PRIVACY POLICY OF THE WEBSITE

  1. The Administrator of the Personal Data of the Internet Service available at: www.halkk.com, hereinafter referred to as the Internet Service, is Halkk Furniture sp. z o.o. with its registered office in Wrocław at: Żmigrodzka 81-83, lok. 306, 51-130 Wrocław, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław Fabryczna in Wrocław, IX Economic Department of the National Court Register, under KRS number: 0001135794, NIP: 8952279611, REGON: 54004512500000, hereinafter referred to as the Personal Data Administrator.

  2. Any inquiries, requests, or complaints regarding the processing of personal data by the Data Controller, hereinafter referred to as "Submissions," should be directed to the following email address: hello@halkk.com or in written form to WROCŁAW, postal code 51-130, ul. ŻMIGRODZKA, no. 81-83, apt. 306. The content of the submission must clearly indicate:

    • the data of the person or persons to whom the Submission pertains,

    • the event that is the reason for the Submission,

    • your requests and the legal basis for those requests,

    • the expected method of resolving the matter.

  3. In our Website, we collect the following personal data:

    • first and last name – may be processed when you, as a user of our Website, provide it via email, during a phone contact, through the contact form available on our Website, or by traditional mail,

    • phone number – may be processed in case of a phone contact and when you provide it via email or through the contact form available on our Website or by traditional mail,

    • email address – may be processed when you provide it as a user of the Website via email, through the contact form available on our Website, by traditional mail, as well as during phone contact,

    • IP address of the device and potential personal data contained in Cookies – information resulting from general connection principles realized on the Internet, such as IP address (and other information contained in system logs), is used for technical and statistical purposes, including particularly for collecting general demographic information (e.g., about the region from which the connection occurs). This type of data is also used for marketing and analytical purposes if consent is given in accordance with Article 173(1) of the Telecommunications Law,

    • potentially other data may be collected in connection with conducting specific matters or may be provided by users of our Website via email, through the contact form available on the Website, by traditional mail or during phone contact.

  4. Each person using our Website has the option to choose whether and to what extent they want to use our services and share information and data about themselves within the scope defined by this Privacy Policy.

  5. We process personal data for the purposes of:

    • concluding and executing contracts related to the services we offer (Article 6(1)(b) GDPR) – in this respect, data will cease to be processed upon fulfillment of a given contract,

    • operating the website (Article 6(1)(f) GDPR in conjunction with Article 173(1) of the Telecommunications Law) – in this respect, personal data will cease to be processed upon expiration of a Cookie file, deletion of Cookies or appropriately upon completion of a given session,

    • ongoing communication related to the functioning of the Website (Article 6(1)(f) GDPR, i.e., legitimate interest of the Data Controller) – in this respect, your personal data will cease to be processed upon responding to a given question or questions,

    • establishing and pursuing claims or defending against those claims (Article 6(1)(f) GDPR, i.e., legitimate interest of the Data Controller) – in this respect, personal data will be deleted upon expiration of claims data; however, generally after a 3-year statute of limitations period for claims.

  6. The source of personal data processed by the Data Controller is individuals whose data pertains.

  7. In case there is a button or function linking to an external service, application or social media, there is a co-administration relationship between the Administrator of this Website and the administrator of an external site. Co-administration is limited solely to data necessary for operations related to functioning of that button or function. The Administrator is not responsible for policies regarding further processing of personal data by other entities and organizations or providers of social media services. Our Co-Administrators within this Website are:

    • Meta Platforms Ireland Ltd. (Facebook, Messenger, Instagram) located at: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,

    • Pinterest Europe Limited (Pinterest) located at: 2nd Floor Palmerston House, Fenian Street, Dublin 2, Dublin D02WD37,

    • Google Ireland Ltd. (YouTube, Google Maps) located at: Google Building Gordon House, 4 Barrow St., Grand Canal Dock, Dublin 4 D04 V4X7, Ireland,

    • Selsey sp. z o.o. (Homebook), located in Wrocław at: ul. Fabryczna 6, 53-609 Wrocław KRS 0000479465 NIP 8943048792,

    • Potentially others.

  8. The Administrator uses tools such as Google Analytics, Google DoubleClick, Google Ads. As a rule, data processed within these tools are processed on servers located within EEA territory. However, entities providing these tools may be required to transfer data to third parties if such an obligation is imposed on them by law or is necessary due to the nature of services provided (SaaS, hosting etc.). The scope of personal data transferred in this regard relates solely to potential personal data contained in Cookies. The legal bases for processing personal data indicated in the preceding sentence have been specified in point 5(d) of this Policy. The transfer of personal data to the United States occurs based on a decision by the European Commission dated July 10th, 2023 regarding ensuring an adequate level of protection under EU-U.S. Data Privacy Framework (Article 45(1) GDPR). Our entities-importers of personal data i.e., Google Ireland Ltd., Google Building Gordon House, 4 Barrow St., Grand Canal Dock Dublin 4 D04 V4X7 Ireland meet criteria set forth in that decision and participate in Data Protection Framework program; they can be found on a list at: https://www.dataprivacyframework.gov/s/participant-search.

  9. We do not share any personal data with third parties without explicit consent from the individual whose data pertains. Personal data without consent from individuals concerned may only be shared with public authorities such as governmental bodies and administration (e.g., tax authorities, law enforcement agencies and other entities authorized under generally applicable laws).

  10. Personal data may be entrusted for processing to entities that process such data on our behalf as Data Controller. In such cases as Data Controller we enter into a processing agreement with such entities regarding entrusted processing of personal data. The processor processes entrusted personal data solely for purposes specified in that processing agreement mentioned in the preceding sentence. Without entrusting personal data for processing we would not be able to conduct our business within this Website. As Data Controller we particularly entrust personal data for processing to:

    • providers offering hosting services for our website where our Website operates,

    • those servicing CRM.

  11. Personal data are not subject to profiling by us as Data Controller under GDPR regulations.

  12. According to GDPR regulations every individual whose personal data we process as Data Controller has rights including:

    • access to their personal data referred to in Article 15 GDPR,

    • being informed about processing their personal data referred to in Article 12 GDPR,

    • correcting or supplementing their personal data referred to in Article 16 GDPR,

    • withdrawing consent at any time referred to in Article 7(3) GDPR,

    • deletion of their data (right to be forgotten) referred to in Article 17 GDPR,

    • restriction of processing referred to in Article 18 GDPR,

    • portability of their data referred to in Article 20 GDPR,

    • lodging an objection against processing their personal data referred to in Article 21 GDPR,

    • if based on consent – right to withdraw consent at any time without affecting legality based on consent prior its withdrawal,

    • not being subject to profiling referred to in Article 22 concerning Article 4(4) GDPR,

    • lodging a complaint with a supervisory authority (i.e., President of Personal Data Protection Office) referred to in Article 77 GDPR.

  13. If you wish to exercise your rights mentioned in the previous point please send an email message or written correspondence addressed according to point 2 above.

  14. Each identified case of security breach is documented; if one of situations specified under GDPR regulations occurs or under applicable law provisions individuals whose data are concerned will be informed about such breach along with – if applicable – PUODO.

  15. The Cookie Policy constitutes a separate document available at: https://halkk.com/polityka-cookies.

  16. In matters not regulated by this Privacy Policy relevant provisions of generally applicable law shall apply accordingly. In case any provisions herein conflict with those provisions above-mentioned precedence shall be given to those provisions.