Concerned about the security and privacy of your personal data, KAMOKA SP. Z O.O. (KAMOKA Limited Liability Company) maintains this Privacy Policy. KAMOKA SP. Z O.O. is the owner of the websites: kamoka.pl, webcatalogue.kamoka.pl, orders.kamoka.pl, reklamacje.kamoka.pl, 7years.kamoka.pl and their versions in other language versions (hereinafter: the Services), as well as mobile applications designed to be installed on a mobile device with the Android or iOS operating system, including the KAMOKA catalog mobile application (webCataloge).

The Privacy Policy is a set of principles and rules regarding the protection of information, including personal data of Clients/Contractors, representatives of Contractors and other persons entrusting us with their personal data, including users of the Services and mobile applications (hereinafter: The User).

CONTROLLER OF PERSONAL DATA

1. The Controller of the personal data is KAMOKA SP. Z O.O. with its registered office in Warsaw, ul. Wenecka 12, 03-244 Warsaw (hereinafter : the Controller or KAMOKA), entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 14th Economic Department of the National Court Register under the number. KRS: 0001016747, Tax ID No. NIP: 5213581408, Business Statistical No. REGON: 142603777.

2. Contact with the Controller in matters related to the protection of personal data is possible through the Controller's registered office address indicated above, e-mail address office@kamoka.eu, as well as through the contact form available at https://kamoka.pl/pl/contact.

3. The Controller has appointed a Data Protection Officer, who can be contacted at e-mail address: office@kamoka.eu or by mail at the Controller's registered office address indicated above.

4. The Controller shall carry out the processing of Users' personal data in accordance with the law, including in particular on the basis of Article 6 (1) (a), (b), (c) and (f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR), the Law of May 10, 2018 on the protection of personal data, the Act of July 18, 2002. on the provision of electronic services, and the Act of July 16, 2004. Telecommunications Law.

SCOPE, PURPOSE AND LEGAL BASIS OF PERSONAL DATA PROCESSING

Depending on the User, the manner and the purpose of data transfer, KAMOKA may process personal data within the following scope, purposes and legal grounds for processing personal data as specified below:

1. Use of the Services

The Controller may process personal data of Users visiting the Services to the extent of data that is transmitted by the User's browser, necessary for technical reasons to display the Services and ensure their safe and stable operation.

This may include the following information: the User's IP address, login data, version of the operating system, information about the status of virtualization and related applications, version of the software used by the User, hardware data of the User's computer. Acquisition of the aforementioned information is carried out through various types of technologies, including cookies, details of which are provided in this Privacy Policy.

2. Contacting the Controller through the "Ask online" form, other contact forms available on the Services and mobile applications, or through the Controller's other contact information

The Controller processes personal data of Users who contact the Controller via the "Ask online" form, other contact forms available on the Services or mobile applications, or via the Controller's other contact information. Personal data is processed in order to respond to Users' inquiries or to take other actions by the Controller resulting from the received inquiry. The personal data that will be processed for this purpose may include, in particular, name, surname, e-mail address, telephone number and other personal data provided in the content of the "Ask online" form or as part of an inquiry submitted through other contact forms available on the Services or mobile applications or contact data, including through e-mail contact or telephone contact.

Providing personal data is voluntary, but necessary in order to send an inquiry to the Controller and receive a response to the inquiry or for the Controller to take other actions resulting from the received inquiry.

The legal basis for processing personal data in connection with directing correspondence to the Controller that is not related to services provided to the User or any other agreement concluded with the User, will be the Controller's legitimate interest in responding to inquiries, directing inquiries, as well as ensuring the quality of cooperation with interested persons (Article 6(1)(f) GDPR). The legal basis for the processing of personal data in connection with directing correspondence to the Controller that is not related to the services provided to the User or any other contract concluded with the User, will be the Controller's legitimate interest in responding to inquiries, addressing inquiries, as well as ensuring the quality of cooperation with the persons concerned (Article 6(1)(f) GDPR).

If by filling out the "Ask online" form or any other form accessed on the Website or mobile applications, or by contacting the Controller via other contact data, personal data is provided that cannot be processed by the Controller on the basis of the Controller's legitimate interest or for the purpose of performing a contract or taking action prior to concluding a contract, the legal basis for its processing will be the voluntarily expressed consent (Article 6(1)(a) GDPR), which is expressed by the User sending a message and can be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.

3. Newsletter

The Controller processes the personal data of Users who have given their consent in order to carry out the Controller's marketing activities related to the sending of the Newsletter.
Personal data that will be processed for this purpose may include first name, last name, e-mail address.

Subscribing to the Newsletter means that the User consents to the Controller's sending marketing and commercial information by means of electronic communication within the meaning of the Electronic Services Act.

Providing personal data is voluntary, but necessary in order to receive the Newsletter.

The legal basis for the processing of personal data in this case will be voluntarily given consent (Art. 6(1)(a) GDPR), which can be revoked at any time and thus unsubscribed from the Newsletter by contacting the Controller at the contact details provided above or by clicking on the link in the message containing marketing or commercial information related to the Newsletter ("unsubscribe/subscribe" link). Withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.

4. Telemarketing activities – sending marketing information by phone, SMS.

The Controller processes personal data of Users who have given their consent in order to carry out the Controller's marketing activities related to telemarketing activities, i.e. sending marketing information by telephone, via SMS, to the telephone number provided by the User. Personal data that will be processed for this purpose may include first name, last name, phone number.

Provision of personal data is voluntary, but necessary in order to receive marketing information by phone, by SMS.

The legal basis for the processing of personal data in this case will be voluntarily given consent (Article 6(1)(a) of the GDPR and Article 172(1) of the Telecommunications Law), which can be revoked at any time by contacting the Controller at the contact details provided above or by informing the Controller during a telephone call. Withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.

5. Sending commercial information by e-mail

The Controller processes personal data of Users who have given their consent in order to carry out the Controller's marketing activities by sending marketing or commercial information via the e-mail address provided by the User. Personal data that will be processed for this purpose may include first name, last name, e-mail address.

Providing personal data is voluntary, but necessary in order to receive commercial or marketing information from the Controller.

The legal basis for data processing in this case will be voluntarily given consent (Article 6(1)(a) GDPR), which can be revoked at any time by contacting the Controller at the contact details provided above. Withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.

6. Organization of workshops/training sessions

The Controller processes personal data on the basis of consent for the purpose of conducting workshops/training courses. The personal data that will be processed for this purpose may include first name, last name, email address, telephone number and other data required for the workshop/training.

Provision of personal data is voluntary, but necessary in order to participate in the workshop/training.

The legal basis for data processing in this case will be voluntarily given consent (Article 6(1)(a) GDPR), which can be revoked at any time by contacting the Controller at the contact details provided above. Withdrawal of consent does not affect the lawfulness of processing that was carried out on the basis of consent before its withdrawal.

Personal data will also be able to be processed regardless of the consent given, in connection with the investigation/defense of claims on the basis of Article 6(1)(f) of the GDPR, which is the legitimate interest of the Controller.

7. Recruitment processes

The Controller may process Users' personal data related to the Controller's recruitment processes, including for future recruitment based on relevant consents. The personal data that will be processed for this purpose may include data indicated in the content of the submitted application documents.

If the preferred form of employment is an employment contract - personal data provided in the recruitment process within the scope of Article 22 (1) § 1 of the Labor Code will be processed by the Controller on the basis of Article 6 (1) (b) and (c) of the GDPR in order to carry out the recruitment process, as the processing is necessary to fulfill a legal obligation incumbent on the Controller. Personal data provided in the recruitment process beyond the scope specified in Article 22 (1) § 1 of the Labor Code will be processed by the Controller on the basis of the consent referred to in Article 6 (1) (a) of the GDPR. The processing of personal data for future ongoing recruitments shall be based on the consent referred to in Article 6 (1) (a) GDPR. If the preferred form of employment is a civil law contract - the legal basis for the processing of data contained in the application documents is to take action prior to the conclusion of a contract at the request of the data subject pursuant to Article 6(1)(b) of the GDPR.

Personal data will also be able to be processed regardless of the consent given, in connection with the investigation/defense of claims on the basis of Article 6(1)(f) of the GDPR, which is the legitimate interest of the Controller.

Providing personal data specified in Article 22 (1) § 1 of the Labor Code is voluntary, but necessary to participate in the recruitment process. Failure to provide the personal data specified in Article 22 (1) § 1 of the Labor Code will result in the inability to participate in the
in the recruitment process. Providing personal data beyond the scope specified in Article 22 (1) § 1 of the Labor Code and giving consent to the processing of personal data in this connection is voluntary and is not a condition for participation in the recruitment process.

8. Video surveillance

The Controller processes Users' personal data in order to ensure the security of persons and property through video surveillance used on the premises managed by the Controller. In particular, video surveillance is used at the Controller's premises. Personal data from video surveillance includes image data and vehicle registration number.

Provision of personal data is voluntary, but necessary to stay on the Controller's premises. Failure to provide personal data will prevent entry/entry to the Controller's facilities covered by video surveillance.

Personal data recorded by the video surveillance system will be processed on the basis of Article 6(1)(c) of the GDPR in order to fulfill the Controller's legal obligation under Article 22 (2) of the Labor Code, as well as for purposes arising from the Controller's legitimate interest under Article 6(1)(f) of the GDPR, i.e. to ensure security, property protection, production control, and to maintain the secrecy of information the disclosure of which could expose the Controller to harm, and to establish, assert and defend claims.

9. Performance of the contract and handling of complaints

The Controller may process Users' personal data for purposes related to the provision of services and performance of contracts, including in connection with orders placed by Users (including orders placed through orders.kamoka.pl) or for the purposes related to the processing of reported complaints, including complaints reported through orders.kamoka.pl or equivalent pages available in other language versions. The scope of personal data that will be processed for these purposes depends on the scope of the inquiry/order/complaint submitted and may include personal data of the Controller's Client, as well as personal data of the Controller's Contractor's representative and other entities purchasing KAMOKA products.

Providing personal data is voluntary, but necessary in order to provide services or perform the contract, including placing an order or reporting a complaint.

Personal data will be processed in order to conclude and/or execute the contract or to take actions before concluding the contract (Art. 6 par. 1 lit. b) GDPR), to fulfill the Controller's obligations under accounting and tax laws related to the necessity of issuing accounting documents and bookkeeping, and to handle complaints (Art. 6(1)(c) GDPR) and on the basis of the Controller's legitimate interest, which is to confirm the fulfillment of obligations and to assert or defend against claims that may be made against the Controller (Art. 6(1)(f) GDPR).

10. Collection of personal data in the context of business contacts

In connection with the Controller's business activities, the Controller also collects personal data in other cases, including during business meetings or by exchanging business cards.

Personal data is collected for the purposes of initiating, maintaining and networking business contacts, based on the Controller's legitimate interest in accordance with Article 6(1)(f) of the GDPR.

Provision of data is voluntary, but necessary in order to establish business contact.

11. Processing of personal data of staff members of Contractors or Customers cooperating with the Controller

In connection with the conclusion of contracts in the course of its business activities, the Controller obtains from Contractors/Customers personal data of persons involved in the execution of these contracts, including contact persons, persons authorized to place orders, subcontractors. The scope of the processed personal data of Contractors/Customers' personnel is limited to the extent necessary for the performance of the contract and usually includes first name, last name, business contact information.

Provision of data is voluntary, but necessary for the performance of the contract. The source of acquisition of personal data in this case is the Client/Contractor for whom the staff member provides work or services, or directly the Client/Contractor's staff member.

The personal data will be processed on the basis of the Controller's legitimate interest (Article 6(1)(f) GDPR), related to enabling the proper and effective performance of the contract.

12. Extended Warranty program 7 years

The Controller may process Users' personal data for purposes related to the User's participation in the Extended Warranty 7 Year Program available at 7years.kamoka.pl.

The scope of personal data that will be processed for these purposes is determined by the content of the application form and may include personal data of the Controller's Customer, as well as personal data of the Controller's Contractor/Customer representative and other entities purchasing KAMOKA products covered by the aforementioned Program.

Providing personal data is voluntary, but necessary in order to join the Extended Warranty 7 Year Program.

Personal data will be processed for purposes related to the organization of the Program, i.e. for the purpose of accepting applications to the Program, determining the right to participate in the Program, granting an additional warranty for KAMOKA products covered by the above-mentioned Program, communicating on matters related to participation in the Program, processing potential complaints, and fulfilling legal obligations incumbent on the Controller under the law in connection with the organization of the Program, including accounting and tax obligations (art. 6(1)(b) and (c) of the GDPR) and on the basis of the Controller's legitimate interest, which is to confirm the fulfillment of obligations and to assert or defend against claims that may be directed against the Controller (Art. 6(1)(f) of the GDPR).

13. Distributor Zone

The Controller may process the data of Users who are Distributors for purposes related to the Users' use of the Distributor Zone available at https://kamoka.pl/pl/signup which allows access to news and regulations.

The scope of personal data that will be processed for these purposes is derived from the content of the Distributor Zone enrollment form and may include personal data of the Distributor, as well as personal data of the Distributor's representative and other entities designated by the Distributor.

Providing personal data is voluntary, but necessary in order to enroll and access the Distributor Zone.

The personal data will be processed for the purpose related to the use of the Distributor Zone, i.e. for the purpose of accepting applications for access to the Distributor Zone, establishing the right to access the Distributor Zone, communicating on matters related to the use of the Distributor Zone, processing possible complaints, and fulfilling the Controller's