I. Website
This privacy policy applies to the website under the domain www.fristo.pl.

II. Personal Data Controller
The controller of personal data is FRISTO Damian Figarski, registered in the Central Registration and Information on Business (CEIDG), NIP: 9522173106, REGON: 369205868, with its registered office at ul. Panny Wodnej 46/48/21, 04-862 Warsaw, Poland. You can contact our data protection officer via email: administrator@fristo.pl.

The Controller declares that it takes particular care to protect the interests of individuals whose data is processed, ensuring that:
a. Personal Data is processed lawfully, fairly, and transparently;
b. Personal Data is collected for specified, explicit, and legitimate purposes and is not processed in a manner incompatible with those purposes;
c. Personal Data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
d. Personal Data is accurate and, where necessary, kept up to date;
e. Personal Data is stored in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the personal data is processed;
f. Personal Data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

III. Purpose of Processing
Personal data may be processed by the Controller for purposes including:
a. Communication and responding to inquiries. The legal basis for processing personal data is the legitimate interest of the Controller or a third party, e.g., to contact you, our marketing efforts, or those of our partners.
b. The conclusion and performance of service agreements or sales contracts – the basis for processing here is the necessity to conclude a contract;
c. Direct marketing of the Controller’s products and services or those of FRISTO entities – until an objection to such processing is raised or consent is withdrawn. The legal basis is the legitimate interests of the Controller or third parties, or consent;
d. Compliance with legal obligations of the Controller (e.g., tax, accounting, complaint handling) – for the duration of those obligations or the period required to demonstrate compliance to authorities. The legal basis here is a legal obligation imposed on the Controller;
e. Establishing, defending, and pursuing claims – for the period after which claims may expire (e.g., based on contracts) or for the duration of any legal proceedings. The legal basis here is a legitimate interest or a legal obligation imposed on the Controller.

Providing Personal Data is voluntary, but it may be necessary, for example, to conclude or perform a contract or respond to an inquiry.

If the processing of Personal Data is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

IV. Recipients of Personal Data
1. Personal Data may be shared with external entities only within legally permissible limits, and to the extent necessary, for the proper performance of a Sales Contract or Service Agreement.
2. The Controller may entrust the processing of Personal Data to third parties for activities related to conducting business, as well as for activities related to claims or protection against claims related to the use of services or products. Such entities may include:
a. External advisory firms (including legal, audit, tax, marketing, and accounting services);
b. External IT specialists;
c. Entities assisting the Controller with correspondence handling;
d. Couriers – in the case of correspondence or courier shipments;
e. Online payment operators or banks – in the case of financial settlements;
f. Entities cooperating with the Controller within the scope of sales services;
g. Other FRISTO entities providing some of the above services for the Controller.

V. Rights of Data Subjects
Every data subject has the right to:
a. Access their Personal Data (including receiving information on which Personal Data is being processed);
b. Request rectification and restriction of processing of Personal Data (e.g., if it is incorrect);
c. Request the deletion of Personal Data (e.g., if it has been processed unlawfully);
d. Transfer the Personal Data provided to the Controller, which is processed in an automated manner, and where processing is based on consent or a contract, to another data controller;
e. Object to the processing of Personal Data based on the necessity for the purposes of legitimate interests pursued by the Controller or a third party, particularly for marketing purposes;
f. Lodge a complaint with the authority responsible for data protection.

VI. Cookies
The Controller uses cookies (small text files) stored on Users’ end devices to gather data about their use of the Website.
Cookies enable, among other things:
a. Maintaining Users’ sessions after logging in, so they do not need to log in again on each subpage;
b. Customizing the content of the Website to the needs and interests of Users;
c. Generating statistics on visits to the Website;
d. Creating online surveys and preventing multiple voting by the same users.

Information obtained through cookies includes, for example, the name of the internet service provider, IP address of Users, and the country of origin from which Users connect to the Website.

The Website uses two main types of cookies: „session” cookies (which are temporary files stored in the User’s device until logging out, leaving the website, or turning off the browser) and „persistent” cookies (which are stored on the User’s device for a specified time in the cookie parameters or until deleted by the User).

In many cases, the software used for browsing websites (web browser) allows cookies to be stored on the User’s end device by default. Users can delete cookies stored on their devices at any time or block their installation in the browser settings (also on mobile devices). More information about cookies can be found in the „Help” section of the browser.

The Controller informs that limiting the use of cookies may affect some functionalities available on the Website.

VII. Changes to the Privacy Policy
This Privacy Policy may be amended by the Controller by publishing a new version on the Website.
This version of the Privacy Policy is effective as of: 04.09.2024.