DATA PRIVACY POLICY

PRIVACY POLICY
(maro.eu)

§1. Data Controller

The personal data controller is Fabryka Mebli Biurowych MARO sp. z o.o. with its registered office at: 62-052 Komorniki, ul. Fabianowska 100, Poland, entered in the Register of Entrepreneurs kept by the District Court of Poznań Nowe Miasto and Wilda in Poznań, 8th Commercial Division, under KRS number: 0000107965, NIP: PL5992575691 (hereinafter: “MARO”).

§2. Purpose of personal data processing

1. The Controller processes the User’s personal data for the purpose of:
   1. concluding and performing a sales agreement (executing the order), including handling complaints, as well as for direct marketing of its own products and services carried out in a traditional form (paper), which constitutes the Controller’s legitimate interest. Data for these purposes will be processed on the basis of Art. 6(1)(b), (c) and (f) GDPR. With separate consent, on the basis of Art. 6(1)(a) GDPR, the data provided may also be processed for the purpose of:
   2. making telephone calls for the purpose of direct marketing of the Controller’s products and services – pursuant to Art. 172(1) of the Telecommunications Law of 16 July 2004,
   3. establishing electronic contact via e-mail and SMS for the purpose of sending the Controller’s commercial information, within the meaning of Art. 10 of the Act on the Provision of Electronic Services of 18 July 2002,
   4. making telephone calls for the purpose of marketing the products and services of entities cooperating with the Controller – pursuant to Art. 172(1) of the Telecommunications Law of 16 July 2004,
   5. establishing electronic contact via e-mail and SMS for the purpose of sending commercial information of entities cooperating with the Controller, within the meaning of Art. 10 of the Act on the Provision of Electronic Services of 18 July 2002,
   6. expressing a Customer opinion – Art. 6(1)(a) GDPR (“consent of the data subject”).

   Retention period: Data is stored until the consent is withdrawn by the data subject.

2. This means that the data is in particular necessary for:
   1. registering on the website;
   2. concluding an agreement;
   3. settlements;
   4. delivering the goods ordered by the User or provision of services;
   5. after-sales customer service;
   6. the User’s exercise of consumer rights (warranty).
3. The User may also consent to receiving information about news and promotions – in such a case the Controller also processes the data in order to send commercial information (e.g. new products, services, promotions, sales).
4. Personal data is also processed as part of fulfilling legal obligations incumbent on the Controller (e.g. tax documentation, tasks in the public interest related to security and defense).
5. Personal data may also be processed for the purposes of direct marketing of products, securing and pursuing claims, protecting against claims of the User or third parties, as well as marketing of services and products of third parties or the Controller’s own marketing not constituting direct marketing.

§3. Type of data

The Controller processes the following personal data:

1. when registering on the website:
   • first and last name,
   • e-mail address.
2. when making purchases via the website:
   • first and last name,
   • delivery address,
   • phone number,
   • e-mail address.
3. optional data provided by the User:
   • VAT number (for invoice),
   • company name.

§4. Legal basis for personal data processing

1. Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
2. MARO processes personal data after obtaining the User’s consent, given at the time of registration or confirmation of the transaction.
3. Providing consent is voluntary, but lack of consent makes it impossible to register and make purchases on the website.

§5. Rights of the user

1. The right to obtain information on the scope of data processing.
2. The right to correct or rectify data (independently after logging in).
3. The right to withdraw consent to data processing – partially or fully.
4. The right to request deletion of personal data.
5. The right to object to data processing.
6. The right to restrict data processing (temporarily or to a specified extent).
7. The right to lodge a complaint with the supervisory authority – in Poland, the President of the UODO.

§6. Personal data retention period

1. Personal data is stored as long as necessary to fulfill contractual or statutory obligations.
2. The Controller may retain archival data regarding transactions in connection with claims.
3. If no agreement has been concluded, personal data is stored until the User’s account is deleted or consent is withdrawn.

§7. Entrusting the processing of data to other entities

1. The Controller may entrust data to cooperating entities (e.g. suppliers, marketing partners) to the extent necessary to perform transactions.
2. Except for the purposes indicated, data will not be shared with third parties for marketing purposes.
3. Data is not transferred outside the European Union.
4. This Privacy Policy complies with Art. 13(1) and (2) GDPR.

§8. Cookies

1. The website uses cookies or similar technology (hereinafter collectively referred to as "cookies") to collect information about the User’s access to the website (e.g. via computer or smartphone) and their preferences. They are used, among other things, for advertising and statistical purposes and to tailor the website to the individual needs of the User.
2. Cookies are pieces of information containing a unique reference code that the website sends to the User’s device to store and sometimes track information regarding the device used. They usually do not allow the User to be identified. Their main purpose is to better tailor the website to the User.
3. Some cookies on the website are available only for the duration of a given session and expire after closing the browser. Other cookies are used to remember the User, who is recognized when returning to the website. They are then retained for a longer period.
4. Cookies used on this website include:
   1. Necessary cookies – required for the site to function properly; they enable, among other things, maintaining the User’s session, proper display of the site, and remembering the User’s choices that are technically relevant to the functioning of the site (e.g. language).
   2. Functional cookies – used to improve the functioning of the site and tailor it to the User’s needs, including remembering choices made.
   3. Analytical cookies – used to measure the effectiveness of actions and improve the functioning of the site, including analyzing traffic statistics and traffic sources, without identifying personal data.
   4. Advertising cookies – installed on the User’s device only with consent; they enable profiling and displaying ads tailored to the User’s preferences on external websites.
   5. Analytical and marketing cookies (Albacross) – we use the Albacross service (Albacross Nordic AB, Kungsgatan 26, 111 35 Stockholm, Sweden). This service enables the identification of companies visiting our website for B2B marketing and sales purposes. Albacross collects information about the use of our site, such as IP address, visited subpages, or time of visit. These data may be combined with information from public sources and business databases to allow us to reach potential business customers. The legal basis for processing is the Controller’s legitimate interest (Art. 6(1)(f) GDPR). The User may object to the processing at any time or obtain more information about the Albacross privacy policy at: https://albacross.com/privacy-policy.

   If the User consents to marketing cookies, MARO may use information about the User’s behavior on MARO websites to tailor advertisements. The User may change consent settings at any time or delete cookies from their device.

   For online advertising, we use, among others, Google Marketing Platform and Google Ads, which use their own cookies.

5. All cookies on the website are set by the Controller or trusted partners, in accordance with applicable European Union law.
6. The User may change preferences regarding acceptance of cookies in browser settings or use the consent management mechanism available on the website.
7. Blocking or deleting cookies may prevent full use of the website.
8. Cookies may be used for essential session management, including: (a) creating login sessions, (b) recognizing returning Users, (c) recognizing whether a visitor is registered, (d) recording technical information (e.g. IP address, browser) to diagnose problems and administer the service, (e) customizing the layout and content of the site, (f) collecting statistical information about site usage.