Privacy policy of the website

    1. The data controller for personal data collected through the website is Michał Piętka conducting business under the name DILLBOARD, registered in the Central Register and Information on Economic Activity of the Republic of Poland maintained by the minister responsible for economic affairs, registered office: Piaskowo 10B, 77-300 Człuchów, address for correspondence: Piaskowo 10B, 77-300 Człuchów, Tax Identification Number (NIP): 8431587965, National Business Registry Number (REGON): 221747890, email address:, hereinafter referred to as the “Controller”.
    2. Personal data collected by the Controller through the website are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and the Personal Data Protection Act of 10 May 2018.
    1. PROCESSING PURPOSE AND LEGAL BASIS. The Controller processes personal data through the website in the case of:
      1. the user’s use of the contact form. Personal data is processed based on Article 6(1)(f) of the GDPR as a legitimate interest of the Controller.
      2. the user’s subscription to the Newsletter for the purpose of sending commercial information electronically. Personal data is processed after obtaining separate consent, based on Article 6(1)(a) of the GDPR.
    2. TYPES OF PROCESSED PERSONAL DATA. The Controller processes the following categories of user’s personal data:
      1. Name and surname,
      2. Email address,
      3. Phone number.
    3. PERIOD OF PERSONAL DATA STORAGE. User’s personal data is stored by the Controller:
      1. if the basis for data processing is the performance of a contract, for as long as necessary for the performance of the contract, and after that for a period corresponding to the statute of limitations. Unless a specific provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to business activity – three years.
      2. if the basis for data processing is consent, until the consent is withdrawn, and after withdrawal of consent for a period corresponding to the statute of limitations for claims that the Controller may raise or that may be raised against the Controller. Unless a specific provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to business activity – three years.
    4. Additional information may be collected when using the website, particularly: the IP address assigned to the user’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
    5. Navigation data, including information about the links and references the user decides to click on or other actions taken on the website, may also be collected from users. The legal basis for such actions is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), aimed at facilitating the use of electronic services and improving the functionality of these services.
    6. Providing personal data by the user is voluntary.
    7. Personal data will also be processed in an automated manner in the form of profiling, provided the user gives consent based on Article 6(1)(a) of the GDPR. The consequence of profiling will be assigning a profile to a particular person for making decisions, analysis, or predicting preferences, behaviors, and attitudes.
    8. The Controller takes special care to protect the interests of data subjects, ensuring that the data collected are:
      1. processed lawfully,
      2. collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes,
      3. factually correct and adequate in relation to the purposes for which they are processed,
      4. stored in a form that permits identification of the data subjects for no longer than is necessary for the purposes of processing.
    1. User’s personal data is transferred to service providers used by the Controller for the operation of the website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, either follow the Controller’s instructions regarding the purposes and methods of processing the data (data processors) or independently determine the purposes and methods of processing (data controllers).
    2. User’s personal data is stored exclusively within the European Economic Area (EEA).
    1. The data subject has the right to access their personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
    2. Legal bases for user’s requests:
      1. Access to data – Article 15 of the GDPR.
      2. Rectification of data – Article 16 of the GDPR.
      3. Erasure of data (the right to be forgotten) – Article 17 of the GDPR.
      4. Restriction of processing – Article 18 of the GDPR.
      5. Data portability – Article 20 of the GDPR.
      6. Objection – Article 21 of the GDPR.
      7. Withdrawal of consent – Article 7(3) of the GDPR.
    3. To exercise the rights mentioned in point 2, a user can send an appropriate email message to the address:
    4. If a user exercises a right resulting from the above-mentioned rights, the Controller fulfills the request or refuses to fulfill it promptly, no later than within one month from its receipt. However, due to the complex nature of the request or the number of requests, if the Controller cannot fulfill the request within one month, they will fulfill it within the next two months, informing the user in advance within one month from receiving the request about the intended extension of the deadline and its reasons.
    5. If the data subject finds that the processing of personal data violates the provisions of the GDPR, they have the right to lodge a complaint with the President of the Personal Data Protection Office.
    1. The Controller’s website uses “cookies”.
    2. The installation of “cookies” is necessary for the proper provision of services on the website. “Cookies” contain information necessary for the proper functioning of the site, and they also allow for the compilation of general statistics on visits to the website.
    3. Two types of “cookies” are used on the website: session and persistent.
      1. “Session” cookies are temporary files stored on the user’s end device until logging out (leaving the website).
      2. “Persistent” cookies are stored on the user’s end device for the time specified in the parameters of the “cookies” or until they are deleted by the user.
    4. The Controller uses their own cookies to better understand how users interact with the content of the site. The files collect information about the user’s use of the website, the type of page from which the user was redirected, and the number of visits and the duration of the user’s visit to the website. This information does not record specific personal data of the user but is used to compile usage statistics.
    5. Users have the right to decide on the access of “cookies” to their computer by selecting them in their browser’s window. Detailed information about the possibilities and methods of handling “cookies” is available in the software settings (web browser).
    1. The Controller implements technical and organizational measures to ensure the protection of processed personal data appropriate to the risks and categories of data subject to protection, particularly safeguarding data against their unauthorized disclosure, unauthorized acquisition by an unauthorized person, processing in violation of applicable regulations, as well as alteration, loss, damage, or destruction.
    2. The Controller provides appropriate technical measures to prevent unauthorized acquisition and modification of electronically transmitted personal data by unauthorized persons.
    3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law apply accordingly.