Privacy Policy

Privacy Policy of the website


    1. The Controller of personal data collected via website is Daniel Sobczyk performing a business activity under the business name LAFER PRO Daniel Sobczyk entered into the Central Registration and Information on Business of the Republic of Poland kept by the Minister competent for economy, place of business performance: 57-300 Kłodzko, ul. Zajęcza 4, delivery address: as above, NIP [Tax ID no.]: 8871584652, REGON [National Business Registry No.]: 891544862, e-mail address:, hereinafter referred to as the “Controller”.
    2. Personal data collected by the Controller via the website are processed pursuant to the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/96/EC (General Data Protection Regulation), hereinafter referred to as the GDPR and Personal Data Protection Act of 10 May 2018.

    1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller precesses personal data via website in case if:
      1. the user uses the contact form; personal data are processed pursuant to Art. 6 sect. 1 letter f) of the GDPR as a legitimate interest of the Controller;
      2. the user subscribes the Newsletter to receive commercial information via e-mail; personal data are processed after a separate consent is expressed, pursuant to Art. 6 sect. 1 letter a) of the GDPR.
    2. TYPE OF PROCESSED PERSONAL DATA. The Controller processes the following categories of the user’s personal data:
      1. first name and surname;
      2. e-mail address;
      3. phone number.
    3. PERIOD OF PERSONAL DATA ARCHIVING. Users’ personal data are stored by the Controller:
      1. if the basis of data processing is the contract performance, for no longer than it is necessary for the contract performance, and afterwards for the period corresponding to claims limitation. Unless a specific provision provides otherwise, the limitation period is six years, and in case of claims for periodic benefits or claims connected with conducting of a business activity – three years.
      2. if data processing is based on a consent, until the consent is revoked, and after its revocation, for the period corresponding to the limitation of claims which may be raised by the Controller and which may be raised against him. Unless a specific provision provides otherwise, the limitation period is six years, and in case of claims for periodic benefits or claims connected with conducting of a business activity – three years.
    4. While using the Website, additional information may be collected, in particular: IP address assigned to the user’s computer or an external IP address of the Internet supplier, domain name, type of browser, access time, type of operating system.
    5. Also, navigation data may be collected from the users, including the information on links and references they decide to click, or other activities done on the website. The legal basis of this type of activities is the legitimate interest of the Controller (Art. 6 sect. 1 letter f of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionalities of these services.
    6. Giving personal data by the user is voluntary.
    7. Personal data will be also processed by automatic means in the form of profiling if the user gives his consent thereto on the basis of Art. 6 sect. 1 letter a) of the GDPR. The profiling will result in assigning a profile to a given person to take decisions concerning this person, or analyse or predict this person’s preferences, behaviours and attitudes.
    8. The Controller shall exercise special care to protect the interests of the data subjects, in particular ensures that the data collected by him are:
      1. processed legally;
      2. collected for specified legal purposes and not subjected to further processing which is inconsistent with these purposes;
      3. substantively correct and adequate to the purposes for which they are processed and stored in the form enabling the identification of data subjects no longer than it is necessary for the purposes for which they are processed.

    1. Personal data of users are provided to the providers of services employed by the Controller while maintaining the website. Services providers to whom personal data are communicated, depending on contractual agreements and circumstances, shall either follow the Controller’s instructions as to the purposes and manners of these data processing (processors) or independently define the purposes and manners of these data processing (controllers).
    2. Personal data of users are stored within the area of the European Economic Area (EEA) only.

    1. The data subject shall have the right of access to his personal data and the right to rectify, delete them, restrict the processing, right to data portability, right to object, right to the consent withdrawal at any time without affecting the lawfulness of processing based on a consent before its withdrawal.
    2. Legal bases of user’s requests:
      1. Right of access by the data subject – Art. 15 of the GDPR
      2. Right to rectification – Art. 16 of the GDPR
      3. Right to erasure (‘right to be forgotten’) – Art. 17 of the GDPR
      4. Right to restriction of processing – Art. 18 of the GDPR
      5. Right to data portability – Art. 20 of the GDPR
      6. Right to object – Art. 21 of the GDPR
      7. Consent withdrawal – Art. 7 sect. 3 of the GDPR
    3. To exercise the rights referred to in sect. 2, one may send an appropriate message via e-mail to:
    4. If the user decides to exercise his right resulting from the above, the Controller shall meet the request or refuse to meet it immediately but no later than within a month of its receiving. If, however, due to a complicated nature of the request or the number of requests, the Controller will not be able to meet the request within a month, he shall meet the same within two consecutive months of its receiving having informed the user within a month of the request receiving of intended extension of the deadline and its reasons.
    5. If it is found that the personal data processing breaches the provisions of the GDPR, the data subject shall have the right to lodge a complaint to the President of the Office for Personal Data Protection.

    1. The Controller’s Website uses cookies.
    2. The installation of cookies files is necessary for the proper provision of services on the Website. The cookies contain information necessary for the proper operation of the Website and they also give the possibility to prepare general statistics on the Website visits.
    3. The Website uses two types of cookies: session cookies and persistent cookies.
      1. Session cookies are temporary files stored on the user’s end device until logout (leaving the Website).
      2. Persistent cookies stored on the user’s end device for the period defined in the cookies files parameters or until their removal by the user.
    4. The Controller uses own cookies to know better the manner of the user’s interaction concerning the Website content. The files collect information on the manner of using the Website by the user, type of website from which the user was redirected and the number of visits and time of visit of the user on the Website. The information does not register specific personal data of the user but is used for preparing statistics on the Website use.
    5. The user shall have the right to decide on the cookies files access to his computer by accepting them earlier in his browser window. Detailed information on the possibility and manners of using cookies files is available in the software settings (of the browser).

    1. The Controller applies technical and organisational means that ensure the protection of processed personal data, adequate to the threats and categories of protected data, in particular secures the data against access to them by unauthorised persons, taking them by an unauthorised person, processing with the violation of applicable provisions and any change, loss, damage or destruction.
    2. The Controller shall make available proper technical means that prevent the acquisition and modification of personal data sent electronically by unauthorised persons.
    3. In all matters not settled herein, the provisions of the GDPR and other relevant provisions of the Polish law shall apply.
Powered by Quick.Cms | Design