On behalf of NORLYS S.A., we would like to inform you about significant changes in our security policy, the data we collect, why we collect it, and how we process it, while also outlining your rights. We fulfill our information obligation in accordance with Article 13(1) and (2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR," which has been in force since May 25, 2018.
NORLYS S.A., as the Controller of your personal data, informs you:
1. The Controller of your personal data is NORLYS S.A. with its registered office in Nowy Sącz, 33-300, ul. Zawiszy Czarnego 7, entered in the National Court Register kept by the District Court in Kraków, XII Economic Department, under the National Court Register number KRS: 0001060838, NIP: PL7340019367, REGON: 49039980.
2. NORLYS S.A. processes your personal data for the purpose of conducting various activities related to the execution of agreements with you (purchase and sale agreements, including procurement orders), for one or more services or products offered by NORLYS S.A., for statistical and archival purposes, for the proper delivery of products to you through courier and freight companies, as well as for potential debt collection and claims enforcement in court.
3. NORLYS S.A. processes your personal data during the course of commercial negotiations, for the duration of the contract or service, and for the period during which NORLYS S.A. is obliged to keep sales documents in accordance with Article 86(1) in connection with Article 70(1) of the Tax Ordinance Act of August 29, 1997, i.e., Journal of Laws of 2017, item 201, as amended. After the specified periods, your data will be anonymized by NORLYS S.A. and processed solely for statistical purposes.
The company will retain your data for the purpose of marketing its own products and services (including sending information about new products or services, promotions, trade events, and promotional events organized by the company).
Your personal data will be retained for as long as necessary to achieve the purpose for which it is processed:
- User registration on the NORLYS S.A. B2B trading platform, for the duration of the account.
- Purchase or sale of NORLYS S.A. products/services, for a period of 5 years from the end of the fiscal year in which payment was made for ordered products/services.
- Providing warranty service.
- Handling complaints.
- All marketing activities, until an objection or a request to delete data is received.
4. NORLYS S.A. processes the following of your personal data: data required for invoicing, including tax identification number (NIP), company address, company name, data for issuing a receipt, such as name and address, and the name and surname of the person or persons acting on your behalf, business telephone number, and email address, as well as data necessary for the proper delivery of products to the specified address.
5. The data held by NORLYS S.A. is collected from individuals to whom it pertains, either directly from you or from your authorized employees and representatives, as well as from publicly available websites and registers.
Your personal data is disclosed to our employees and associates involved in the process of executing agreements binding us with you, data processors acting on our behalf, other controllers (advertising agencies and entities cooperating in marketing campaigns or customer service, postal or courier service providers, debt buyers, payment service providers, entities involved in accounting, tax, and legal services).
6. Cookies Policy - Two fundamental types of cookies are used on our website and B2B platform: "session cookies" and "persistent cookies." "Session cookies" are temporary files that are stored on the User's end device until logging out, leaving the website, or closing the software (web browser). "Persistent" cookies are stored on the User's end device for a specified period or until deleted by the User.
- Customizing the content of websites to User preferences and optimizing the use of websites, in particular, these files allow the recognition of the User's device and properly display the website tailored to their individual needs.
- Creating statistics that help understand how Service Users use websites, allowing for the improvement of their structure and content.
- Maintaining the User's Service session (after logging in), thanks to which the User does not have to re-enter their login and password on every subpage of the Service.
The entity placing cookies on the User's end device and accessing them is the Controller – NORLYS S.A.
- In many cases, software used for browsing websites (web browsers) allows cookies to be stored on the User's end device by default. Service Users can change their cookie settings at any time. These settings can be changed in particular to block the automatic handling of cookies in the web browser settings or inform about their every placement on the User's end device. Detailed information on the possibilities and ways of handling cookies are available in the software settings (web browser).
7. In connection with NORLYS S.A. processing your data, you have the right to obtain information on how and to what extent we process your data. You have the right to access your data and the right to request correction of data (if they have been recorded incorrectly or have changed).
Additionally, you have the right to request the limitation of data processing (if you want NORLYS S.A. to process your data only to a limited extent until your objection or request for data correction is considered) and the right to withdraw your consent to the processing of your personal data. The withdrawal of consent to data processing does not affect the legality of data processing carried out by NORLYS S.A. based on your consent before its withdrawal.
If you do not consent to the processing of personal data, further processing of your data for statistical purposes by NORLYS S.A. is not considered legally permissible in accordance with Article 89(1) of the GDPR. NORLYS S.A. will also implement appropriate technical and organizational measures to protect the rights of the data subjects.
8. If you do not agree to the processing of your personal data, please send a statement to: email@example.com.
9. In connection with the processing of your personal data by NORLYS S.A., we have appointed a Data Protection Officer to supervise the security of data processing and all matters related to data processing. You can contact the Data Protection Officer by email at firstname.lastname@example.org or by phone at +48 18 449 57 42. Individuals whose data is processed have the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection.
CEO of NORLYS S.A., Leszek Kordek