1. pl
  2. en
  1. pl
  2. en

Privacy Policy

INFORMATION REGARDING DATA PROCESSING

PICTOPLAN Oliwia Chłopek

 

§ 1 Information regarding the processing of personal data contained in electronic correspondence

I [Data Administrator]

  1. Oliwia Chłopek, running a business under the name PICTOPLAN, entered into the Central Register and Information on Business Activity kept by the minister responsible for economy, with the Tax Identification Number (NIP): 6322039494, National Business Registry Number (REGON): 540750562, is the controller of the data of the recipients and senders of electronic messages.

  2. You can contact the data administrator:

  1. at the correspondence address: ul. Filomatów 15B, 43-600 Jaworzno

  2. at the e-mail address: biuro@pictoplan.com.pl

  3. by phone: +48 792 805 800.

II [Purposes and duration of personal data processing]

  1. The Administrator processes contact information about senders and recipients of e-mail correspondence , contained in the content of this correspondence, for the purpose of:

  1. enabling e-mail contact with the administrator and contacting the recipients;

  2. documenting arrangements made with clients, contractors and other persons;

  3. receiving letters, notifications and applications in electronic form, e.g. complaints, claims and other applications;

  4. protection against claims and the pursuit of possible claims.

  1. Correspondence is stored for one year, unless the messages contain content relevant to the pursuit of claims or defense against claims, in which case selected messages will be stored for up to 3 years, i.e. until the expiry of the limitation period for claims in accordance with the Civil Code.

III [Legal basis for personal data processing]

The legal basis for processing data contained in e-mail correspondence is:

  1. the legitimate interest of the data controller and the senders of electronic messages (Article 6(1)(f) of the GDPR) – in relation to incidental correspondence, consisting in enabling electronic contact with the controller;

  2. necessity for the performance of a contract concluded with our clients or contractors (Article 6, paragraph 1, letter b of the GDPR) in the scope of correspondence conducted for the purpose of performing the contract;

  3. Voluntarily expressed consent – if the correspondence sent includes special category data. If the sender has not provided consent in their correspondence, we will request it separately, as this is a necessary condition for our processing of special category data in accordance with the GDPR. You may withdraw your consent at any time without providing a reason, but this will not affect the lawfulness of processing prior to its withdrawal;

  4. Voluntarily expressed consent through a clear affirmative action – if the sender of a message requests information regarding the controller's brand, products, or services, the response provided to the sender will contain the information requested by the sender, and sending the inquiry will constitute consent for the controller to send commercial information to the sender at the email address provided by the sender, to the extent necessary to provide a response (Article 10 of the Act on Providing Services by Electronic Means); the expressed consent may be withdrawn at any time without giving any reason, but commercial information sent after the inquiry has been sent and before the withdrawal of consent will be sent in accordance with the law; withdrawal of consent may prevent the full response to the inquiry. Consent to the processing of special categories of data is therefore voluntary, informed, and separate;

  5. the legitimate interest of the controller consisting in pursuing claims or defending against claims, in accordance with generally applicable legal provisions, in particular the Civil Code (Article 6 paragraph 1 letter f and Article 9 paragraph 2 letter f of the GDPR).

IV [Recipients of personal data]

The Controller may disclose the content of correspondence solely for the purpose of pursuing its claims in the course of the proceedings and to entities cooperating with the Controller on the basis of written personal data processing agreements, in order to perform the tasks and services specified in the agreement for the Controller, in particular in the field of electronic or traditional mail handling, hosting, IT services, debt collection, legal or advisory services, and administrative services.

V [Rights of persons whose personal data are processed]

  1. Every data subject has the right to:

  1. Access – obtaining confirmation from the controller as to whether their personal data are being processed. If data about an individual is being processed, they are entitled to access it and obtain the following information: the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the data storage period or the criteria for determining them, the right to request rectification, erasure, or restriction of processing of personal data, and to object to such processing (Article 15 of the GDPR);

  2. to receive a copy of the data – to obtain a copy of the data being processed, the first copy being free of charge, and for subsequent copies the controller may charge a reasonable fee based on administrative costs (Article 15, paragraph 3 of the GDPR);

  3. to rectify – to request the rectification of personal data concerning you that are incorrect or the completion of incomplete data (Article 16 of the GDPR);

  4. to delete data – request the deletion of your personal data if the controller no longer has a legal basis for processing them or the data are no longer necessary for the purposes of processing (Article 17 of the GDPR);

  5. to restrict processing – request to restrict the processing of personal data (Article 18 of the GDPR), when:

  1. the data subject questions the accuracy of the personal data – for a period enabling the controller to check the accuracy of the data,

  2. the processing is unlawful and the data subject opposes their deletion, requesting the restriction of their use,

  3. the controller no longer needs the data, but the data subject needs it to establish, pursue or defend legal claims,

  4. the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds for objection of the data subject;

  1. to transfer data – to receive personal data concerning him/her, which he/she has provided to the controller, in a structured, commonly used and machine-readable format, and to request that these data be transmitted to another controller, if the data are processed on the basis of the data subject’s consent or a contract concluded with him/her and if the data are processed by automated means (Article 20 of the GDPR);

  2. To object – to object to the processing of their personal data for the legitimate purposes of the controller, for reasons relating to their particular situation, including profiling. In such a case, the controller assesses the existence of compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subjects, or grounds for establishing, pursuing, or defending legal claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the controller will be obliged to cease processing the data for these purposes (Article 21 of the GDPR);

  3. to withdraw consent at any time and without providing any reason, but the processing of personal data carried out prior to the withdrawal of consent will continue to be lawful. Withdrawal of consent will result in the controller no longer processing personal data for the purpose for which consent was given.

  4. to lodge a complaint - the data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office in Warsaw, ul. Stawki 2.

  1. In order to exercise the aforementioned rights, the data subject must contact the controller using the contact details provided and inform him/her which right he/she wishes to exercise and to what extent.

§ 2 Information on the processing of personal data for customers and contractors

I [Data Administrator]

  1. Oliwia Chłopek, running a business under the name PICTOPLAN, entered into the Central Register and Information on Economic Activity kept by the minister responsible for economy, with the Tax Identification Number (NIP): 6322039494, National Business Registry Number (REGON): 540750562, is the controller of personal data of contractors and customers.

  2. You can contact the data administrator:

  1. at the correspondence address: ul. Filomatów 15B, 43-600 Jaworzno

  2. at the e-mail address: biuro@pictoplan.com.pl

  3. by phone: +48 792 805 800.

II [Purposes, legal basis and data processing period]

The personal data of contractors will be processed by the controller for the following purposes:

  1. performance of the contract – to the extent necessary to perform the contract (Article 6, paragraph 1, letter b of the GDPR) – for the period of cooperation;

  2. making settlements of the performance of the contract between the parties, including making payments – to the extent necessary to perform the contract (Article 6, paragraph 1, letter b of the GDPR) – for the period of cooperation;

  3. fulfilling obligations related to the enforcement of claims – in order to fulfill obligations related to the enforcement of receivables arising from the Code of Civil Procedure, the Act on Enforcement Procedure in Administration, the Act on Court Bailiffs (Article 6, paragraph 1, letter c of the GDPR) – for 3 years from the last deduction;

  4. fulfilling accounting obligations – in order to fulfill the obligations arising from the Accounting Act (Article 6, paragraph 1, letter c of the GDPR) – for 5 years from the end of the year in which the event occurred;

  5. fulfillment of tax obligations – in order to fulfill obligations arising from tax regulations, in particular the Tax Ordinance, the Corporate Income Tax Act, the Goods and Services Tax Act (Article 6, paragraph 1, letter c of the GDPR) – for 5 years from the end of the tax year;

  6. pursuing claims or defending against claims – in order to pursue the legitimate interest of the controller consisting in asserting its property or non-property rights or protecting against claims against the controller, in accordance with general provisions, in particular the Civil Code (Article 6, paragraph 1, letter f of the GDPR) – for 3 years from the end of cooperation.

III [Data recipients]

  1. The Administrator shares personal data of contractors and customers in the following cases:

  1. when such an obligation results from the provisions of applicable law, including to the National Tax Administration, court bailiffs, other state authorities;

  2. postal operators, courier companies.

  1. In addition, personal data of contractors and customers may be disclosed to entities processing on behalf of the controller, on the basis of a concluded personal data processing agreement, in order to provide the services specified in the agreement, e.g.:

  1. ICT services such as hosting, provision or maintenance of IT systems;

  2. accounting services;

  3. traditional mail handling, reception;

  4. legal and advisory services.

IV [Rights of persons whose personal data are processed]

  1. Every data subject has the right to:

  1. Access – obtaining confirmation from the controller as to whether their personal data are being processed. If data about a person is being processed, they are entitled to access it and obtain the following information: the purposes of processing, the categories of personal data, information about the recipients or categories of recipients to whom the data has been or will be disclosed, the data storage period or the criteria for determining them, the right to request rectification, erasure, or restriction of processing of personal data, and to object to such processing (Article 15 of the GDPR);

  2. to receive a copy of the data – to obtain a copy of the data being processed, the first copy being free of charge, and for subsequent copies the controller may charge a reasonable fee based on administrative costs (Article 15, paragraph 3 of the GDPR);

  3. to rectify – to request the rectification of personal data concerning you that are incorrect or the completion of incomplete data (Article 16 of the GDPR);

  4. to delete data – request the deletion of your personal data if the controller no longer has a legal basis for processing them or the data are no longer necessary for the purposes of processing (Article 17 of the GDPR);

  5. to restrict processing – request to restrict the processing of personal data (Article 18 of the GDPR), when:

i. the data subject questions the accuracy of the personal data – for a period enabling the controller to verify the accuracy of such data,

ii. the processing is unlawful and the data subject opposes their erasure, requesting the restriction of their use,

iii. the controller no longer needs the data, but the data subject requires it to establish, pursue or defend legal claims,

iv. the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds for objection of the data subject;

  1. to transfer data – to receive personal data concerning him/her, which he/she has provided to the controller, in a structured, commonly used and machine-readable format, and to request that these data be transmitted to another controller, if the data are processed on the basis of the data subject’s consent or a contract concluded with him/her and if the data are processed by automated means (Article 20 of the GDPR);

  2. To object – to object to the processing of their personal data for the legitimate purposes of the controller, for reasons relating to their particular situation, including profiling. In such a case, the controller assesses the existence of compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subjects, or grounds for establishing, pursuing, or defending legal claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the controller will be obliged to cease processing the data for these purposes (Article 21 of the GDPR).

  3. to lodge a complaint - the data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office in Warsaw, ul. Stawki 2.

2. In order to exercise the aforementioned rights, the data subject must contact the controller using the contact details provided and inform him/her which right he/she wishes to exercise and to what extent.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ( OJ EU L 119, 2016, p. 1, as amended).

 

Last update: 04/09/2025

 

 

Cookie Policy

COOKIE POLICY

PICTOPLAN

 

§ 1 Cookies

  1. The pictoplan.com.pl website uses cookies . These are small text files sent by a web server and stored by the browser's software. When the browser reconnects to the website, the website recognizes the type of device the user is connecting from. These parameters allow only the server that created them to read the information contained therein. Cookies therefore facilitate the use of previously visited websites. Non-essential cookies (e.g., analytical or marketing cookies) are stored on the user's device solely based on the user's voluntary consent, in accordance with Article 173 of the Telecommunications Law and Article 6, Section 1, Letter a of the GDPR.

The information collected includes IP address, browser type, language, operating system type, internet service provider, time and date information, location and information sent to the website via the contact form.

  1. The collected data is used to monitor and understand how users use our websites, to improve their performance and ensure more efficient and seamless navigation. We monitor user information using Google Analytics , which records user behavior on the website.

Cookies identify users, allowing us to tailor website content to their needs. By remembering their preferences, they enable targeted advertising. We use cookies to ensure the highest standard of user experience on our website, and the collected data is used only within PICTOPLAN to optimize operations.

  1. cookies on our website :

  1. “essential” cookies , enabling the use of services available on the website, e.g. authentication cookies used for services that require authentication on the website;

  2. cookies used to ensure security, e.g. used to detect abuse of authentication within the website;

  3. “performance” cookies , enabling the collection of information on how the website pages are used;

  4. “functional” cookies , which enable “remembering” the settings selected by the user and personalising the user interface, e.g. in terms of the selected language or region the user comes from, font size, website appearance, etc.;

  5. “advertising” cookies , enabling the provision of advertising content to users that is more tailored to their interests.

  1. Users can disable or restore cookie collection at any time by changing their browser settings. Therefore, they have the right to withdraw their consent at any time. Cookie management instructions are available at http://www.allaboutcookies.org/manage-cookies

  2. The data used in cookies is anonymous and will not be used to identify you.

 

Last update:

04/09/2025

 

Privacy Policy

Copyright: © Oliwia Chłopek 2025

tel. +48 792 805 800 

email: biuro@pictoplan.com.pl 

Oliwia Chłopek