PRIMARY OBJECTIVES OF THE PRIVACY POLICY

This Privacy Policy pertains to the processing and protection of personal data of Users in connection with their use of the www.codlake.com website (hereinafter referred to as the "Service"), managed by Codlake S.A., located at ul. S. Skarżyńskiego 14, 31-866 Kraków, Poland.

Privacy Policy outlines the principles governing the collection and use of data on Users and those accessing the server.

The main objective of this policy is to provide Users of the Service with privacy protection at a level that meets the standards set forth in the applicable legal regulations, particularly the Act of 18 July 2002 on Providing Services by Electronic Means (consolidated text: Journal of Laws of 2019, item 123, as amended), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – GDPR (OJ L 119, p. 1), and the Act of 16 July 2004 Telecommunications Law (consolidated text: Journal of Laws of 2018, item 1954, as amended).

The Privacy Policy is available free of charge on www.codlake.com for every User of the Service.

Using the Service signifies acceptance of this Privacy Policy.

1. WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?

The controller of your personal data is Codlake Spółka Akcyjna, based in Kraków, located at ul. S. Skarżyńskiego 14, 31-866 Kraków, entered into the Register of Entrepreneurs of the National Court Register at the District Court for Kraków–Śródmieście in Kraków, 11th Commercial Division of the National Court Register, under KRS number 0000691663, with NIP number 6783169728, REGON number 368063277, and a share capital of 100,000 PLN (fully paid).
address: ul. Stanisława Skarżyńskiego 14, 31-866 Kraków, Poland.
phone: +48 12 39 51 300,
e-mail: biuro@codlake.com

1. Codlake, as the data controller, is committed to fulfilling GDPR requirements to the fullest extent possible, thus protecting your personal data.
2. The appointed Data Protection Officer (hereinafter “DPO”) supervises the correct processing of personal data at Codlake S.A.:

address: Data Protection Officer, Codlake S.A., ul. Stanisława Skarżyńskiego 14, 31-866 Kraków

e-mail: iodo@codlake.com

You may contact the DPO regarding any questions or concerns related to the processing of your personal data and your rights.

Your personal data may also be processed by entities with whom we maintain continuous cooperation to ensure you have optimal access to our services.

2. WHAT PERSONAL DATA WILL BE PROCESSED?

In using the Service, we may collect data that you voluntarily provide (e.g., through the contact section) as well as data collected solely for technological or statistical purposes (e.g., data gathered through cookies).

3. HOW DO WE OBTAIN YOUR PERSONAL DATA?

Codlake processes personal data obtained directly from you (e.g., data provided in various forms) as well as data acquired from other sources, legally and based on agreements with partners. These other sources may include public registers, such as KRS, CEIDG, or limited-access sources like BIG, KRD. In each case, Codlake carefully verifies the legal basis for data processing.

4. WHAT CATEGORIES OF YOUR PERSONAL DATA DO WE PROCESS?

Depending on your relationship with Codlake, we may process the following categories of personal data collected from you or third parties:

• personal details (e.g., name, residence address),
• contact details (e.g., phone number, mailing address, email address),
• identification details (e.g., ID number, PESEL),
• transactional data (e.g., payment details),
• contract details (e.g., details of contracts concluded),
• behavioral data (e.g., data on products or services held and how they are used),
• communication data (e.g., details of communications with you),
• audiovisual data (e.g., recordings for security and evidence purposes),
• publicly available or third-party data (e.g., data from CEIDG, BIK),
• technical data (e.g., device data for accessing mobile services),
• browsing history data (e.g., data necessary to maintain proper exchange of information between the server and browser while using Codlake’s services and websites).

5. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?

Within Codlake’s organizational structure, access to your personal data is limited exclusively to authorized Codlake employees and solely to the necessary extent. In certain situations, your personal data may be disclosed by Codlake to recipients outside its organizational structure. In every such instance, Codlake carefully examines the legal basis for data disclosure. Please note that, under GDPR, a data recipient includes both entities processing data on behalf of Codlake and entities to whom the data is disclosed for their own purposes (e.g., public administration bodies).

Recipients of your personal data may include:

• public authorities, institutions, or third parties entitled by law to request or receive personal data, such as courts, the Ministry of Finance, tax authorities, or judicial arbitrators,
• entities contracted by Codlake to process personal data, such as courier service providers, business partners (e.g., agents, call centers, sponsors), postal operators, carriers, correspondence printing or handling companies, archiving companies, customer opinion research firms, partners providing technical services (e.g., development and maintenance of IT systems and websites), IT providers, and other service providers processing data on behalf of Codlake,
• banks, financial institutions, or credit institutions, as well as other institutions that may receive personal data in relation to business relationships between Codlake and you (e.g., institutions facilitating leasing or other similar financial agreements) and as permitted by applicable law, business information bureaus (e.g., KRD, BIG),
• electronic payment operators, including Visa, MasterCard, PayU, and PayPal, as well as other settlement entities, such as KIR, Swift, etc.,
• telecommunications service providers,
• advisory and audit service providers, such as auditing firms,
• entities processing data for debt recovery or legal representation purposes, such as law firms,
• insurance companies (e.g., for transaction or shipment insurance purposes),
• other entities to which you have consented to share and process your personal data,

6. ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?

Your personal data is processed in accordance with applicable data protection regulations, including GDPR. The basis for processing your data for the purposes outlined in this document is your voluntary consent, which you may withdraw at any time. In certain cases, the legal basis for processing your personal data is the legitimate interest of the Data Controller.

7. WHAT RIGHTS DO YOU HAVE IN RELATION TO YOUR PERSONAL DATA?

Your personal data is fully secure with us. However, you have the right to access, modify, correct, and request restriction of processing of your data. To the extent permitted by law, you also have the right to request data deletion. Additionally, you have the right to file a complaint with the President of the Personal Data Protection Office regarding matters related to data processing.
If you wish to exercise any of the aforementioned rights, please contact us via email: iodo@codlake.com or directly at our office (Codlake S.A., ul. S. Skarżyńskiego 14, 31-866 Kraków).

8. IP ADDRESSES

An IP address is a number assigned to a user’s computer when connecting to the Internet, enabling communication between the computer and the server. IP addresses of users visiting the Service may be recorded to ensure IT system security and for diagnostic purposes. This information may also be used in aggregate form to analyze internet trends and evaluate the performance of the Service.

9. COOKIES

This website uses cookies. We use information saved via cookies for purposes including advertising, statistics, and tailoring our website to individual user needs. Using our website without changing cookie settings means that they will be stored in the device's memory. By continuing to use the site, you consent to the use of cookies in accordance with your current browser settings.

10. WHAT ARE COOKIES?

Cookies are digital data, particularly small text files, stored on the end device (computer) of the Service User while using the Service and then saved there. Upon subsequent connection to this website, cookies can be read by the site from the User’s computer and used to adjust the Service to the User’s stored preferences, as well as for the owner’s statistical purposes.

11. WHAT DOES THE SERVICE USE COOKIES FOR?

We use cookies to ensure the most efficient and convenient functionality of the Service (for example, allowing the Service to "remember" individual user settings, such as language or font size). Additionally, we use cookies to tailor content to your preferences, based on your online behavior, and to create statistics that help us understand how you use the Service, assisting us in its development and optimization.

12. WHAT TYPES OF COOKIES DO WE USE?

Different cookies serve different functions, so to make their usage as transparent as possible, we categorize them as follows: Essential cookies required for service provision. These cookies are necessary for the operation of our website.
Statistical cookies. These allow us to recognize and count the number of visitors to our website, and observe how visitors navigate and interact with it. This helps us improve the functionality of our website, for example, by ensuring that users can easily find what they are looking for.

Functional cookies. These are used to recognize the user upon returning to our website, enabling us to personalize content, greet users by name, and remember user preferences.

13. HOW TO CHANGE YOUR BROWSER SETTINGS FOR COOKIES?

Web browsers are generally set to allow cookies to be stored on the user's end device by default. However, you may change these settings at any time, even to completely block the saving of cookies. In this case, using the Service will still be possible, although some of its functions may not work correctly. Not changing browser settings implies consent to the placement and storage of cookies used by the Service on your device, as well as the Service’s access to them.

14. LINKS TO EXTERNAL SITES

The Service may contain links to websites of other entities (so-called external links). These sites may operate under a different privacy policy with provisions different from this one. We encourage users to carefully review the privacy policy of each site visited before providing any personal data.

15. EXERCISING YOUR RIGHTS

Detailed Information on Your Rights:

• you have the right to access your personal data, including obtaining a copy of the data.
• if you find that your personal data processed by Codlake is inaccurate, you have the right to request its correction or completion.
• you have the right to request the deletion of your personal data in legally specified cases.
• you have the right to request a restriction on the processing of your personal data.
• you have the right to object to the processing of your personal data if it is processed based on Codlake's legitimate interests.
• you also have the right to receive your personal data from Codlake in a structured format and transfer your personal data to another controller, if technically feasible. In cases of data transfer, certain legal requirements may necessitate obtaining your or another person's consent or meeting other legal conditions.
• you have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects concerning you or significantly affects you unless the decision is necessary for contract performance, is permitted by law, or you have explicitly consented to it in advance.
• in cases where data processing is based on your consent, you have the right to withdraw any consents granted for specific processing purposes at any time. You may withdraw consent at Codlake's premises, by phone, on services and websites, or through email correspondence.

Withdrawal of consent does not affect the legality of processing conducted before consent withdrawal.

• If you have entered into a contract or transaction, providing personal data is necessary for their execution.
• If you believe Codlake's processing of your personal data violates GDPR, you have the right to lodge a complaint with the supervisory authority. From May 25, 2018, this will be the President of the Personal Data Protection Office.

16. AUTOMATED DECISION-MAKING

When you have a contract with Codlake or if actions are taken to conclude a contract, the processing of your personal data may be automated, which could result in automated decision-making, including profiling. This particularly applies to assessing the Client’s creditworthiness for the purpose of transaction or contract conclusion with Codlake, based on your order details, data contained within internal and external databases (BIG, KRD, etc.). The result of such profiling may be a decision to withdraw from the transaction or contract conclusion.