1. The protection of personal data is ensured based on the Act of 10 May 2018 on the Protection of Personal Data (Dz. U. [Journal of Laws] of 2018, item 1000) and the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (referred to as the “GDPR”).
2. For the purposes of this policy, the following definitions shall be adopted for the avoidance of doubt:
   

   
   “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

   “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

   “restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;

   “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

   “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

3. The processing of personal data following submission of a request for quotation or order takes place exclusively based on the consent voluntarily given by the Ordering Party. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The withdrawal of consent is made via e-mail at: neon@neonownia.pl, hotline at (42) 712-55-44; 712-55-33 and by letter sent to the correspondence address: 95-070 ALEKSANDRÓW ŁÓDZKI ANTONIEW k/Łodzi, ul. Krucza 16.
4. The data controller is KAPILAR-REKLAMA Łukasz Frankowski with its registered office in Antoniew k/Łodzi, (95-070 Aleksandrów Łódzki) at ul. Krucza 16, represented by the owner Łukasz Frankowski – address as above.
5. The purpose of the processing of personal data on the website www.neonownia.com obtained under the conditions set out in Article 6 of the GDPR is: submission of a request for quotation or registration of an account in the online store (in order to create and manage an individual account and to receive and process an order placed as a result of a voluntarily completed order form and a statement of consent to the processing of personal data).
6. The recipients of the personal data processed as a result of order fulfilment are the staff of the website www.neonownia.com, employees of KAPILAR-REKLAMA Łukasz Frankowski and third parties entrusted with the order fulfilment, including employees of courier companies, indicated in this policy.
7. The personal data obtained based on the consent given by the right holder will be processed until the consent is revoked and after the revocation of the consent, for a period corresponding to the statute of limitation for mutual claims. Where the data processing is based on the performance of a contract, the duration of the processing will correspond to the period of the performance of the contract subject to obligations under separate laws.
8. The minimum scope of personal data necessary to be provided to the controller is specified in the request for quotation or order form. The provision of the minimum amount of personal data is a prerequisite for the conclusion and performance of the contract. Failure to provide the data will prevent you from submitting a request for quotation or order.
9. The Ordering Party shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purpose of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; the envisaged period for which the personal data will be stored; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
10. The Ordering Party shall have the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject, and the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement by means of communication referred to in paragraph 3.
11. The Ordering Party shall have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
12. The Ordering Party shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including those processed for marketing purposes. In that case, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
13. The Ordering Party shall have the right to submit complaints and comments directly to the controller by means of the communication referred to in paragraph 3. The Ordering Party shall also have the right to lodge a complaint with a supervisory authority, Urząd Ochrony Danych Osobowych (Personal Data Protection Office); address: ul. Stawki 2, 00-193 Warszawa, fax: 22 531 03 01, helpline: 606-950-000, kancelaria@uodo.gov.pl
14. As part of the declarations made by the Ordering Party via the request for quotation or order form, the Ordering Party may voluntarily consent to the transfer of his or her personal data for marketing purposes. The absence of the above-mentioned consent shall not affect the performance of services provided by www.neonownia.com

GDPR

1. The primary objective of the “GDPR”, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, is to achieve full harmonisation of substantive law across the EU and the free movement of personal data. The full text of the Regulation is available at https://www.giodo.gov.pl/pl/1520284/9745
2. The GDPR replaced the previously applicable Act of 29 August 1997 on Personal Data Protection. It is applicable from 25 May 2018.
3. The GDPR introduces a number of changes with respect to the processing of personal data, including the rights of the data subject. Thus, the consumer has the right to:

• request rectification or erasure of personal data (the so-called “right to be forgotten”) and restriction of processing of personal data;
• object – the data subject shall have the right to object at any time to processing of personal data concerning him or her on grounds relating to his or her particular situation;
• request that his or her personal data be transferred to an entity specified by him or her;
• request that a copy of the data be presented, and the processor is obliged to inform the data subject of any data leakage.

1. The provisions of the GDPR introduced new or supplemented the existing rules for obtaining valid and verifiable consents to the processing of personal data from data subjects.
2. The GDPR provides for numerous disclosure that must be taken into account in communications to data subjects on how personal data are processed.
3. Our Website has been fully adapted to the changes. Thus, you can use its services with confidence as to the highest standards of personal data protection.