CES SYSTEM

GDPR

Privacy Policy

PRIVACY POLICY FOR THE ces-system.pl WEBSITE

  1. For the owner of this website, the protection of Users’ personal data is of the utmost importance. The owner makes every effort to ensure that Users feel secure when providing their personal data whilst using the website.
  2. A User is a natural person, a legal person or an organisational unit without legal personality, to which the law grants legal capacity, using the electronic services available on the website.
  3. This privacy policy explains the principles and scope of the processing of the User’s personal data, the rights to which they are entitled, as well as the obligations of the data controller, and provides information on the use of cookies.
  4. The data controller employs state-of-the-art technical measures and organisational solutions to ensure a high level of protection for the personal data being processed and to safeguard against unauthorised access.
I. DATA CONTROLLER
The data controller is CES SYSTEM Sp. z o.o., with its registered office at 80-298 Leźno,Słoneczna 40, KRS 0001020098, NIP 5892079432, REGON 524642738 (hereinafter referred to as: “Controller” and “Owner”).
II. PURPOSE OF PERSONAL DATA PROCESSING
  1. The Controller processes the User’s personal data for the following purposes:
    • to prepare quotations in response to enquiries regarding services provided by CES-SYSTEM Sp. z o. o.
    • to receive applications as part of the recruitment process conducted by CES-SYSTEM Sp. z o. o.
  1. This means that this data is required in particular for
    • registering on the website;
    • concluding a contract;
    • processing payments;
    • delivering goods ordered by the User or providing services;
    • the User to exercise all consumer rights (e.g. withdrawal from the contract, warranty);
    • conducting the recruitment process;
  1. The User may also consent to receiving information about news and promotions, which will result in the controller also processing personal data for the purpose of sending the User commercial information concerning, amongst other things, new products or services, promotions or sales.
  2. Personal data is also processed in order to fulfil the legal obligations incumbent on the data controller and to carry out tasks in the public interest, including, amongst other things, tasks related to security and defence or the storage of tax records.
  3. Personal data may also be processed for the purposes of direct marketing of products, securing and pursuing claims or defending against claims made by the User or a third party, as well as for the marketing of third-party services and products or for the Company’s own marketing activities that do not constitute direct marketing.
III. TYPE OF DATA
    1. The Data Controller processes the following personal data, the provision of which is necessary for:
    2. registering on the website:

    – first name and surname;

    – email address;

    1. making purchases via the website:

    – first name and surname;

    – delivery address;

    – billing address;

    – telephone number;

    – email address;

    1. Data provided by the User on an optional basis:

    – tax identification number (NIP) (if an invoice is requested for a business).

    1. In the event of withdrawal from the contract or acceptance of a complaint, where the refund is made directly to the User’s bank account, we also process information regarding the bank account number for the purpose of processing the refund.
    2. Furthermore, the Controller also processes the following data:
    • billing address
    • bank account number
IV. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
  1. Personal data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ EU L 119, 4.5.2016, pp. 1–88, as well as the Act of 24 May 2018 on the protection of personal data (Journal of Laws of 2018, item 1000), as amended, hereinafter referred to as: ‘the GDPR’.
  2. The Controller processes personal data only after obtaining the User’s prior consent, given at the time of registration on the website or at the time of confirming a transaction made on the website.
  3. Consent to the processing of personal data is entirely voluntary; however, failure to provide such consent prevents registration on the website and the making of purchases via the website.
V. USER RIGHTS
  1. The user may at any time request information from the controller regarding the scope of the processing of their personal data.
  2. The user may at any time request the correction or rectification of their personal data. The user may also do this themselves by logging into their account.
  3. The User may withdraw their consent to the processing of their personal data at any time, without giving a reason. A request not to process data may relate to a specific processing purpose indicated by the User, e.g. withdrawal of consent to receive commercial information, or may relate to all data processing purposes. Withdrawal of consent for all processing purposes will result in the User’s account being deleted from the website, along with all personal data previously processed by the controller. Withdrawal of consent will not affect actions already taken.
  4. The User may at any time request, without giving a reason, that the controller delete their data. A request to delete data will not affect actions already taken. The deletion of data entails the simultaneous deletion of the User’s account, together with all personal data previously stored and processed by the controller.
  5. The User may object to the processing of personal data at any time, either in respect of all personal data processed by the controller or only to a limited extent, e.g. regarding the processing of data for a specifically indicated purpose. The objection will not affect actions already taken. Raising an objection will result in the deletion of the User’s account, together with all personal data stored and processed by the controller to date.
  6. The User may request a restriction on the processing of personal data, either for a specified period or without a time limit but within a specified scope, which the controller shall be obliged to comply with. This request shall not affect actions already taken.
  7. The User may request that the controller transfer the User’s processed personal data to another entity. To this end, the User should submit a request to the controller, specifying to which entity (name, address) the User’s personal data is to be transferred and which specific data the User wishes the controller to transfer. Once the User has confirmed their request, the controller will transfer the User’s personal data to the specified entity in electronic form. The User’s confirmation of the request is necessary to ensure the security of the User’s personal data and to verify that the request originates from an authorised person.
  8. The Administrator shall inform the User of the actions taken within one month of receiving any of the requests listed in the preceding points.
VI. RETENTION PERIOD FOR PERSONAL DATA
  1. In principle, personal data is retained only for as long as is necessary to fulfil the contractual or statutory obligations for which it was collected. This data will be deleted immediately once its retention is no longer necessary for evidential purposes, in accordance with civil law, or in connection with a statutory data retention obligation.
  2. Information relating to the contract is retained for evidential purposes for a period of three years, starting from the end of the year in which the commercial relationship with the User ended. The data will be deleted upon expiry of the statutory limitation period for pursuing contractual claims.
  3. Furthermore, the controller may retain archived information relating to completed transactions, as their storage is linked to claims to which the User is entitled, e.g. under the warranty.
  4. If no contract has been concluded between the User and the Owner, the User’s personal data is stored until the User’s account is deleted from the website. The account may be deleted following a request by the User, the withdrawal of consent to the processing of personal data, or the lodging of an objection to the processing of such data.
VII. ENTRUSTING DATA PROCESSING TO THIRD PARTIES
  1. The Controller may entrust the processing of personal data to entities cooperating with the Controller, to the extent necessary for the execution of transactions, e.g. for the purpose of preparing ordered goods and delivering parcels or providing commercial information originating from the Controller (the latter applies to Users who have consented to receiving commercial information).
  2. Apart from the purposes set out in this Privacy Policy, Users’ personal data will not be disclosed to third parties in any way, nor will it be transferred to other entities for the purpose of sending marketing materials from such third parties.
  3. The personal data of website Users is not transferred outside the European Union.
  4. This Privacy Policy complies with the provisions of Article 13(1) and (2) of the GDPR.
VIII. COOKIES
  1. The website uses cookies or similar technologies (hereinafter collectively referred to as ‘cookies’) to collect information about the User’s access to the website (e.g. via a computer or smartphone) and their preferences. They are used, amongst other things, for advertising and statistical purposes and to tailor the website to the User’s individual needs.
    1. Cookies are pieces of information containing a unique reference code that the website sends to the User’s device for the purpose of storing, and sometimes tracking, information relating to the device being used. They do not usually allow the User to be personally identified. Their main purpose is to better tailor the website to the User.
    2. Some of the cookies on the website are only available for the duration of a given web session and expire when the browser is closed. Other cookies are used to remember the User, who is recognised when they return to the website. These are then stored for a longer period.
    3. It is worth remembering that blocking or deleting cookies may prevent you from using the website to its full extent.
    1. Cookies will be used for essential session management, including:
      • Recording information from the User’s device, including: cookies, IP address and information about the browser used, in order to diagnose problems, administer and track the use of the website;
      • Customising elements of the website’s layout or content;
      • Collecting statistical information on how the User uses the website, in order to improve the site and determine which sections of the website are most popular with Users.
    2. All cookies used on the website are set by the administrator.
    3. All cookies used by this website comply with applicable European Union law.
    4. Most Users and some mobile browsers automatically accept cookies. Unless the User changes their settings, cookies will be stored on the device.
    5. You can change your preferences regarding the acceptance of cookies or change your browser so that you receive a notification each time the cookie function is set. To change your cookie acceptance settings, you must adjust your browser settings.
    6. The cookies used on this website are:
Cookie NameCookie CategoryDescriptionDuration
wordpress_2WordPress cookie for a logged in user.session
wordpress_logged_in_2WordPress cookie for a logged in usersession
wordpress_test_2WordPress cookie for a logged in usersession
wordpress_test_cookie2WordPress test cookiesession
wp-settings-1WordPress also sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. 1 year
wp-settings-time-2WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. 1 year
PHPSESSID1To identify your unique session on the websitesession
SESS1To ensure that you are recognised when you move from page to page within the site and that any information you have entered is remembered.session
IX. Access to personal data by third parties

As a general rule, the Controller is the sole recipient of the personal data provided by Users. Data collected in connection with the services provided is not transferred or sold to third parties.

Access to the data (most often on the basis of a Data Processing Agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary to operate the website, i.e.:

  • Hosting companies providing hosting or related services to the Controller

Entrusting the processing of personal data – Hosting, VPS or Dedicated Server services

In order to operate the website, the Controller uses the services of an external provider of hosting, VPS or Dedicated Servers – SEOHOST Sp. z o.o.

All data collected and processed on the website is stored and processed within the service provider’s infrastructure located in Poland. Access to the data may occur as a result of maintenance work carried out by the service provider’s staff. Access to this data is governed by an agreement between the Controller and the Service Provider.

Changes to the Privacy Policy
Last updated on 12 March 2025
If we decide to make changes to our Privacy Policy, we will post a notice on this page.
Please send any comments or questions to: biuro@ces-system.pl
Scroll to Top