Privacy Policy

PRIVACY POLICY OF THE FENBRO.COM WEBSITE

1.The Personal Data Controller of the Website available at: https://fenbro.com, hereinafter referred to as the Website, is Fenbro Sp. z o.o. based in Aleje Jerozolimskie 181B, 02-222 Warsaw, entered into the register of entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number: 0000947765, NIP: 7011070120, REGON: 521057577, share capital: PLN 100,000 (fully paid), hereinafter referred to as the Personal Data Administrator. 

2. All inquiries, requests, complaints regarding the processing of personal data by the Personal Data Administrator, hereinafter referred to as Notifications, should be sent to the following e-mail address: [email protected] or in writing to the following address: Fenbro Sp. z o.o., Aleje Jerozolimskie 181B, 02 -222 Warsaw. The content of the Notification must clearly indicate:

a) data of the person or persons concerned by the Notification,

b) the event that is the reason for the Notification,

c) demands and the legal basis for these demands,

d) the expected way of resolving the matter.

 3. We collect the following personal data on our Website:

a) name and surname, telephone number, email address – they may be processed when, as a user of our Website, you provide them to us via the contact form, chat available on the Website, e-mail, by telephone or by traditional mail,

b) IP address of the device and potential personal data contained in Cookies – information resulting from the general principles of connections made on the Internet, such as the IP address (and other information contained in system logs), are used for technical and statistical purposes, in particular for collecting general demographic information (e.g. about the region from which the connection is made). This type of data is also used for marketing and analytical purposes if consent is granted in accordance with Art. 173 section 1 of the telecommunications law,

c) alternatively, other data may be collected as part of conducting specific matters or may be provided to users of our Website via email, contact form available on the Website, traditional mail or by telephone.

 4. Each person using our Website has the opportunity to choose whether and to what extent they want to use our services and share information and data about themselves, to the extent specified in this Privacy Policy. 

5. We process personal data for the following purposes:

a) concluding and performing contracts in connection with the services we offer (Article 6(1)(b) of the GDPR) – in this respect, data will cease to be processed when a given contract is completed,

b) performing legal obligations incumbent on the Personal Data Administrator, in particular keeping records, issuing invoices, etc. (Article 6(1)(c) of the GDPR) – in this respect, personal data will be deleted after fulfilling certain legal obligations,

c) directing marketing content regarding the Administrator and conducting website analytics in connection with the use of cookies (Article 6(1)(a) of the GDPR) – in this respect, personal data is processed until the end of the session or the user deletes cookies, withdraws consent or until the time of effective objection to processing for this purpose,

d) running the Website (Article 6(1)(f) of the GDPR in connection with Article 173(1) of the Telecommunications Law) – in this respect, personal data will cease to be processed in the event of the expiration of the Cookie file, deletion of Cookies or, respectively, in the event of termination a given session,

e) ongoing communication related to the functioning of the Website (Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the Personal Data Administrator) – in this respect, your personal data will cease to be processed at the moment of answering a given question or questions,

f) establishing and pursuing claims or defending against these claims (Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the Personal Data Administrator) – in this respect, personal data will be deleted when the claims expire, but generally after a 3-year limitation period for claims.

 6. The source of Personal Data processed by the Administrator are the data subjects.

7. If there is a button or function that is a link to an external website, application or social media, there is a co-administration relationship between the Administrator of this Website and the administrator of the external website. Co-administration is limited only to the data processing to the extent necessary for operations related to the functioning of a given button or function. The Administrator is not responsible for the policies regarding further processing of personal data of other entities and organisations or providers of social networking sites. Our Joint Controllers within this Website are:

a) Meta Platforms Ireland Ltd. (Facebook, Messenger, Instagram, Facebook Pixel tool) with its registered office at: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,

b) Pinterest Europe Limited (Pinterest) with its registered office at: 2nd Floor Palmerston House, Fenian Street, Dublin 2, Dublin, D02WD37, IRELAND, D02WD37,

c) Google Ireland Ltd. (YouTube, Google Maps) with its registered office at: Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland,

d) Twitter International Unlimited Company (Twitter) located at: Fenian Street DO2 F663 Dublin, Ireland,

e) LinkedIn Ireland Unlimited Company ( Linkedin) with its registered office at: Wilton Place, Dublin 2, Ireland. 

8. The Administrator uses tools from Google Ireland Ltd (Google Workspace, Google Analytics, Google Ads, Google DoubleClick) and Tidio LCC (live chat). As a rule, data processed as part of the use of these tools is processed on servers located within the EEA (European Economic Area). However, entities providing these tools may be obliged to transfer data to third parties if such an obligation is imposed on them by law or if the transfer is necessary due to the characteristics of the services provided (SaaS, hosting, etc.).  The transfer of personal data to the United States is based on the Decision of the European Commission of July 10, 2023 on ensuring an adequate level of protection by the EU-US Data Protection Framework (Article 45(1) of the GDPR). Entities importing personal data, i.e. Google LLC and Tidio LCC, meet the decision criteria, participate in the Data Protection Framework program and are on the list at: https://www.dataprivacyframework.gov/s/participant-search. We do not disclose any personal data to third parties without the express consent of the data subject. Personal data without the consent of the data subject may be made available only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement authorities and other entities authorised by generally applicable law).

9. Personal data may be entrusted for processing to entities processing such data on our behalf as the Personal Data Administrator. In such a situation, as the Personal Data Administrator, we conclude an agreement with the processor to entrust the processing of personal data. The processing entity processes the entrusted personal data only for the purposes, within the scope and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting personal data for processing, we would not be able to conduct our business on the Website. As the Personal Data Administrator, we entrust personal data for processing, in particular to the entities that:

a) provide hosting services for the website on which our Website operates,

b) provide email hosting services,

c) provide analytical and marketing tools.

10. Personal data are not subject to profiling by us as the Personal Data Administrator within the meaning of the provisions of the GDPR.

11. In accordance with the provisions of the GDPR, each person whose personal data we process as the Personal Data Administrator has the right to:

a) access their personal data referred to in Art. 15 GDPR,

b) be informed about the processing of personal data referred to in Art. 12 GDPR,

c) correct, supplement, update and rectify personal data referred to in Art. 16 GDPR,

d) withdraw consent at any time, as referred to in Art. 7 section 3 GDPR,

e) delete data (right to be forgotten), referred to in Art. 17 GDPR,

f) restrict data processing referred to in Art. 18 GDPR,

g) transfer data referred to in Art. 20 GDPR,

h) object to the processing of personal data, as referred to in Art. 21 GDPR,

i) (in the case of the legal basis in the form of consent) withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,

j) not be the subject to profiling referred to in Art. 22 in connection with Art. 4 point 4 of the GDPR,

k) submit a complaint to the supervisory authority (i.e. the President of the Personal Data Protection Office) referred to in Art. 77 GDPR.

12. If you want to exercise your rights referred to in the preceding point, please send a message by e-mail to the e-mail address or in writing to the correspondence address referred to in point 2 above.

13. Each identified case of the security breach is documented, and if one of the situations specified in the provisions of the GDPR or the Act occurs, data subjects are informed about such a breach of the provisions on the protection of personal data and, if applicable, the Personal Data Protection Office.

14. The Cookie Policy is a separate document located at: https://fenbro.com/cookie-policy/

15. In matters not regulated by this Privacy Policy, the applicable provisions of generally applicable law shall apply. In the event of any inconsistency between the provisions of this Privacy Policy and the above provisions, these provisions shall prevail.