PRIVACY POLICY
ALU LIDS GROUP SP. Z O.O., WITH ITS REGISTERED OFFICE IN RZEPLIN

  1. DEFINITIONS

    1. Controller - Alu Lids Group Sp. z o.o. with its registered office in Rzeplin, Al. Kalifornijska 7, 55-020 Rzeplin, entered in the Register of Entrepreneurs of the National Court Register (KRS): 0000407261, Tax Identification Number (NIP): 8943037392
    2. Personal data – first name, surname or company name, position, e-mail address, telephone number, as well as other data such as the content of messages sent via the contact form, technical data related to the use of the Website, including the device IP address, location data, online identifier, browser type, operating system, access and use time of the Website, and other information collected through cookies and other similar technologies indicated below.
    3. Cookies small text files sent by the visited website to the User’s device (e.g. computer, smartphone or tablet). Cookies collect information that facilitates use of the website, for example by remembering the User’s visits to the Website and the actions performed by them.
    4. Policy – this Privacy Policy.
    5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
    6. Website - the website operated by the Controller at: www.platynki.pl, www.alulids.com, www.alulids.de
    7. Device – any terminal device used by Users to access the Website, such as a personal computer, tablet or telephone.
    8. User – any natural or legal person visiting the Website or using one or more of the services or functionalities described in the Policy.

  2. PROCESSING OF DATA IN CONNECTION WITH USE OF THE WEBSITE

    1. In connection with the User’s use of the Website, the Controller collects data, including Personal data, as well as information concerning the User’s activity within the Website.
    2. The Controller applies all necessary measures aimed at protecting Personal Data against loss, destruction, improper use, disclosure or access by unauthorised persons.
    3. The User may contact the Controller via e-mail at: biuro@platynki.pl by telephone at: +48 71 300 13 33 or in writing to the registered office address of the Controller.

  3. PURPOSES AND LEGAL BASES FOR DATA PROCESSING WITHIN THE WEBSITE

    1. USE OF THE WEBSITE
      1. The User may browse the Website without providing their personal data or registering. Certain functionalities may require the provision of data (e.g. a contact form), and certain data may be collected automatically (cookies).
      2. The Personal Data of all persons using the Website (including IP address or other identifiers and information collected via cookies or similar technologies) are processed by the Controller:
        1. for the purpose of enabling contact with the Controller, responding to the User’s enquiry and taking action at the User’s request prior to entering into an agreement, including preparing an offer, conducting correspondence and the possible conclusion and performance of an agreement – in such case, the legal basis for processing is the necessity of processing for the performance of an agreement (Article 6(1)(b) and (f) of the GDPR);
        2. for analytical and statistical purposes – in such case, the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR);
        3. for the purpose of establishing and pursuing claims or defending against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in the protection of its rights;
        4. for marketing purposes of the Controller and other entities, in particular in connection with the presentation of behavioural advertising (Article 6(1)(a) GDPR).
      3. User activity within the Website, including their Personal Data, is recorded in system logs (a specialised computer program used to store a chronological record containing information on events and activities relating to the Controller’s IT system). The information collected in the logs is processed primarily for technical and administrative purposes, to ensure the security of the IT system and the management thereof, as well as for analytical and statistical purposes – in this respect the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR).
    2. CONTACT FORM
      1. The Controller provides the possibility to contact it by means of an electronic contact form. Use of the form requires the provision of Personal Data necessary to establish contact with the User and to respond to the enquiry. The User may also provide additional data in order to facilitate contact or the handling of the enquiry. Provision of data marked as mandatory is required in order to accept and process the enquiry, and failure to provide such data will result in the inability to process it. Provision of other data is voluntary.
      2. Personal Data is processed:
        1. for the purpose of identifying the sender and handling their enquiry submitted through the provided form, including conducting correspondence, preparing an offer and undertaking actions aimed at concluding an agreement – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR);
        2. with regard to data provided voluntarily, the legal basis for processing is consent (Article 6(1)(a) of the GDPR);
        3. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), consisting in maintaining statistics of enquiries submitted by Users via the Website in order to improve its functionality.

  4. METHOD OF USE OF DATA

    1. The Controller processes the Users’ Personal Data in particular for the purpose of:
      1. responding to enquiries submitted via the contact form or e-mail;
      2. conducting correspondence related to the enquiry;
      3. preparing an offer and undertaking actions aimed at concluding an agreement;
      4. the possible conclusion and performance of an agreement;
      5. pursuing claims or defending against claims, considering any objections from Users;
      6. keeping statistics in anonymised form.
    2. The Controller in certain cases uses profiling for the purposes of carrying out marketing activities. This means that, by employing automated data processing, the Controller evaluates selected factors relating to Users in order to analyse their behaviour or to create forecasts for the future. This enables better tailoring of displayed content to the individual preferences and interests of the User.

  5. SOCIAL MEDIA

    1. The Controller processes the Personal Data of Users visiting the Controller’s profiles maintained on social media (LinkedIn). Such data is processed solely in connection with the operation of the profile, including for the purpose of informing Users about the Controller’s activities and promoting various events, services and products. The legal basis for the processing of Personal Data by the Controller for this purpose is its legitimate interest (Article 6(1)(f) GDPR), consisting in promoting its own brand.

  6. COOKIES AND SIMILAR TECHNOLOGY

    1. ‘ESSENTIAL’ COOKIES

      These are cookies used by the Controller for the proper functioning of the Website and enabling contact, for example when completing the contact form. The use of necessary cookies may take place without the need for the User’s consent.

    2. ‘PREFERENCE’ COOKIES

      Preference cookies enable the Website to remember information that changes the appearance or operation of the website, such as the User’s preferred language or region. The use of such cookies requires obtaining the User’s consent.

    3. ‘STATISTICAL’ COOKIES

      Cookies help the Controller to understand Users’ behaviour on the website. The use of such cookies requires obtaining the User’s consent.

    4. ‘MARKETING’ COOKIES

      Cookies help to inform about the Controller’s services through advertisements displayed on external websites. As a result, advertisements are tailored to Users’ preferences. The use of such cookies requires obtaining the User’s consent.

  7. ANALYTICAL AND MARKETING TOOLS USED BY THE CONTROLLER’S PARTNERS

    The Controller uses various solutions and tools for analytical and marketing purposes. Below is basic information regarding these tools. Detailed information in this respect can be found in the privacy policy of the relevant partner.

    1. GOOGLE ANALYTICS

      Google Analytics cookies are files used by Google to analyse the manner in which the User uses the Website, to create statistics and reports on the functioning of the Website. Google does not use the collected data to identify the User, nor does it combine such information in a manner enabling identification. Detailed information on the scope and rules of data collection in connection with this service can be found at: https://policies.google.com/technologies/partner-sites?hl=en.

    2. GOOGLE ADWORDS

      Google AdWords is a tool that enables the measurement of the effectiveness of advertising campaigns carried out by the Controller, allowing for the analysis of data such as keywords or the number of unique users. The Google AdWords platform also enables the display of our advertisements to persons who have previously visited the Website. Information on the processing of data by Google in connection with the above service is available at: https://policies.google.com/technologies/ads?hl=en.

    3. SOCIAL MEDIA PLUG-INS

      The Website uses social media plug-ins (LinkedIn). These plug-ins enable the User to share content published in the Website on a selected social media platform. The use of plug-ins in the Website results in the relevant social media service receiving information about the User’s use of the Website and being able to assign it to the User’s profile created on that platform. The Controller has no knowledge of the purpose and scope of data collection by social media platforms. Detailed information in this respect can be found at the following links:

      1. LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=en_UK

  8. MANAGEMENT OF COOKIE SETTINGS

    1. The use of cookies for the purpose of collecting data by their means, including gaining access to data stored on the User’s device, requires the User’s consent. Such consent may be withdrawn at any time.
    2. Consent is not required solely in the case of cookies whose use is necessary for the provision of a telecommunications service (data transmission for the purpose of displaying content).
    3. The Controller requests Users’ consent for the use of cookies for purposes other than those necessary for the provision of services by means of a dedicated form. This form also provides a function enabling the User to withdraw consent at any time.
    4. The User may independently change cookie settings at any time, specifying the conditions for their storage and for cookies to access the User’s Device. These settings may be changed so as to block the automatic handling of cookies in the web browser settings or to notify the User each time cookies are placed on their device. This can be done through browser settings. Detailed information in this respect can be found at the following links:
      1. Internet Explorer: https://support.microsoft.com/en-us/edge/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use
      2. Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
      3. Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
      4. Opera: https://help.opera.com/en/latest/web-preferences/#cookies
      5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB
    5. The User may at any time verify the status of their current privacy settings for the browser in use by using the tools available at the following links:
      1. https://www.youronlinechoices.com/uk/your-ad-choices
      2. https://optout.aboutads.info/?c=2&lang=EN

  9. PERIOD OF PROCESSING OF PERSONAL DATA

    1. The period for which data are processed by the Controller depends on the type and purpose of processing. As a rule, data are processed:
      1. in the case of enquiries – for the period necessary to provide a response and conduct correspondence with the User;
      2. in the case of commencing cooperation – for the duration of the agreement and after its termination for the period required by law or until the limitation period for claims expires;
      3. in the case of data processed on the basis of consent – until the withdrawal of the consent given or the submission of an effective objection to the processing of data in cases where the legal basis for the processing of data is the legitimate interest of the Controller.
    2. The period of data processing may be extended where processing is necessary for the establishment and pursuit of potential claims or defence against claims, and thereafter only where and to the extent required by law. After the expiry of the processing period, the data are irreversibly deleted or anonymised.

  10. USER RIGHTS

    1. The User has the right to access the content of their data and to request rectification, erasure, restriction of processing, as well as the right to data portability and the right to object to the processing of data, and the right to lodge a complaint with the supervisory authority responsible for the protection of Personal Data, i.e. the President of the Personal Data Protection Office.
    2. To the extent that the User’s data are processed on the basis of consent, the User has the right to withdraw such consent at any time by contacting the Controller, without affecting the lawfulness of processing carried out prior to its withdrawal.
    3. The User has the right to object to the processing of data in cases where the legal basis for the processing of data is the legitimate interest of the Controller – for reasons related to the User’s particular situation, as well as at any time with regard to the processing of data for direct marketing purposes.
    4. The User’s Personal Data will not be processed in an automated manner, including profiling that would produce legal effects concerning the User or similarly significantly affect the User.

  11. DATA RECIPIENTS

    1. Personal data will be disclosed only to external entities authorised under the law or under a data processing agreement with the Controller, including in particular providers responsible for the operation of IT systems, hosting providers, e-mail providers, postal operators and couriers, operators of electronic payment systems and banks with regard to the execution of payments, and marketing agencies with regard to marketing services.
    2. Where the User’s consent is obtained, their data may also be made available to other entities for their own purposes, including marketing purposes.
    3. In each case, the indicated entities or persons are obliged to maintain the confidentiality of the User’s Personal Data and to process them in accordance with the provisions concerning the protection of personal data.
    4. The Controller reserves the right to disclose selected information concerning the User to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.

  12. TRANSFER OF DATA OUTSIDE THE EEA

    The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided under European law. For this reason, the Controller transfers Personal Data outside the EEA only where necessary and with an adequate level of protection ensured, in particular by:

    1. cooperating with entities processing Personal Data in countries in respect of which a relevant decision of the European Commission confirming an adequate level of protection of Personal Data has been issued;
    2. applying standard contractual clauses issued by the European Commission;
    3. applying binding corporate rules approved by the competent authority. The Controller shall always inform of the intention to transfer Personal Data outside the EEA at the stage of their collection.

  13. SECURITY OF PERSONAL DATA

    1. The Controller takes ongoing measures to ensure that Personal Data processed by it are handled in a secure manner – ensuring in particular that access to the data is granted only to authorised persons and only to the extent necessary in view of the tasks performed by them.
    2. The Controller takes all necessary actions to ensure that its subcontractors and other cooperating entities also provide guarantees of applying appropriate security measures whenever they process Personal Data on behalf of the Controller.

  14. CHANGES TO THE PRIVACY POLICY

    The Policy is subject to ongoing review and updated as necessary. Any changes will be published at the Website in a manner enabling the User to familiarise themselves with the current content of the Policy. The current version of the Policy was adopted and is effective as of 31 March 2026.