Privacy Policy

Data Controlle: Ewestal Sp. z o.o., ul. Kamienna 21, 31-403 Krakow, Poland, hereinafter referred to as the "Controller".

Contact: For matters related to the processing of personal data, please contact us at info@ewestal.pl.

 

  1. Scope of Data Processing

Through the contact form available on our website, we process the following personal data:

  • full name (required),
  • email address (required),
  • subject of the message,
  • message content.

Providing personal data is voluntary, but failure to do so will prevent you from sending an inquiry via the form.

 

  1. Purpose and Legal Basis for Data Processing

Personal data is processed solely for the purpose of:

  • responding to inquiries sent via the contact form,
  • maintaining ongoing correspondence.

 

The legal basis for data processing is:

  • Article 6(1)(f) GDPR – the legitimate interest of the Controller in maintaining communication with users of the website.

Users have the right to object to the processing of their data based on the legitimate interest.

 

  1. Data Recipients

Data may be transferred to entities processing data on behalf of the Controller (e.g., IT service providers) under data processing agreements and in compliance with applicable laws. Data is not transferred outside the European Economic Area.

 

  1. Data Retention Period

Data will be processed for the period necessary to achieve the purpose of contact, but no longer than 6 months from the last contact unless legal regulations require longer retention.

 

  1. Rights of Data Subjects

Data subjects have the following rights:

  • right of access to their data,
  • right to rectification,
  • right to erasure,
  • right to restriction of processing,
  • right to object to processing,
  • right to data portability,
  • right to lodge a complaint with the President of the Personal Data Protection Office.

 

To exercise these rights, please contact us at the email address provided above. The Controller will respond within one month of receiving the request.

The Controller implements appropriate technical and organizational measures to ensure the security of processed personal data, particularly against unauthorized access, loss, or destruction.

The Controller does not use profiling or make decisions based solely on automated processing.