PRIVACY AND COOKIE POLICY

This Privacy and Cookie Policy sets out the rules for the processing of personal data by Larget sp. z o.o., hereinafter referred to as the "Controller," as well as the rights of individuals whose data are processed. 

The Controller ensures the protection of privacy and the security of personal data by processing them in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC, hereinafter referred to as the "GDPR".

I. Personal Data Controller

The personal data controller is Larget sp. z o.o., with its registered office in Tomaszów Mazowiecki (97-200), ul. Ks. J. Popiełuszki 71. 

For matters related to personal data protection, the Controller can be contacted:

• by mail at the Controller's registered office address indicated in the preceding sentence;
• by email at: rodo@larget.pl.

II. Principles of Personal Data Processing

This Policy applies to visitors of the Controller’s websites, individuals contacting the Controller, as well as individuals using (including those representing entities using) the services provided by the Controller.

Providing personal data is voluntary; however, in some cases, the lack of such data may prevent the achievement of a specific purpose, such as establishing cooperation, concluding a contract, or responding to an inquiry. 

The Controller ensures that data processing is carried out in a reliable and transparent manner and in accordance with the principle of data minimization, meaning that data is collected only to the extent necessary to achieve specific purposes and is not processed for longer than required. 

Each instance of data processing is conducted for specific purposes, and the Controller guarantees that personal data is neither collected nor processed for purposes other than those specified. 

The Controller upholds the rights of data subjects in accordance with legal regulations and responds promptly to any requests. 

To protect personal data, the Controller implements appropriate technical and organizational measures to ensure data security and prevent accidental loss of personal data. 

Access to personal data is granted only to individuals duly authorized by the Controller. The Controller protects personal data from unauthorized disclosure as well as from processing in violation of applicable legal regulations. 

The Controller does not make decisions solely through automated processing that could produce legal effects or otherwise significantly impact data subjects.

III. Legal Basis for Personal Data Processing 

The Controller may process personal data for the following purposes: 

1) performing activities related to the conclusion and execution of a contract, particularly: 

• providing services in accordance with the concluded contract; 
• contacting individuals regarding the provided service; 
• taking pre-contractual steps, including providing an offer upon the data subject’s request. 
  
  

Legal basis: Art. 6(1)(b) of the GDPR. 

Data retention period: For the duration of the contract. 

2) establishing business relations, including responding to inquiries arising from the contact initiated by data subjects as part of the Controller’s legitimate interests in addressing received inquiries.

Legal basis: Art. 6(1)(f) of the GDPR. 

Data retention period: Until an effective objection to data processing is raised, but no longer than until the last day of the calendar year following three years from the Controller’s response.

3) conducting the recruitment process for the purpose of hiring a new employee. 

Legal basis: labour law regulations; in the case of data not specified by labour law – consent under Art. 6(1)(a) of the GDPR, which may be withdrawn at any time; in the case of special category data – consent under Art. 9(2)(a) of the GDPR, which may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal. 

Data retention period: for the duration of the recruitment process. 

4) fulfilling tax and accounting obligations in accordance with applicable tax and accounting regulations. 

Legal basis: tax and accounting regulations, Art. 6(1)(c) of the GDPR. 

Data retention period: for the duration of the legal obligation.

5) pursuing or securing potential claims and handling complaints as part of the Controller’s legitimate interests in protecting its rights and the rights of data subjects.
 

Legal basis: Art. 6(1)(f) of the GDPR. 

Data retention period: Until the expiration of the relevant claim limitation period. 

6) marketing of the Controller’s own services in connection with the Controller’s legitimate interests in safeguarding its business interests and promoting its services.
 

Legal basis: Art. 6(1)(f) of the GDPR. 

Data retention period: Until consent for receiving communications or information is withdrawn (pursuant to applicable regulations on the provision of electronic services and electronic communication law) or until an effective objection to data processing is raised.

IV. Recipients of Personal Data

Personal data may be disclosed to entities authorized to receive them under applicable legal provisions, including relevant state authorities, in particular judicial authorities. 

Personal data may also be transferred to recipients acting on behalf of the Controller, such as accounting and bookkeeping service providers, as well as partners providing technical services (development and maintenance of IT systems and online platforms). 

The Controller ensures that these entities process data in compliance with applicable regulations, and when data processing is carried out on behalf of the Controller, appropriate data processing agreements are concluded.

V. Transfer of Data Outside the European Economic Area (EEA) 

Personal data are not transferred outside the EEA. 

If the transfer of data outside the EEA becomes necessary, personal data will be transferred to recipients in third countries (outside the EEA) based on: a decision on an adequate level of protection issued by the European Commission, standard contractual clauses in accordance with the European Commission's decision, or the explicit consent of the data subject. 

VI. Rights of Data Subjects

Data subjects have the following rights: 

• the right to access their data and obtain a copy of them;
• the right to rectification of data; 
• the right to request the deletion of data;
• the right to restrict the processing of personal data;
• the right to data portability;
• the right to object to the processing of data based on the legitimate interest of the Controller or to processing for direct marketing purposes; 
• the right to withdraw consent, if the processing is based on consent, which will not affect the lawfulness of the processing of personal data carried out prior to the withdrawal of consent; 
• the right to lodge a complaint with a supervisory authority. 
  
  

To exercise the above rights, you can contact the Controller in the manner specified in section I.

VII. Cookies and Similar Tracking Technologies 

The Controller uses cookies or other similar technologies (hereinafter collectively referred to as "cookies") on its websites. Cookies are small text files stored on the user's device that, among other things, facilitate the use of the website. 

By using cookies, the Controller may process data regarding the user's device, location, activities performed on the website (e.g. visit duration), and other data depending on the type of cookie used (e.g. interest in a specific advertisement). As a general rule, cookies do not constitute personal data; however, when combined with other information, they may, to some extent, form personal data.

VIII. Types of Cookies Used

The Controller uses cookies categorized by storage duration as either "session" or "persistent" cookies. Session cookies are stored only until the session ends, i.e. until the browser is closed or the user logs out, whereas persistent cookies are stored according to their parameters and can be manually deleted by the user. 

The Controller also distinguishes cookies based on ownership: first-party and third-party cookies. First-party cookies are sent directly by the website, while third-party cookies are created by external entities. 

Depending on their purpose, the Controller may use the following types of cookies: 

• necessary cookies, which enable the website to function properly;
• functional cookies, which allow the website to remember user preferences, such as the preferred language, content layout, or the user’s region;
• statistical cookies, which allow the website owner to monitor user traffic and verify user choices, including tracking the number of visits. These cookies help create anonymous statistics that contribute to the development and improvement of the website;
• Advertising cookies, which are used for displaying advertisements and tailoring them to user preferences. Tailoring occurs through the analysis of individual user behaviour on the website. Depending on the cookie provider, this analysis may also be linked to behaviour on other websites. 
  
  

Detailed information about the cookies used on a given website can be found in the section where users can provide or modify their cookie consent.

 

IX. Managing Cookies 

All cookies, except for essential ones, require user consent before being applied. The user can choose which cookies to allow (excluding essential ones), and until explicit consent is given – by accepting and selecting via a button – cookies remain blocked. At any time, the user can change cookie settings on the Controller’s website by withdrawing consent or objecting to the use of non-essential cookies. 

Cookie settings can also be adjusted directly in the web browser. Users can manage cookies at the browser level by enabling notifications for each cookie placed on their device or by blocking their automatic storage. Depending on the browser, settings can be adjusted according to the instructions below: 

• Instructions for Microsoft Edge
• Instructions for Google Chrome
• Instructions for Mozilla Firefox
• Instructions for Safari
• Instructions for Opera
  
  

If the use of cookies is restricted, some functionalities may not work properly. 

X. Changes to the Privacy and Cookie Policy

The Controller reserves the right to update the Privacy and Cookie Policy. The latest version will always be available on the Controller’s website.