Privacy policy

Privacy and Cookies Policy of the Torakol.pl Website

This Privacy Policy defines the rules for processing and protecting personal data of users using the website torakol.pl, hereinafter referred to as the Website.

This document was drawn up in order to ensure full compliance with the provisions of law on personal data protection, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, as well as the Act on Providing Services by Electronic Means and the Telecommunications Law Act.

1. Personal Data Controller

The controller of personal data of the Website users is:

TORAKOL Sp. z o.o. (formerly: "Rajmund Zalewski TORAKOL")

ul. Słoneczna 24a

88-200 Radziejów

NIP: 8891520945

E-mail: [email protected]

2. Purposes and Legal Bases for Data Processing

Personal data is processed by the Controller for the following purposes, based on specific provisions of the GDPR:

  1. Establishing contact and handling inquiries – in the case of using the contact form, sending an e-mail or contacting by phone, the legal basis for processing is Article 6(1)(f) of the GDPR (legitimate interest of the Controller consisting in building relationships with customers and responding to inquiries) and Article 6(1)(b) of the GDPR (necessity to take steps at the request of the data subject prior to entering into a contract).
  2. Analysis of website traffic and user behavior – the legal basis for processing is Article 6(1)(a) of the GDPR (explicit and voluntary consent of the user to install cookies and process data for analytical purposes).
  3. Marketing activities and remarketing – the legal basis for processing is Article 6(1)(a) of the GDPR (informed consent of the user to the use of marketing cookies in order to display personalized advertisements).
  4. Ensuring security and proper functioning of the Website – the legal basis is Article 6(1)(f) of the GDPR (legitimate interest of the Controller consisting in managing the website, fixing technical errors and protecting against cyber attacks).
  5. Establishment, exercise or defense of legal claims – the legal basis is Article 6(1)(f) of the GDPR (legitimate interest of the Controller consisting in protecting its property and non-property rights in accordance with the provisions of the Civil Code Act).

3. Scope of Processed Data

Depending on how the user uses the Website, the Controller may process the following data:

  1. Data provided voluntarily by the user: name, surname, email address, phone number and any other information contained in the message sent via the contact form or email.
  2. Data collected automatically (server logs): IP address, domain name, web browser type, operating system, time spent on the page, visited subpages and approximate location.
  3. Data collected by cookies: unique cookie identifiers, data on user behavior on the site and information about interactions with advertisements.

4. Cookies and Tracking Tools

The Website uses cookies (small text files saved on the user's end device) and other tracking technologies provided by third parties. Below is a list of all tools and cookies used on the Website:

  1. Google Analytics 4 (Provider: Google Ireland Ltd.) – Purpose: traffic analysis, traffic sources, user behavior. Cookies: _ga, _ga_*. Retention period: 14 months. Data transfer outside the EEA: USA — Standard Contractual Clauses (SCC).
  2. Google Tag Manager (Provider: Google Ireland Ltd.) – Purpose: tag manager for loading other scripts (GTM itself does not collect data directly). Cookies: —. Retention period: —. Data transfer outside the EEA: USA — SCC.
  3. Meta Pixel (Facebook) (Provider: Meta Platforms Ireland Ltd.) – Purpose: remarketing, measuring conversions of advertising campaigns. Cookies: _fbp, fr. Retention period: 90 days — 2 years. Data transfer outside the EEA: USA — SCC.
  4. Google Ads (Conversion Tracking) (Provider: Google Ireland Ltd.) – Purpose: conversion measurement and remarketing in Google Ads. Cookies: _gcl_*, IDE. Retention period: 90 days — 13 months. Data transfer outside the EEA: USA — SCC.
  5. LinkedIn Insight Tag (Provider: LinkedIn Ireland Unlimited Company) – Purpose: conversion measurement and B2B remarketing in LinkedIn Ads. Cookies: li_*, bcookie. Retention period: up to 180 days. Data transfer outside the EEA: USA — SCC.
  6. YouTube — embedding videos (Provider: Google Ireland Ltd.) – Purpose: playing embedded YouTube videos directly on the Website. Cookies: VISITOR_INFO1_LIVE, YSC, PREF. Retention period: 6 months — 2 years. Data transfer outside the EEA: USA — SCC.
  7. Google Maps — embedding maps (Provider: Google Ireland Ltd.) – Purpose: displaying an interactive map of the company's location. Cookies: NID, CONSENT. Retention period: 6 months — 2 years. Data transfer outside the EEA: USA — SCC.

The user has the ability to determine the conditions for storing or accessing cookies using the settings of their web browser or via the cookie banner on the website. Limiting the use of cookies may affect the proper functioning of some features of the Website.

5. Recipients of Personal Data

Personal data of the Website users may be shared with the following categories of entities:

  1. Entities providing hosting and maintenance services for the Website and e-mail.
  2. Providers of external analytical, marketing and functional tools listed in point 4 (in particular Google Ireland Ltd., Meta Platforms Ireland Ltd. and LinkedIn Ireland Unlimited Company).
  3. Companies providing technical, IT and accounting and human resources support to the Controller.
  4. State authorities and offices authorized on the basis of separate legal provisions (e.g. courts, prosecutor's offices, tax offices) – solely within the limits and on the basis of applicable legal provisions.

6. Data Retention Period

Personal data is stored by the Controller for a period depending on the purpose of its processing:

  1. Data used for handling inquiries and contact will be stored for the duration of the correspondence, and after its completion for the period necessary to secure potential claims resulting from the provisions of the Civil Code (typically up to 6 years).
  2. Data processed on the basis of the user's consent (including analytical and marketing data) will be stored until this consent is withdrawn by the user or cookies expire in accordance with the retention described in point 4.
  3. Data processed as part of the implementation of legal obligations will be stored for the periods required by relevant national legal provisions (e.g., Tax Ordinance).

7. Rights of the Data Subjects

Each user whose data is processed by the Controller is entitled to the following rights resulting from the provisions of the GDPR:

  1. The right to access their data and obtain a copy thereof (Article 15 of the GDPR).
  2. The right to rectify (correct) their data (Article 16 of the GDPR).
  3. The right to erase data ('the right to be forgotten') in situations specified in Article 17 of the GDPR.
  4. The right to restrict data processing (Article 18 of the GDPR).
  5. The right to data portability to another controller, provided that the processing is carried out by automated means based on consent or a contract (Article 20 of the GDPR).
  6. The right to object to the processing of data based on the legitimate interest of the Controller (Article 21 of the GDPR).
  7. The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  8. The right to lodge a complaint with a supervisory authority – the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, if it is considered that the processing of personal data violates the provisions of the GDPR.

8. Transfer of Data Outside the European Economic Area (EEA)

In connection with the use of tools provided by Google, Meta and LinkedIn, users' personal data may be transferred to third countries located outside the EEA (in particular to the United States of America). These transfers are based on adequacy decisions of the European Commission or on the basis of Standard Contractual Clauses (SCC) signed with the providers, which guarantees appropriate protection and compliance with personal data protection laws.

9. Contact Regarding Data Protection

In order to exercise your rights, submit comments or obtain additional explanations regarding personal data protection, please contact the Controller directly:

E-mail: [email protected]

Postal address: TORAKOL Sp. z o.o., ul. Słoneczna 24a, 88-200 Radziejów, Poland