether the Service Provider may use Google Ads (external cookie administrator: Google LLC, based in the USA) in relation to them.

§ 7
FINAL PROVISIONS

1. The Administrator applies technical and organizational measures to ensure the protection of processed personal data appropriate to the risks and the category of data being protected, and in particular safeguards the data against unauthorized access, acquisition by unauthorized persons, processing in violation of applicable regulations, as well as alteration, loss, damage, or destruction.
2. The Administrator provides appropriate technical measures to prevent the acquisition and modification by unauthorized persons of personal data transmitted electronically.
3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other applicable provisions of Polish law shall apply accordingly.
4. The Administrator updates this Privacy Policy in connection with legal changes or business development. Information about any modification of the Privacy Policy will be published at least 7 days before its entry into force on the website or sent by e-mail to the Service User who uses the Electronic Services provided on a continuous basis (Newsletter).