Privacy Policy

Working draft — requires legal review before production use.

Privacy Policy of the enetiv.com website

This Privacy Policy sets out the rules for processing and protecting the personal data of users of the website available at enetiv.com (hereinafter: the "Website"). This document has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: the "GDPR").

1. Data controller

The controller of personal data is:

  • ENETIV Grzegorz Janowiak — a sole proprietorship entered in the Central Register and Information on Economic Activity (CEIDG),
  • address: ul. Żeromskiego 6, 34-300 Żywiec, Poland,
  • VAT ID (NIP): 6462133299,
  • e-mail address: box@enetiv.com,
  • phone: +48 532 885 000.

The Controller has not appointed a Data Protection Officer (DPO). In all matters related to the processing of personal data and the exercise of rights under the GDPR, you may contact the Controller at the e-mail address: box@enetiv.com or by post at the registered office address indicated above.

The Controller's business consists of the servicing, repair and reconditioning of industrial automation, as well as the sale and sourcing of spare parts. The Website serves to present the offer, enables submitting requests for quotation, and — within the customer account — allows submitting inquiries and tracking the status of repairs.

2. Scope of processed data

Depending on how the Website is used, the Controller may process the following categories of personal data:

  • Identification and contact data — first name and surname, company name, e-mail address, phone number, correspondence or registered office address.
  • Customer account data — login (e-mail address), authentication data and information associated with the account (inquiry history, repair status).
  • Data contained in requests for quotation and service requests — description of the device, description of the fault, expectations regarding the service, and other information voluntarily provided by the user in the content of the inquiry or in attachments.
  • Billing and transaction data — data necessary to perform the service, issue accounting documents and settle payments (including VAT ID, invoice data).
  • Correspondence data — the content of e-mail messages and other correspondence conducted with the Controller.
  • Technical and usage data — IP address, device and browser identifiers, information collected via cookies, and data on activity on the Website.

Providing data is voluntary but necessary to conclude and perform a contract, set up a customer account, respond to a request for quotation or perform a service. Failure to provide data may make it impossible to use the relevant functions of the Website or the Controller's services.

3. Purposes and legal bases for processing

Personal data is processed for the following purposes and on the following legal bases arising from Article 6(1) of the GDPR:

  • Responding to a request for quotation and conducting correspondence — on the basis of the legitimate interest of the Controller consisting in handling inquiries and communicating with interested parties (Article 6(1)(f) GDPR), and to the extent aimed at concluding a contract — on the basis of taking steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR).
  • Setting up and maintaining a customer account, submitting inquiries and tracking the status of repairs — for the purpose of performing a contract for the provision of services by electronic means (Article 6(1)(b) GDPR).
  • Concluding and performing a contract for servicing, repair or reconditioning services and the supply of spare parts — for the purpose of performing a contract or taking steps prior to entering into it (Article 6(1)(b) GDPR).
  • Fulfilling the legal obligations incumbent on the Controller, including tax and accounting obligations (e.g. issuing and storing accounting documents) — on the basis of a legal obligation (Article 6(1)(c) GDPR).
  • Establishing, asserting or defending against claims — on the basis of the legitimate interest of the Controller (Article 6(1)(f) GDPR).
  • Ensuring the security of the Website, keeping statistics and improving the quality of services — on the basis of the legitimate interest of the Controller (Article 6(1)(f) GDPR).
  • Direct marketing and the use of cookies other than those strictly necessary — to the extent requiring consent, on the basis of the consent of the data subject (Article 6(1)(a) GDPR). Consent may be withdrawn at any time, which does not affect the lawfulness of processing carried out before its withdrawal.

4. Data recipients

Personal data may be made available or entrusted for processing to the following categories of recipients, solely to the extent necessary to achieve the purposes indicated above:

  • entities providing the Controller with hosting, IT, maintenance and Website support, and e-mail services;
  • payment service providers, courier and postal operators — to the extent of carrying out deliveries and settlements;
  • entities providing bookkeeping, accounting, tax and legal services;
  • partners and suppliers of spare parts — to the extent necessary to fulfil an order or service;
  • public authorities and other entities entitled to receive data on the basis of applicable legal provisions.

Entities processing data on behalf of the Controller act on the basis of concluded personal data processing agreements and solely in accordance with the Controller's instructions.

5. Data retention period

Personal data is stored for the period necessary to achieve the purposes for which it was collected, and in particular:

  • data processed for the purpose of performing a contract — for the duration of the contract and after its termination, until the limitation period for any claims expires;
  • data contained in accounting and settlement documents — for the period required by tax and accounting regulations (as a rule, 5 years counted from the end of the calendar year in which the tax obligation arose);
  • customer account data — for the period it is maintained, until the account is deleted or a request for its removal is submitted;
  • data processed on the basis of consent — until it is withdrawn;
  • data processed on the basis of the legitimate interest of the Controller — until an effective objection is raised or that interest ceases.

6. Rights of the data subject

In connection with the processing of personal data, the data subject has the following rights:

  • the right of access to the data and to obtain a copy thereof (Article 15 GDPR);
  • the right to rectification of inaccurate data and completion of incomplete data (Article 16 GDPR);
  • the right to erasure of data (the "right to be forgotten") in the cases provided for by the regulations (Article 17 GDPR);
  • the right to restriction of processing of data (Article 18 GDPR);
  • the right to object to processing of data based on the legitimate interest of the Controller, including objection to direct marketing (Article 21 GDPR);
  • the right to data portability of data processed in an automated manner on the basis of consent or a contract (Article 20 GDPR);
  • the right to withdraw consent at any time, without affecting the lawfulness of processing carried out before its withdrawal (Article 7(3) GDPR);
  • the right to lodge a complaint with a supervisory authority — the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw), if the person considers that the processing of their data infringes the provisions of the GDPR.

To exercise the above rights, please contact the Controller at the e-mail address box@enetiv.com or by post at the registered office address. The Controller responds without undue delay, as a rule within one month of receiving the request.

7. Cookies

The Website uses cookies, i.e. small text files stored on the user's terminal device. The following are used:

  • strictly necessary cookies — required for the proper functioning of the Website, including session handling, login and maintaining the customer account; their use takes place on the basis of the legitimate interest of the Controller;
  • functional, analytical and marketing cookies — used to remember preferences, keep statistics and tailor content; their use takes place on the basis of the user's consent.

The user may change the cookie settings in their web browser at any time, including blocking their use or deleting files already stored. Restricting the use of cookies may affect certain functionalities of the Website.

8. Transfer of data outside the European Economic Area (EEA)

As a rule, personal data is processed within the European Economic Area (EEA). Should the achievement of the processing purposes require the transfer of data to a third country (outside the EEA), e.g. in connection with the use of services of providers established outside the EEA, such transfer will take place only with the provision of appropriate safeguards provided for in Chapter V of the GDPR — in particular on the basis of a European Commission adequacy decision confirming an adequate level of protection or standard contractual clauses approved by the European Commission. The data subject may obtain a copy of the safeguards applied by contacting the Controller at box@enetiv.com.

9. Changes to the privacy policy

The Controller reserves the right to introduce changes to this Privacy Policy, in particular in connection with changes in the law, technological developments or changes in the scope of the services provided. The current version of the Privacy Policy is published on the Website each time. Changes take effect upon their publication, unless another date is indicated. It is recommended to periodically review the content of this document.