§1. Personal data controller

The Controller of your personal data is Fabryka Mebli Biurowych MARO sp. z o.o. with the registered office in: 62-052 Komorniki, ul. Fabianowska 100, Poland, entered into the register of entrepreneurs kept by the District Court Poznań-Nowe Miasto i Wilda, the 8th Commercial Division, under KRS number: 0000107965, NIP [Taxpayer’s Identification Number]: PL5992575691 (hereinafter referred to as: “MARO").

§2. Purpose of personal data processing

1. The Controller processes User’s personal data to:

a) conclude and perform sales agreements (fulfil orders), including to review submitted complaints and undertake direct marketing actions concerning Controller’s own products and services in traditional (paper) form, which shall constitute the Controller’s legitimate interests. The data shall be processed for the aforementioned purposes pursuant to Article 6(1)(b)(c) and (f) of the GDPR. If a separate consent has been granted, pursuant to Article 6(1)(a) of the GDPR, the provided data may be also processed to:
b) make telephone calls for the purpose of direct marketing of the Controller’s products and services - under Article 172 (1) of the Law of 16 July 2004 - the Telecommunications Law,
c) initiate contacts electronically, by e-mail or text message, to disseminate the Controller’s commercial information, in the meaning of Article 10 of the Law on the provision of electronic services of 18 July 2002 (Journal of Laws of 2013, item 1422 as amended),
d) make telephone calls for the purpose of promotional marketing of the products and services offered by the partners of the Controller - under Article 172 (1) of the Law of 16 July 2004 -  the Telecommunications Law,
e) initiate contacts electronically, by e-mail or text message, to disseminate commercial information of the partners of the Controller, in the meaning of Article 10 of the Law on the provision of electronic services of 18 July 2002 (Journal of Laws of 2013, item 1422 as amended).
f) Customer feedback [under] Article 6(1)(a) of the Regulation (the “consent of the data subject”)
Storage period: The data is stored until the data subject withdraws the consent for further data processing for a given purpose.

2. It means that that such data is needed in particular to

a) register an account on the website;
b) conclude an agreement;
c) make paymants;
d) deliver the goods ordered by the User or to provide services;
e) provide the after-sales support;
f) enjoy consumer's rights (warranty) by the User;

3. The User may also grant their consent for receiving information about new products and special offers, as a result of such a consent the Controller shall also process the User’s personal data for the purpose of sending commercial information about e.g. new products and services, special offers and sales to the User.

4. Personal data is also processed to meet legal obligations imposed upon the Controller and to perform public utility tasks related to safety and defense or to keep tax records.

5. Personal data may also be processed for the purpose of direct marketing of products, for the purpose of securing and pursuing claims or defending the Controller against any claims that the User or third parties may have, as well as for the purpose of promotional marketing of services and products of third parties or for the promotional marketing of the Controller's own services and products, other than direct marketing.

§3. Type of data

1. The Controller shall process the following personal data, the provision of which is necessary to:

a) register an account on the website:

- first and last name;
- e-mail address;

b) make purchases on the website:

- first and last name;
- delivery address;
- telephone number;
- e-mail address

c) Data optionally provided by the User:

- NIP [Taxpayer’s ID] number (if an entrepreneur requests an invoice for the purchased items)
- Business name

§4. Legal basis for personal data processing 

1. The personal data is processed in accordance with the Regulation of the European Parliament and Council (EU) No. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Processing Regulation), Official Journal of the European Union L no. 119, 4.5.2016, pages 1–88, hereinafter referred to as: the “GDPR”.

2. MARO processes personal data only after obtaining the User’s consent, expressed upon registration on the website or at the time when an on-line transaction is confirmed by the User.

3. The consent for the processing of personal data is voluntary, however, it is necessary for the registration of an account on the website or for making purchases on-line.

§5. User's right

1. The User may request provision by MARO of the information about the scope of their personal data processing at any time.

2. The User may request correction or rectification of their personal data at any time. The User can make relevant data corrections or rectifications by themselves, after logging into their account.

3. The User may withdraw their consent for the processing of their personal data at any time, without any reason. A request for cessation of the personal data processing may refer to a particular purpose indicated by the User, e.g. withdrawal of consent for receiving commercial information, or to all purposes of personal data processing. If the consent is withdrawn for all purposes of data processing, the User’s account will be deleted from the website, together with all User’s personal data, previously processed by the Data Controller. The withdrawal of consent shall not affect acts that have already been performed.

4. The User may request the deletion of their data by the Controller at any time. The request of data deletion shall not affect acts that have already been performed. Deletion of the User’s data shall be tantamount with deletion of the User’s account, with all the personal data saved and processed so far by the Controller.

5. The User may file an objection against personal personal data processing at any time, such an objection may relate to all User’s personal data processed by the Controller or to a certain scope of personal data, e.g. data processed for a particular purpose. The objection shall not affect acts that have already been performed. Filing an objection shall result in the deletion of the User’s account, with all the personal data saved and processed so far by the Controller.

6. The User may request the limitation of the processing of their personal data, for a specified or unspecified time period, however, in a particular scope only, and the Controller shall be obliged to comply with such a request. The request shall not affect acts that have already been performed.

§6. Period of personal data storage

1. Personal data is basically stored as long as it is necessary for the fulfilment of any contractual or statutory obligations, for the purpose of which the data has been collected. The data shall be deleted immediately when their storage is no longer necessary for evidence purposes under the provisions of the civil code or under the statutory requirement of data storage.

2. Moreover, the Data Controller may store archival data on concluded transactions, because its storage concerns claims that the User is entitled to pursue.

3. If no agreement has been concluded between the User and MARO, the User’s personal data is stored until the User’s account is deleted from the website. The account may be deleted if the User so requests, if the User withdraws their consent for personal data processing or files an objection against their data processing.

§7. Data processing by third parties

1. The Controller may entrust personal data processing with entities cooperating with the Controller, in the scope that is necessary for completion of a given transaction, e.g. for the order picking and delivery or for provision the commercial information originating from the Controller.

2. Users’ personal data shall not be disclosed to any third parties or provided to other entities for the purposes other than those specified in this Data Privacy Policy or for the purpose of disseminating promotional marketing materials of such third parties.

3. Personal data of the website Users may not be transferred outside of the European Union.

4. This Data Privacy Policy complies with the provisions of Article 13(1) and (2) of the GDPR.

§8. Cookies

1. The website uses cookies or similar technology (hereinafter jointly referred to as: the “cookies”) to collect data about the User’s access to the website (e.g. via a computer or a smartphone) and about the User’s preferences. Such data is used, e.g. for advertising and statistical purposes, and for the adjustment of the website to the User’s individual needs.

2. Cookies are small blocks of data which include a unique reference code that a website transfers to the User’s device to store and sometimes track the information about the User’s device. The data stored by these cookies typically do not show personal details from which the User’s identity can be established. Cookies highlight areas where the website can be improved to better meet the User’s expectations.

3. A number of cookies last only for the duration of your web session (“session cookies”) and expire when you close your browser. Other cookies are used, for example, to remember the User when they return to the website. and will last for longer (“persistent cookies”) .

4. The following types of cookies are used on this website:

a) Marketing cookies - these cookies collect information about your browsing habits in order to make advertising more relevant to you and your needs.
b) Analytical cookies – these cookies collect anonymous information on how people use this website, e.g. which are the most frequently visited pages.
c) Functional cookies - these cookies remember choices you make and your preferred contents to provide you with an experience more appropriate to your selections.
d) Essential cookies - these cookies are necessary for a website to function correctly (basic functionalities), therefore, they cannot be switched off.


5. All cookies on the website are set by the Controller.

6. All cookies on this website comply with the applicable laws of the European Union.

7. The User may change their cookie preferences by accepting only cookies of their choice or change the browser to get a relevant notification each time when cookies are set on a given website. To change the cookie settings, adjust the settings in your browser.

8. Please note that disabling or removing cookies will affect the functionality of the website and may prevent you from being able to access certain features on the website.

9. One of the most common ways to implement session management is by using cookies, this shall include:

a) Creation of special login session for the website User, to allow the website to remember the logged in User and to transfer the User’s requests effectively, safely and coherently;
b) Identification of a User who has visited the website before, which allows to identify the number of the unique website users visiting the site again, this information will allow the website owner to find out if the website has the right capacity for the number of new users;
c) Identification whether a website visitor is a registered user or not;
d) Session recordings that will track data from the User’s device, including: cookies, IP address and the browser used for the purpose of problem diagnosis, recording and tracking the User’s behavior on the website;
e) Adaptation of the graphics or contents of the website;
f) Collection of statistical data about how the User uses the website in order to improve the website and to identify which sections of the website generate the highest traffic.