Privacy Policy

I. Introduction

Contact for the Data Protection Officer:
Paweł Biały
iod@donedeliveries.com
+48 33 875 54 12

1. The administrator of your personal data(hereinafter referred to as the: User(s)) collected through the websiteat www.donedeliveries.com (hereinafter referred to as the: Service)is DONE DELIVERIES Spółka z ograniczoną odpowiedzialnością sp. z o.o. based inAndrychów, at ul. Batorego 35 (hereinafter referred to as the: Administrator). Contactwith the Administrator:

Postal address: Andrychów, ul. Batorego 35
Emailaddress: hello@donedeliveries.com
Phonecontact: +48 33 875 54 12 
Contactfor the Data Protection Officer
IOD@donedeliveries.com

The data administrator is responsible for thesecurity of the provided personal data and for processing it in accordance withthe law.

2. In matters related to the processing of personaldata and exercising the rights granted to users under the personal dataprotection regulations, you can contact the Administrator.

3. Personal data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), as well as other currently applicable data protection laws.

4. During your visit to the Service, personal data provided by the user is collected in accordance with the functionalities used by the user. For some functionalities of the Service, a dedicated regulation is provided. In such cases, personal data is processed for purposes and in the manner specified in that regulation. In other cases, personal data is processed in accordance with the principles set out in this Privacy Policy.

II. Basic information

1.      The following information applies to all methodsof handling personal data provided by users, as indicated in Chapters III and IV.

2.      Data will not be collected for decisions basedsolely on automated data processing, including profiling as referred to inArticle 22 of the GDPR.

3.      With all data security guarantees, personal dataprocessed via the Service may be transferred – in addition to persons authorisedby the Administrator – to other entities, including:

1)     entities authorised to receive such data underthe law;
2)     entities processing them on behalf of the Administrator (e.g. IT technical service providers, hosting service providers,service technicians for those services and IT equipment, providers of analytical services, entities providing advisory services);
3)     other entities as necessary for the performanceof the contract, the provision of services, and legal requirements, such as electronic payment operators, postal and courier companies, notary or lawfirms, contractors providing services for the Administrator under concluded agreements.

4.      The Administrator will not transfer yourpersonal data to countries outside the European Economic Area.

5. The Administrator informs that, in connection with the processing of personal data obtained viathe Service, each person to whom the data pertains has the right to submit arequest regarding:

1)     access to data (information about dataprocessing or a copy of the data);
2)     rectification of data (when it is incorrect);
3)     deletion of personal data (the right to beforgotten);
4)     restriction of personal data processing;
5)     data portability to another administrator;
6)     objection to data processing when the basis forprocessing is the legitimate interest of the Administrator;
7)     withdrawal of consent, if the Administrator processes personal data based on consent, at any time and in any manner without affecting the period prior to its withdrawal;

– as specified in the GDPR. To exercise theserights, please contact the Administrator (as per the contact details providedabove).

6.     Each person to whom the data pertains has theright to file a complaint with the President of the Personal Data ProtectionOffice in Warsaw if they believe that the processing of personal data isinconsistent with the law.

7.      The data was obtained by the Administrator directly from the user. The Administrator may also process personal data ofother persons provided by the user in accordance with the various functionalities of the Service.

A. EMAIL OR PHONE CONTACT

1.       The Administrator processes personal data,including the first name, last name, contact phone number, email address, andother information provided by the user, to the extent necessary to handle enquiries and respond to questions submitted via the phone number and email addressavailable on the Service (legal basis – Article 6(1)(f) GDPR) – “legitimate interest”. If the user provides special categories of data (e.g. health information), they declare that they consent to its use for proper handling of enquiriesand communication, including responding to the request (legal basis – Article9(2)(a) GDPR) – “explicit consent to process health data”.

2.      The Administrator has the right to processpersonal data for as long as necessary to fulfil the purposes mentioned above.Depending on the legal basis, this will be either:

·       the time necessary to handle the enquiry, respond to the question, or resolvematters related to the correspondence or conversation;
·       the time until an objection is raised;
·       the time until the user withdraws consent (including consent to the processing ofspecial categories of data).

3.      Withdrawal of consent can be made, inparticular, by contacting the Administrator via the contact details providedabove. Withdrawal of consent does not affect the lawfulness of data use duringthe period when consent was valid.

4.      Providing personal data is voluntary butnecessary to respond to the enquiry or for proper handling and fulfilment ofthe request. Failure to provide personal data may result in an inability torespond or fulfil the request.

B. Contact Form

1. The Administrator may collect personal data,including the contact phone number or email address and other informationprovided by the user via the contact form available on the Service.

2. The Administrator processes personal data to theextent necessary to respond to enquiries submitted via the contact form (legalbasis – Article 6(1)(f) GDPR) – “legitimate interest”. If the user provides special categories of data (e.g. health information), they declare that theyconsent to its use for proper handling of enquiries and communication,including responding to the request (legal basis – Article 9(2)(a) GDPR) – “explicit consent to process health data”.

3. The Administrator hasthe right to process personal data for as long as necessary to fulfil thepurposes mentioned above. Depending on the legal basis, this will be either:

1)     the time necessary to respond to the enquirysubmitted via the contact form;
2)    the time until an objection is raised;
3)    the time until the user withdraws consent (including consent to the processing of special categories of data).

4. Withdrawal of consentcan be made, in particular, by contacting the Administrator via the contactdetails provided above. Withdrawal of consent does not affect the lawfulness ofdata use during the period when the consent was valid.

5. Providing the data indicated in the contact form is voluntary but necessary to respond to the enquiry or for proper handling and fulfilment of the request. Failure to providepersonal data will result in the inability to send a response to the user.