Privacy policy

Home
Privacy policy

Privacy policy
DENI CLER MILANO

This website (“Website”) is administered by DCG S.A. seated in Warsaw ul. Bystrzycka 81A, 04-907 Warsaw, registered with the register of entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under the KRS (National Court Register) number: 0000285675, NIP (Tax Identification Number): 1130015696, REGON (Business Registry Number): 01251364100000 (“Administrator or "we"”).

This Privacy Policy ("Privacy") lays down the rules for the processing and protection of User’s personal data and the rules for storing of and access to information on User’s devices through Cookies, used to provide services by electronic means by Administrator as well as the rules for using Web Push Notifications by the Website.

Any terms used in the Policy have the same meaning as in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (O.J. EU L of 4 May 2016, No. 119, p. 1, with amendments published in O.J. EU L of 23 May 2018, No. 127, p. 2), unless otherwise defined in this Policy.

Users may change Cookie settings in their web browsers, e.g. they may partially restrict or completely disable the option of receiving Cookies. If no changes are made to those settings, Cookies will be saved in Device memory. Any change of Cookie settings may limit Website functionality (for instance, in an online shop, it may be impossible to follow the ordering procedure using an order form due to products not being saved in the cart during subsequent steps of placing an order).

Please read these terms carefully before using the Website. By using the Website, you accept these terms regardless of whether you choose to sign up for Administrator’s Website.

Should you have any inquiries, comments or conclusions regarding this Privacy Policy and Cookie Notice or Web Push Notifications, please contact us at rodo@denicler.eu

1. Definitions

Administrator - means the company DCG Spółka Akcyjna seated in Warsaw (04-907), at ul. Bystrzycka 81A, registered with the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under the KRS (National Court Register) number: 0000285675, NIP (Tax Identification Number): 1130015696, REGON (Business Registry Number): 01251364100000, which provides services by electronic means, stores and obtains access to information on User’s devices, processes User’s personal data collected, among others, through Website, and makes Web Push notifications through the Website.
Cookies - means IT data, especially small text files, saved and stored on devices used by User to access various pages of the Website.
First-Party Cookies - means Cookies placed by Administrator, related to the provision of services supplied electronically by Administrator through the Website.
Third-Party Cookies - means Cookies placed through the Website by Administrator’s partners.
Web Push Notifications – means communicates containing e.g. marketing information, including information on current special offers available on the Website, sent by the Website to User’s web browser. Web Push Notifications are sent to User’s web browser only after obtaining User’s consent to such communication.
Website - means any web page or application used by Administrator to run a website, available under the domain name: www.denicler.eu.
Device - means any electronic device used by User to access the Website.
User - means the party to which, in accordance with Terms and Conditions and applicable laws, services may be provided electronically or with which a contract for providing services electronically may be concluded.

2. Data Protection Officer

Administrator has designated a Data Protection Officer. DPO responsibilities are performed by Maciej Strycharz. The officer may be contacted regarding any matters connected with processing of personal data, in particular for the exercise or rights connected with processing of personal data, at the following e-mail address: rodo@denicler.eu.

3. Data subjects

The Controller processes the following personal data: name, surname, sex, residence address, address to which shipment is to be dispatched, bank account number, e-mail address, telephone number. Optionally – date of birth, PESEL number (if an invoice is requested), NIP number (if an invoice is requested by an entrepreneur).

4. Types of Cookies used

Clients

We process data for the purpose of entering into or performance of a contract (Article 6(1)(b) of the GDPR) and in certain cases for the purposes of the legitimate interests (Article 6(1)(f) of the GDPR). The cases of our legitimate interests are described in § 4.

Categories of processed personal data may include: identification data, contact data, telephone number and address data.

Data will be stored for a period of at least 5 years from the end of the calendar year in which the time limit for payment of tax in connection with a contract expired; however, the provisions of law may stipulate a longer data storage period, in particular in respect of exercise or defence of legal claims. The cases of a longer data processing period are described in § 4.

In connection with the processing, User has the right to access data, the right to rectify data, the right to erase data, the right to restrict processing, the right to object to processing, the right to lodge a complaint with the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw). Detailed information relating to individual rights is contained in § 7.

Personal data may be processed in the form of analytical, sales and marketing profiling, to take measurements that will allow for improving the services. Provision of data is a contractual requirement. If User does not provide personal data, he or she may be requested to supplement the missing data. If User does not provide personal data, he or she may be requested to remove deficiencies. In the case of complete refusal to provide data, it will not be possible to enter into or perform a contract.

Registered clients

Categories of processed personal data may include: identification data, contact data, telephone number and address data.

In connection with the processing, you have the right to access data, the right to rectify data, the right to erase data, the right to restrict processing, the right to object to processing, the right to lodge a complaint with the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw). Detailed information relating to individual rights is contained in § 7.

Personal data may be processed in the form of analytical, sales and marketing profiling, to take measurements that will allow for improving the services. Provision of data is a contractual requirement. If User does not provide personal data, he or she may be requested to remove deficiencies. In the case of complete refusal to provide data, it will not be possible to enter into or perform a contract.

Suppliers of goods and services

Data of representatives, representing persons, contact persons are processed by us for the purposes of performance of a contract or in order to take steps prior to entering into a contract (Article 6(1)(b) of the GDPR). Data may also be processed for the purposes of our legitimate interests consisting in establishment, exercise or defence of legal claims, and for the purposes of determining whether any persons designated for representation are entitled to act on behalf of the principal (Article 6(1)(f) of the GDPR).

Categories of processed personal data may include: identification data, contact data, telephone number and address data, official/business data.

Provision of personal data is a contractual requirement. If User does not provide personal data, he or she may be requested to remove deficiencies. In the case of complete refusal to provide data, it will not be possible to enter into or perform a contract.

Newsletter subscribers

Data will be processed on the basis of voluntary consent (Article 6(1)(a) of the GDPR). Consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal. In certain cases data may also be processed for the purposes of the legitimate interests (Article 6(1)(f) of the GDPR). The cases of our legitimate interests are described in § 4.

Categories of processed personal data will include: e-mail address, telephone number (and, possibly, name and/or surname).

Data will be stored until consent is withdrawn.

In connection with the processing, User has the right to withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal), the right to access data, the right to rectify data, the right to restrict processing, the right to object to processing, the right to withdraw consent at any time, the right to erase data, the right to lodge a complaint with the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw). Detailed information relating to individual rights is contained in § 7.

Website visitors or website service users

Personal data are processed for the purposes of the legitimate interests (Article 6(1)(f) of the GDPR), such as communication and correspondence, creation of statistics to improve website services, and adaptation of the website and services to Users’ preferences.

Categories of processed personal data may include: identification data, IP, location data, contact data, telephone number and address data.

Data will be stored for a period necessary for replying to submitted enquiries.

Personal data will not be processed in the form of analytical profiling. Binding decisions will not be automated, i.e. will never be made without human participation. Data on the use of the website may be used for internal statistical purposes and to develop and improve website services, communication methods and website functionalities, and to ensure IT security.

Job candidates and potential collaborators

Personal data will be processed for recruitment purposes on the basis of voluntary consent – Article 6(1)(a) of the GDPR. If information including special categories of data (so-called sensitive data) is provided in recruitment documents, the basis of processing of such data is also voluntary consent (Article 9(2)(a) of the GDPR). Consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal. In certain cases data may also be processed for the purposes of the legitimate interests (Article 6(1)(f) of the GDPR). The cases of our legitimate interests are described in § 4.s

Categories of relevant personal data include: identification data, contact data indicated by the candidate, education, professional qualifications, employment history or other data provided by the candidate in the application documents. In the case of recruitment related to employment as part of a civil-law relationship, the catalogue of personal data provided in the application documents may be unrestricted. In the case of recruitment related to employment as part of an employment relationship, the scope of processed personal data should not go beyond the catalogue indicated in Section 22(1)(1) of the Employment Code of 26 June 1974. Provision of personal data beyond the scope of that catalogue will be based on voluntary consent (Article 6(1)(a) of the GDPR, Article 9(2)(a) of the GDPR). However, we reserve that in accordance with the principles of data minimisation and purpose limitation excessive data will be subject to anonymisation or erasure.

Recipients of personal data may be providers of telecommunications, IT, legal, hosting services.

Data will be stored for a period no longer than until the end of the recruitment process to which the announcement relates, i.e. for a period of 3 months or until consent is withdrawn. For the purpose of establishment, exercise or defence of legal claims, personal data will be stored in accordance with Section 118 of the Civil Code of 23 April 1964 (the general limitation period is 6 years, the limitation period expires on the last day of the calendar year).

Participants of the DENI Club loyalty programme

Categories of processed personal data will include: identification data, address data, contact data.

Data will be stored until consent is withdrawn.

Customers of the customer service office

Personal data are processed for contact purposes, for the purposes of exchanging correspondence, providing information and technical support and replying to any questions asked (Article 6(1)(f) of the GDPR).

Categories of relevant personal data may include: identification data, contact data and other data contained in the contents of correspondence.

Data will be stored for a period necessary for providing information and technical support and replying to any questions asked; however, the provisions of law may stipulate a longer data storage period, in particular in respect of exercise or defence of legal claims. The cases of a longer data processing period are described in § 4.

4. Other purposes, legal bases and periods of processing of personal data

For the purpose of compliance with legal obligations to which we are subject (Article 6(1)(c) of the GDPR), we will process data:

a) for a period of fulfilment of legal obligations imposed on us by relevant provisions, including but not limited to tax law provisions;

b) for a period for which relevant provisions of law require us to store data (such provisions may stipulate different data storage periods).

If we process personal data for the purposes of our legitimate interests (Article 6(1)(f) of the GDPR), we do so for the purposes of:

a) establishment, exercise and defence of legal claims, which also includes sale of our receivables to another entity (the general limitation period is 6 years and in the case of legal claims connected with periodical performances it is three years; the limitation period expires on the last day of the calendar year);

b) promotion of our products and services;

c) creation of statements, analyses and statistics;

d) archiving.

5.Recipients of personal data

Recipients of personal data may be separate personal data controllers or processors. If we commission another entity to perform operations the essence of which is processing of personal data, we will do so in accordance with Article 28 and Article 32 of the GDPR, i.e. as part of entrusting personal data for processing. Entrusting of personal data will only relate to operations as part of which processing of data is the main, primary activity, and not a result of other secondary processes.

Personal data may also be accessed by so-called third parties. In accordance with the definition presented in the GDPR, a third party is not the data subject, the controller or processor, or the controller’s or processor’s representative. These are mainly public authorities which are not regarded as recipients under the GDPR, but may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law.

Recipients of data may be service providers which provide us with certain IT, technical and organisational solutions allowing for operation and management of our organisation (accounting, postal operators and couriers, Internet service providers, including e-mail, software, hosting providers), legal offices and law firms providing legal services.

6.Other purposes, legal bases and periods of processing of personal data

As a matter of principle, personal data will not be transferred to countries from outside the European Economic Area (EEA) where the law may not warrant the same level of protection.

However, if it would become necessary to transfer data outside the EEA, we would perform such operation:

a) on the basis of the decision on the adequate degree of protection (Article 45 of the GDPR); or

b) subject to appropriate safeguards, including standard data protection clauses, approved code of conduct, approved certification mechanism (Article 46 of the GDPR); or

c) in accordance with binding corporate rules (Article 47 of the GDPR); or

d) upon consideration of derogations for specific situations (Article 49 of the GDPR).

7. Rights connected with processing of personal data

At any time User may request exercise of certain rights under the GDPR in connection with processing of personal data. Below we describe individual rights, circumstances under which they may be exercised and how to exercise them.

Right to withdraw consent at any time (Article 7(3) of the GDPR)

If data are processed on the basis of voluntary consent, User may opt out of operations being performed on data on that basis. In such case, we will immediately cease processing data for the purpose for which consent was obtained. However, we would like to state that withdrawal of consent does not affect the fact that processing of personal data on the basis of consent before its withdrawal was lawful.

Right to access personal data and receive a copy thereof (Article 15 of the GDPR)

RUser may receive from us information relating to our processing of personal data and receive a copy of such data. It will be made available in a popular IT file format. The first copy will be made available free of charge and for issuance of another copy we may charge a fee in the amount determined in accordance with the conditions arising from the GDPR.

Right to rectify data (Article 16 of the GDPR)

We are obliged to ensure accuracy of data processed by us. User may request rectification or erasure of data if they are inaccurate, incomplete or were collected unlawfully. However, the burden of proving such inaccuracies rests with the data subject.

Right to erase data, including the “right to be forgotten” (Article 17 of the GDPR)

Upon request, we are obliged to erase personal data. We will do so if:

a) the purposes for which data were collected have already been achieved;

b) the only legal basis for processing of personal data was consent which was then withdrawn and there are no other legal bases for further processing of personal data;

c) the only legal basis for processing was consent given by a person under thirteen years of age;

d) processing was objected to on the basis of Article 21 of the GDPR and we do not have any overriding legal bases allowing for further processing of personal data;

e) personal data were processed unlawfully, i.e. for unlawful purposes or without any basis for processing of personal data.

The “right to be forgotten” is a special form of the right to erase data. If data were published, e.g. on this website, and User has the right to request erasure of such data, we are obliged to erase any copies of such data and links to such data. We also must take steps in order for other entities which processed personal data to erase them from their resources as well. However, this right is not absolute – while taking steps to exercise that right we must consider available technology and costs, which may restrict its application.

Right to restrict processing (Article 18 of the GDPR)

We are obliged to restrict processing of personal data upon request. In such case, we must refrain from performing any operations on data, except data storage. If the data subject has any doubts as to accuracy of data, we will restrict processing of such data for a period allowing for this matter to be checked. We will also restrict processing if the data subject objects to processing.

Right of data portability (Article 20 of the GDPR)

The data subject has the right to obtain personal data and transmit them to another controller of personal data selected by the data subject. User has the right of data portability if we process personal data on the basis of consent (Article 6(1)(a) of the GDPR) or if it is necessary for performance of a contract (Article 6(1)(b) of the GDPR) and operations on data are performed by automated means, i.e. without human participation.

Right to object (Article 21 of the GDPR)

The data subject may request cessation of processing of personal data, especially on account of his or her special circumstances.

However, objection does not apply if consent to processing was given. In such case, consent should be withdrawn – the effect will be the same, but from a legal point of view objection and withdrawal of consent are two different constructs which apply to different cases.

An objection cannot be made effectively if:

a) processing of personal data is necessary for performance of a contract (Article 6(1)(b) of the GDPR);

b) processing is necessary for compliance with a legal obligation to which we are subject (Article 6(1)(c) of the GDPR);

c) processing is necessary in order to protect the vital interests of the data subject or of another natural person (Article 6(1)(d) of the GDPR).

Right not to be subject to automated individual decision-making, including profiling (Article 22 of the GDPR)

The data subject has the right not to be subject to decisions solely based on automated processing, including profiling, if such decisions would produce legal effects concerning him or her or similarly significantly affect him or her.

However, automated processing of data, including profiling, is permissible if:

a) it is necessary for entering into or performance of a contract;

b) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests;

c) is based on explicit (not implied) consent.

Right to lodge a complaint with a supervisory authority (Article 77 of the GDPR)

If the data subject considers that our activities connected with processing of personal data infringe upon his or her rights, he or she may lodge a complaint with a supervisory authority, i.e. independent public authority responsible for monitoring compliance with the GDPR. In the territory of Poland, that function is performed by the President of the Office for Personal Data Protection. The supervisory authority may be contacted:

a) by post: ul. Stawki 2, 00-193 Warsaw;

b) by electronic means using the inbox available here;

c) by phone at: 606 950 000.

The above-listed rights may be restricted in certain cases, e.g. where we can demonstrate that we are legally obliged to process data. In order to exercise any of the available rights, User should send a relevant request using our contact data indicated in the Policy.

8.Sources of personal datar

As a matter of principle, the majority of data processed by us is information User provided us with personally. However, in certain cases we may process personal data that we can infer from other information obtained from User and that we obtained in the course of our relations. Such data will not be processed for a period longer than necessary for the purpose for which they were collected or will be erased immediately. If we did not obtain personal data directly, please be informed that:

a) data could have been obtained from another person or entity;

b) data could have been obtained from other generally available sources of information.

9.Types of Cookies used

Cookies used by Administrator are safe for User’s Device. In particular, it is impossible for viruses or any other undesired software or malware to access Users’ Devices that way. Such files enable identification of software used by User and to adjust the Website individually for each User. Cookies usually contain the name of their domain of origin, storing time on a Device and associated value.
. Administrator uses two types of Cookies:

a) Session Cookies: are stored in User’s Device and remain there until the end of the browser session. Any information saved is then permanently deleted from the Device memory. The session Cookie mechanism prevents the downloading of any personal data of any confidential information from User’s Device.

b) ) Persistent Cookies: are stored in User’s Device and remain there until deleted. The end of a browser session or switching the Device off does not delete them from User’s Device. The mechanism of persistent Cookies prevents the downloading of any personal data of any confidential information from User’s Device.

User may restrict or disable the access of Cookies to User’s Device. In such a case, it will be possible to use the Website, save for any functionalities that, by their very nature, require Cookies.:

10.Purposes for which Cookies are used

Administrator uses First-Party Cookies for the following purposes:

a) Website configuration: adjustment of the content of various Website pages to suit User’s preferences and optimise Website performance;

b) analyses, studies and traffic audit: collecting general and anonymous statistical information, obtaining anonymous statistics using analytical tools that help understand how Website Users use various Website pages, which allows for the improvement of their structure and contents;

c) provision of advertising services: presenting advertising content targeted to meet User’s preferences;

Service Administrator uses Third-Party Cookies for the following purposes:

a) analyses, studies and traffic audit: collecting general and anonymous statistical information, obtaining anonymous statistics using Google Analitycs; Cookie administrator: Google Inc., established in USA;

b) provision of advertising services: presenting advertising content targeted to meet User’s preferences using Google Adwords; Cookie administrator: Google Inc., established in USA.

11.Definition of conditions of Cookie storage or access

User may, at their discretion and at any time, change Cookie settings to specify conditions of Cookie storage on and access to User’s Device. Changes to the settings referred to in the previous sentence can be made by User through web browser settings or service personalisation. Such settings can be in particular changed so as to disable Cookie support in the web browser settings or notify User of every instance of placing Cookies on User’s device. Detailed information on cookie management and support can be found in software (web browser) settings.
User may at any time delete Cookies using options available in their web browser. Detailed instructions relating to cookie settings depending on the web browser used are available below:

a) cookie settings in Chrome;

b) cookie settings in Firefox;

c) cookie settings in Opera;

d) cookie settings in Safari;

Browser settings also allow for removing cookies already saved on the Device. However, please note that removing or blocking cookies may limit functionality of the website. If any problems occur after removal of cookies, please contact the provider of the relevant web browser.

Any restriction of Cookies may affect certain functionalities available on various Website pages.

12.Newsletter

Users may give consent to receiving, to the provided e-mail address, the Service Provider’s information and marketing content, by providing an e-mail address and marking the relevant box with consent to receiving such content.
2. The Newsletter service is voluntary and free of charge.
3. The Newsletter service is provided for an indefinite term, and User may unsubscribe at any time, by marking the relevant box in the Customer Account tab or sending an e-mail to rodo@denicler.eu.

13. Facebook plugin

Our Website contains a Facebook social plugin (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA). The Facebook plugin on our Website is marked with the Facebook logo. The plugin will connect you directly with your profile on Facebook server. In such case, Facebook may obtain information about the fact that you visited our Website from your IP address. If you visit our Website while logged in to your profile Facebook, Facebook will record information about the visit. Even if you are not logged in, Facebook is able to obtain information about IP address.
We would like to emphasise that Facebook does not provide us with information about collected data and use of such data. The purpose and scope of data collected by Facebook is not known to us. In order to obtain additional information relating to privacy on Facebook, we propose that you contact Facebook directly or read its privacy policy available at: https://www.facebook.com/about/privacy/.
If you do not wish Facebook to be able to obtain information about your visits on our websites, we advise you to first log out from your Facebook account.

9.Web Push Notifications

Web Push Notifications are sent to User’s web browser only after User gives their consent to receive such notifications. In order to give their consent to receive Web Push notifications, User should select “show notifications” or a similar option in the message sent by the web browser (every browser may call this option differently).
The consent to receive Web Push Notifications may be revoked at any time by way of changing web browser settings.
Administrator does not process any personal data of Users who receive Web Push notifications. Users are identified exclusively on the basis of information stored by their web browsers that cannot be accessed by Administrator.

14. Amendments to the Policy

We reserve the right to update the Policy. Amendments may result from the following reasons:

a) due to the necessity to adjust the provisions of the Policy to applicable provisions of law or decisions of relevant public authorities;

b) as a result of changes to interpretation of provisions of the generally applicable law (affecting the contents of the Policy);

c) as a result of court rulings, decisions, recommendations or guidelines of offices or authorities relevant for the matter;

d) the necessity to remove any errors or misspellings from the Policy;

e) change of data, including but not limited to telephone number and address data, names, contact data or updates of links inserted in the Policy.

Any amendments to the Policy will be published on the Website and take effect immediately upon publication.

-->

Mini Cart

REGULATIONS

Privacy policy
DENI CLER MILANO

I WOULD LIKE TO RECEIVE NEWSLETTER

Mini Cart

REGULATIONS

Privacy policyDENI CLER MILANO

Install the Deni Cler app

Install the Deni Cler app

Privacy policy
DENI CLER MILANO