Privacy policy

I. BASIC INFORMATION

This Privacy Policy of 366 CONCEPT sp. z o.o., hereinafter referred to as the "Policy", contains general information related to its processing of personal data and applies to: 

  1. candidates for employment with the company under the name 366 CONCEPT sp. z o.o., hereinafter referred to as the "Company";
  2. members of staff employed by the Company;
  3. clients of the Company who use its services, hereinafter referred to as "Clients";
  4. contractors who cooperate with the Company for the purpose of providing services to Clients, hereinafter referred to as "Contractors";
  5. individuals who have given their consent for the Company to provide marketing services to them, including by means of remote communication, i.e. by telephone or e-mail, and users logged into the service of the company under the name 366 CONCEPT sp. z o.o., hereinafter referred to as the "Service".

Detailed information regarding the processing of individual categories of personal data by the Company, as referred to in points 1, 3, 5 above, can be found in the information clauses attached to this Policy, i.e.: 

  1. information clause regarding the processing of personal data of candidates for employment with the company under the name 366 CONCEPT sp. z o.o. - constituting Appendix No. 1 to this Policy;
  2. Information clause on processing of data of clients of the company under the business name 366 CONCEPT sp. z o.o., constituting Appendix No. 2 to this Policy. - constituting Attachment No. 2 to this Policy; 
  3. Information clause on processing of personal data of business information recipients, including Newsletter subscribers and users logged into the Website of the company under the business name 366 CONCEPT sp. z o.o. - constituting Appendix No. 3 to this Policy.

All information regarding the processing of specific categories of personal data by the Company is available by contacting the Personal Data Administrator at info@366concept.com. 


The Company under 366 CONCEPT sp. z o.o. makes every effort to guarantee the highest possible level of security of your personal data information, as a result of which it applies appropriate organizational and technical solutions to counteract violations of its integrity, confidentiality and availability. The measures taken by the Company are aimed at guaranteeing you a sense of security at a level appropriate to the applicable laws, including primarily those set forth in:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter "RODO";
  2. The Act of May 10, 2018 on the protection of personal data;
  3. the Act of July 18, 2002 on the provision of electronic services;
  4. the Act of July 16, 2004. Telecommunications Law;
  5. the Act of May 30, 2014 on consumer rights.

II. ADMINISTRATOR OF PERSONAL DATA

The administrator of your personal data provided to the company under the name 366 CONCEPT sp. z o.o. is 366 CONCEPT sp. z o.o. with its registered office in Warsaw located at: ul. Bagatela 10 lok. 5, 00-585 Warsaw, entered in the Register of Entrepreneurs of the National Court Register under number: 0000886563; registration court: District Court for the Capital City of Warsaw in Warsaw, XII Economic Division of the National Court Register; NIP: 7011023014, REGON no.: 388332069, hereinafter referred to as "Administrator" or "ADO".

The Administrator can be contacted: 

  1. personally at the address: 10 Bagatela St., premises 5, 00-585 Warsaw;
  2. by correspondence at the address: 10 Bagatela St., lok. 5, 00-585 Warsaw;
  3. by e-mail - at: info@366concept.com.

III. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

The Company, as a legal entity whose predominant business activity is the wholesale sale of furniture, carpets and lighting equipment, including those made by means of distance communication, processes your personal data within the meaning of Article 4(1) of the RODO, i.e. any information about an identified or identifiable natural person, i.e. a person who can be identified, directly or indirectly, in particular on the basis of an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person - on the basis of: 

  1. Article 6(1)(a) RODO - when you have consented to the processing of personal data concerning you for a given purpose, and in particular for marketing purposes (e.g., free Newsletter subscription) or to create a personal profile on the Company's Service;

  2. Article 6(1)(b) of the RODO - when it is necessary for the performance of a contract concluded with you or for taking actions prior to its conclusion aimed at its preparation;

  3. Article 6(1)(c) RODO - when the Company is required by law to process certain categories and types of data for legally defined purposes;

  4. Article 6(1)(d) RODO - when necessary to protect the vital interests of the data subject or another natural person;

  5. Article 6(1)(f) RODO - when necessary for the purposes of legitimate interests pursued by the Controller or by a third party.

In the situation of special circumstances requiring the processing of data of a specific person on other legal grounds than those stated above, and in particular requiring the processing of personal data of a special category, i.e.. : revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and processing of genetic data, biometric data for the purpose of unambiguous identification of a natural person or data concerning health, sexuality or sexual orientation of that person (cf. Article 9(1) of the RODO) - the Administrator shall immediately (no later than within one month from the date of commencement of processing of the above data) inform the person about the new legal basis and the specific purpose of processing of his/her data. 

Detailed information about the legal basis / legal grounds for the processing of your personal data by the Company, due to your relationship with the Company - is indicated in the individual information clauses attached to this Policy and listed in Chapter I. titled "Basic Information".

IV. PURPOSES OF PERSONAL DATA PROCESSING

The Company, in the course of its business activities, in order to guarantee the highest possible level of services provided to you - processes your personal data for various purposes, depending on the relationship between you and the Company. 

With the above in mind, the Company processes personal data in relation to:

  1. persons interested in having commercial information sent to them by the Company - in order to send you this information (to provide marketing services, including sending a free Newsletter); 
  2. persons interested in creating their own profile on the Company's Service - in order to enable you to create an account on the Company's Service and ensure its accessibility and functionality of individual modules;
  3. candidates for employment at the Company - in order to enable you to participate in the recruitment process for a vacant position at the Company;
  4. members of staff employed by the Company, whether under employment contract or civil law contracts - in order for you to take up employment with the Company and to ensure that both you and the Company properly exercise your rights and obligations; 
  5. Customers of the Company - in order to prepare, conclude and duly execute agreements between you and the Company and to fulfill the obligations of each Party;
  6. Contractors of the Company - for the purpose of establishing cooperation with you and ensuring its due course, including the fulfillment by each Party of its obligations. 

Detailed information about the purpose(s) of processing your personal data by the Company, due to your relationship with the Company - is indicated in the individual information clauses attached to this Policy and listed in Chapter I. titled "Basic Information".

V. PROCESSING OF PERSONAL DATA ON THE BASIS OF ADO'S LEGITIMATE INTEREST

The Company may process your personal data on the basis of its legitimate interest, i.e. on the basis of Article 6(1)(f) of the RODO, and in particular: to assert or defend against claims; to send you, via e-mail or to transmit by telephone to the e-mail addresses or telephone numbers indicated by you, with your prior consent - commercial information about the activities conducted by the Company; to send you information aimed at improving the functioning of the Service, to lead to a more efficient realization of mutual rights and obligations.

In the situation of processing of your data by ADO on the above-mentioned legal basis - ADO shall immediately inform you about the undertaking of data processing on this basis, specifying the purpose for which it does so.

Information about the processing of your personal data by the Company on the basis of legitimate interest, due to your relationship with the Company - is indicated in the individual information clauses attached to this Policy and listed in Chapter I. titled "Basic Information".

VI. RECIPIENTS OF PERSONAL DATA

The Company, due to its business activities, in order to improve them, cooperates with various entities that may be recipients of your data if it is necessary for the realization of particular rights or obligations incumbent on each Party, and furthermore may be obliged to transfer them to certain authorities, institutions or organizations, if the above is dictated by generally applicable laws. 

It is hereby indicated that the Company may transfer your personal data to entities with which it cooperates, in particular:

  1. entities supporting ADO in the maintenance of IT infrastructure;
  2. entities supporting ADO in the proper execution of settlements and accounting;
  3. entities assisting ADO with insurance coverage;
  4. entities supporting ADO in making deliveries and transporting property;
  5. entities assisting ADO with legal services;
  6. Contractors of the Administrator; 
  7. entities engaged in archiving and data disposal, regardless of their form, 

    and in addition:

  8. banks;
  9. entities or authorities authorized to obtain personal data under the law (including, but not limited to: courts, prosecutors, bailiffs, regulatory and supervisory bodies);
  10. relevant offices and institutions, in particular: tax offices, Social Insurance Institution, etc.

- whereby detailed categories of recipients of your personal data, due to your relationship with the Company - are indicated in individual information clauses attached to this Policy and listed in Chapter I. titled "Basic Information". 

VII. TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EEA OR INTERNATIONAL ORGANIZATIONS

ADO does not intend to transfer the Personal Data processed in its organization to countries outside the European Economic Area (comprising the European Union, Norway, Liechtenstein and Iceland) and to international organizations, subject to the sentence below. 


The ADO may transfer data to a third country or an international organization if the need arises, and in particular to perform a contract with the data subject or with the data subject's express consent. In such a situation, the Administrator will transfer personal data, ensuring an adequate level of protection and applying the relevant laws.

VIII. STORAGE PERIOD OF PERSONAL DATA

The Company processes your personal data only for the period necessary to achieve the purpose of processing or as long as it is necessary in accordance with the law, in particular, until the statute of limitations for possible claims or the expiration of the archiving obligation under the law, including the obligation to keep accounting documents.

In the case of processing of personal data on the basis of your consent, your personal data will be stored until you withdraw it. The withdrawal of your consent to processing will not affect the lawfulness of processing carried out before its withdrawal.


In the case of the processing of your data on the basis of the Administrator's legitimate interests, the ADO will stop processing your data if you object to the processing on the grounds of your particular situation, and there is no validly legitimate basis for processing on the part of the ADO that overrides your interests, rights and freedoms, or the processing of your data is necessary for the establishment, assertion or defense of claims. 


In the event that ADO's legitimate interest in processing your data is direct marketing of services provided by ADO, upon your objection ADO will cease processing your data for this purpose.


Information on the period of processing of your personal data by the Company, due to your relationship with the Company - is also indicated in the individual information clauses attached to this Policy and listed in 

in Chapter I. titled "Basic Information".

IX. RIGHTS UNDER THE RODO REGARDING THE PROCESSING OF PERSONAL DATA

The Company, when processing personal data, shall make every effort to enable you to exercise your full rights, including the right to:

  1. to request from the Administrator access to your own personal data, as referred to in Article 15 of the RODO;
  2. demand from the Administrator to correct erroneously recorded own personal data, in the situation of occurrence of the prerequisites referred to in Article 16 RODO; 
  3. demand from the Administrator to delete your personal data if the prerequisites referred to in Article 17(1) of the RODO have occurred, unless there are circumstances excluding the aforementioned right; 
  4. demand from the Administrator to restrict the processing of his/her own personal data, in case of occurrence of the prerequisites referred to in Article 18(1) RODO;
  5. demand from the Administrator to transfer his/her own personal data, in case of occurrence of the prerequisites referred to in Article 20(1) and (2) RODO; 
  6. to withdraw consent to the processing of one's own personal data for a specific purpose, if such consent has been given and constitutes the legal basis for their processing, with the proviso that this does not affect the legality of data processing before its withdrawal;
  7. lodge a complaint with the President of the Office for Personal Data Protection, in the event that the processing of such personal data is deemed to violate the provisions of the RODO. 

According to Article 21 of the RODO, there are two types of right to object to the processing of personal data, namely, if the Administrator processes personal data: 

  1. on the basis of legitimate interests (i.e., on the basis of Article 6(1)(f) of the RODO), then the data subject may object on grounds related to his or her particular situation, as a result of which the ADO will cease processing such personal data, unless the ADO demonstrates the existence of valid legitimate grounds for processing that are overridden by the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims;
  2. for the purposes of direct marketing, then the data subject may object in any case, as a result of which the ADO will cease processing such personal data for the aforementioned purpose.

In order to exercise the above rights, you may contact the Company: 

  1. in person at the address: 10 Bagatela Street, 5, 00-585 Warsaw;
  2. by correspondence at the address: 10 Bagatela St., lok. 5, 00-585 Warsaw;
  3. by e-mail - at the address: info@366concept.com 

- i.e. in the manner specified in Chapter II titled "Personal Data Administrator".


Information about your rights due to the processing of personal data by the Company, due to your relationship with the Company - is also indicated in the individual information clauses attached to this Policy and listed in Chapter I. titled "Basic Information".

X. VOLUNTARINESS OF PROVIDING PERSONAL DATA

The provision of personal data by you is in any case voluntary, but necessary for the purposes of processing by the Company. Thus, your failure to provide personal data necessary for the realization of a specific purpose, due to your relationship with the Company - may hinder or prevent its realization.


Information about the voluntariness of your provision of certain personal data, due to your relationship with the Company - can also be found in the individual information clauses attached to this Policy and listed in Chapter I. titled "Basic Information".


XI. PROFILING AND AUTOMATED PROCESSING OF PERSONAL DATA

Decisions made towards you by the Company, are not based on automated processing, including profiling. 


Information regarding automated decision-making and profiling, due to your relationship with the Company - is also included in the individual information clauses attached to this Policy and listed in Chapter I. titled "Basic Information".

XII. DATA COLLECTION DURING USE OF THE COMPANY'S SERVICES AND FORMS PROVIDED BY THE COMPANY 

XII.1 General information

The Company hereby informs that in order to improve its business activity and to be open to foreign Clients and Contractors interested in a specific type of services provided by the Company, it has created a Website where each entity may, on a voluntary basis and free of charge, create its own account, manage it and, through it, place orders, make purchases, file complaints and contact the Company. The creation of an account on the Website and the entry of personal data into them, is tantamount to consent to their processing by the Company, except that in order to send commercial information by the Company - it is to obtain a separate consent to the above.

In the course of users' use of the Company's website, and in particular the Service, information about the parameters of the connection (i.e.: time stamp, IP address) may be recorded.

Data of Users of the Seller's Website may be (within the limits of the law) transferred to entities technically performing certain services - in particular, this applies to the transfer of information about the holder of the registered domain to entities that are operators of Internet domains, payment services or other entities with which the operator of the Website in this regard cooperates.

XII.2 Information about cookies 

The Website uses cookies.

Cookies (so-called "cookies") are IT data, in particular text files, which are stored on the Website user's terminal equipment and are intended for use on the Website. Cookies usually contain the name of the website they come from, the time they are stored on the terminal equipment and a unique number.

The entity placing cookies on the Service user's terminal equipment and accessing them is the Administrator.

Cookies are used for the following purposes:

  1. creating statistics, which help to understand how users of the Website use the websites, which allows to improve their structure and content;
  2. maintaining a session of the Users of the Website (after logging in), thanks to which a User does not have to re-enter his/her login and password on each subpage of the Website;
  3. profiling of the Service user in order to display him/her customised materials in advertising networks, in particular the Google network.

The Website uses two main types of cookies: "session" cookies and "permanent" cookies (persistent cookies). "Session" cookies are temporary files that are stored in the Service user's terminal equipment until they log off, leave the website or switch off the software (web browser). "Permanent" cookies are stored on the Service user's terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the user.


Web browsing software (web browser) usually allows cookies to be stored on the Service user's terminal equipment by default. Users may change their settings in this regard. The web browser makes it possible to delete cookies. It is also possible to automatically block cookies. For details, please refer to the help or documentation of the respective web browser.

Restrictions on the use of cookies may affect some of the functionalities available on the Website.

Cookies placed in the Website user's terminal equipment and used may also be used by advertisers and partners cooperating with the Website operator. In view of the above, it is recommended to read the privacy policies of these entities to learn about the rules of using cookies used in statistics: Google Analytics Privacy Policy 


Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the way a user of the Website uses it. For this purpose, they may retain information about the user's navigation path or the length of time they stayed on a particular page.


With regard to information about the User's preferences on the Website collected by the Google advertising network, the User may view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/.

XII.3 Server logs

Information about certain behaviors of users of the Website is subject to logging at the server layer. This data is used exclusively for the administration of the Website and to ensure the most efficient operation of the hosting services provided.

The resources viewed are identified by URLs. In addition, the record may be subject to:

  1. time of arrival of the request,
  2. time of sending the response,
  3. the name of the client's station - identification carried out by the HTTP protocol,
  4. information about errors that occurred during the execution of HTTP transactions,
  5. URL address of a page previously visited by the Customer (referer link) - if the Website was accessed via a link,
  6. information about the Client's browser,
  7. IP address information.

The above data are not associated with specific persons browsing the pages and are used only for server administration purposes.

XII.4 Cookie management - how to give and withdraw consent in practice?

If a person using the Company's website, including the Service - does not want to receive cookies, he/she can change the browser settings, with the exception that disabling cookies necessary for authentication processes, security, maintenance of user preferences may make it difficult, and in extreme cases impossible, to use the websites.

In order to manage cookie settings, the user should select a web browser / system from the list below and follow the instructions:

  1. Internet Explorer;
  2. Chrome;
  3. Safari;
  4. Firefox;
  5. Opera;
  6. Android;
  7. Safari (iOS);
  8. Windows Phone;
  9. Blackberry.

XIII. CHANGES TO THE PRIVACY POLICY

The Administrator, in order to maintain transparency in the area related to its processing of personal data, undertakes to promptly inform you of changes to this Policy.

XIV. FINAL PROVISIONS

If you have any doubts about the Company's processing of data concerning you, please contact the Company as specified in Chapter II titled "Personal Data Administrator". 

Attachments (files for review):

  1. Information clause regarding processing of data of clients of the company under the firm 366 CONCEPT sp. z o.o.
  2. Information clause on processing of personal data of business information recipients, including Newsletter subscribers and users logged in to the Website of the company under the business name 366 CONCEPT sp. z o.o..