Privacy policy

1. Introduction

The protection of personal data and information security has always been a priority for KAIZEN s.c.. As a responsible organisation that is aware of the fact that information has a certain value and is a resource that requires proper protection, we are very concerned about duly notifying you of matters related to the processing of personal data, especially in view of the content of the data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("RODO"). For this reason, in this document we provide essential information about the legal basis for the processing of personal data, how it is collected and used, as well as your rights in relation to it.

2. Controller

The controllers of the personal data are Maciej ŚLIWOSKI and Adrian KOWALCZUK, the partners of the Civil Partnership KAIZEN, Łubin Kościelny 70, 17-100 Bielsk Podlaski, TAX ID: 542169760, REGON: 200342941.

To contact the data controller, you can use the contact form on the websites, using the address biuro@kaizen.pl 

3. Implementation of Privacy Policy

This privacy policy applies to all cases in which the partners of KAIZEN Civil Partnership are the data controllers and process personal data. This applies both to cases in which we process personal data obtained directly from the data subject and to cases in which personal data is obtained from other sources. This in particular also applies to the processing of data on the websites kaizen.pl and elefanto.pl.

4. Scope, manners and purposes of data processing

We wish to be transparent about the ways and legal basis for processing personal data, as well as the purposes for which we process personal data. Being guided by this, in order to make our explanation of these issues as clear as possible, we provide the following summary of personal data processing operations.

At the same time, we would like to assure you that whenever we process personal data on the basis of a legitimate interest of the controller, we try to analyse and balance our interest and the potential impact on the data subject ( both positive and negative) and the rights of the data subject. We do not process personal data where we conclude that the impact on the data subject would outweigh our interests, unless we have another legitimate ground, e.g. we have the relevant consent or are required or permitted to do so by law.

1. Processing of personal data of visitors to websites maintained by the Controller or using services provided through electronic means

   1. General information

KAIZEN collects data regarding the visits and logins of users to the website www.elefanto.pl and visitors to the website www.kaizen.pl. Any log-in data on the website may be collected by the owner of the domains company home.pl in accordance with a data entrustment agreement.

2. Online applications and forms

Our websites have various ways you may contact us, including a contact form.

As part of the use of these forms, it is usually necessary for you to provide us with your personal data. This data is only processed within the framework and for the purpose for which it was provided and with your explicit consent.

2. The processing of personal data of persons who contact KAIZEN for the purpose of obtaining information on an offer or for the purpose of concluding a contract, as well as for other purposes.

We collect the following personal data from natural persons who contact us to request information about an offer or to conclude a contract: their first and last name, job position, e-mail address and telephone number, as well as other data necessary in order to execute the contract. In particular, these persons may send us an e-mail via the website. Such emails contain a pre-set username and his or her email address, as well as any additional information the user wishes to include in the email.

We kindly request you not to submit information containing special categories of personal data via the websites, such as information on race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and information concerning physical or mental health, genetic data, and biometric data, information about sex life or sexual orientation and criminal history. When such data is received, it will be deleted immediately and the data subject will be made aware of this.

3. Processing of personal data of customers and potential customers

KAIZEN processes personal data of its customers and those wishing to become its customers. The personal data processed for these purposes include, but are not limited to, first and last name, telephone number, email address or other contact details.

4. Processing of data of visitors to related websites.

KAIZEN may be a joint data controller with the companies mentioned below:

• Facebook

• Instagram

• YouTube

KAIZEN, as a joint data controller, may obtain anonymous statistical data about visitors to the websites mentioned below:

• https://www.facebook.com/kaizen.elefanto

• https://www.instagram.com/kaizen_materialybudowlane/

• https://www.youtube.com/channel/UCAe0HZHIBYWX9rdArHPG0Sw

This data is collected through cookies, each of which contains a unique user code. The user code, which can be linked to the connection data of registered users, is downloaded and processed when the web pages are opened. Although this data is anonymous, KAIZEN has the right to request its processing.

At the same time, the data of visitors to the aforementioned KAIZEN pages may be processed in non-anonymised form in the case of:

• communication with KAIZEN via the various communicators now available;

• making comments on posts, photos and videos shared on the Company’s pages.

The data of visitors to KAIZEN’s pages will not be used for any purpose other than that for which they were initially collected. Their processing will be carried out exclusively on the aforementioned portals and in accordance with the general terms of use of the portal.

5. Legal bases for data processing

1. 1 The processing of the data of visitors to the websites operated by KAIZEN, those who use the electronically provided services, those who express themselves on the jointly controlled websites and the Company’s blog is based on different legal bases for the processing, depending on the category of personal data we process and the purpose of the processing. We process the personal data of visitors to our websites on the basis of a legitimate interest of the controller or on the basis of consent where such consent has been requested from the data subject. We process the data of persons who fill in a contact form because it is necessary for the purpose of performing a contract or taking steps to conclude a contract, at the request of the person providing his or her data. The data of visitors to the jointly managed pages referred to in Section IV, Subsection 4, is processed in accordance with the terms of use of the respective portal, and based on the User’s consent.

2. The processing of personal data of persons who contact KAIZEN for the purpose of obtaining information about an offer or sharing comments about the services, as well as those contacting for the purpose of entering into a contract, is carried out on the basis of the consent given by the user directing the above request to the Company or for the purpose of performing the contract (fulfilment of the request) made by the person concerned. We may also process the data provided on the basis of the legitimate interest of the data controller.

3. The processing of personal data of natural persons who are our customers is based on:

• the legitimate interests of KAIZEN as a data controller (e.g. for the creation of a database, direct marketing of its own products, securing documentation for the defence against possible claims or for the enforcement of claims);

• consents (including, in particular, consent for e-mail marketing or telemarketing);

• performance of the contract entered into;

• obligations arising from the law (e.g. tax or accounting regulations).

4. The processing of personal data of natural persons who are potential customers is based on:

• legitimate and justified interest of KAIZEN as a data controller (especially for the creation of a database, direct marketing of its own products);

• consents (including, in particular, consent for e-mail marketing or telemarketing).

6. Duration of data processing (data retention)

The time for which we can process your personal data depends on the legal basis constituting the legal premise for the processing of personal data. Please be advised that in the case of data processing based on:

• consent, the processing period shall continue until such consent is withdrawn by the data subject or the purpose of the processing is no longer applicable;

• legitimate interest of the controller, the period of processing lasts until the aforementioned interest ceases to exist (e.g. the limitation period for civil law claims) or until the data subject objects to further such processing — in situations where such an objection is legitimate under the provisions of law;

• applicable regulations, the periods of data processing for this purpose shall be determined by those regulations.

In the absence of specific legal or contractual requirements, the general retention period for records and other documentary evidence produced in the performance of the contract is a maximum of 5 years.

7. Recipients of data

We transfer your personal data to other entities on the basis of legal requirements or in connection with the implementation of the purpose for which they were provided to us. At the same time, we declare that we use only the services of verified entities that meet the requirements of the GDPR. The agreements under which we entrust the processing of personal data contain provisions on the protection measures required by us, ensuring confidentiality, integrity and availability of the transferred data.

When you use our websites:

• www.kaizen.pl

• www.elefanto.pl

your personal data may be transferred to the hosting provider home.pl.

In addition, we would like to inform you that the recipients of your data may be:

• entities who process personal data under agreements entrusting the processing of personal data (so-called processors),

• entities providing hosting services,

• KAIZEN’s subcontractors who provide software delivery services, maintenance services for the software or hardware we use, and service providers including CLOUD services we use

• and other entities acting on the basis of the respective regulations.

Your data may be transferred outside the European Economic Area in connection with the provision of Cloud services for our company. The companies providing Cloud services to our company comply with the requirements of the GDPR, use appropriate security measures and are additionally Privacy Shield certified.

8. Rights with respect to the processing of personal data

We would also like to inform you of your existing rights:

• the right to withdraw your consent to the processing of your data if we have been processing these personal data on the basis of your consent;

• the right of access to your personal data;

• the right to request the rectification of your personal data;

• the right to request the erasure of your personal data;

• the right to request the restriction of the processing of your personal data;

• the right to object to the processing of your data on the grounds of your particular situation — in cases where we have been processing your data on the basis of our legitimate interest;

• the right to transfer your personal data, i.e. the right to receive your personal data from us, in a structured, commonly used, machine-readable computer format. You can send this data to another data controller or request that we send it to another data controller on your behalf. However, we will only do this if such a transfer is technically possible. The right to transfer personal data only applies to those data that we process under contract or on the basis of your consent;

• the right to lodge a complaint with the supervisory authority dealing with personal data protection, i.e. the President of the Data Protection Authority.

9. Other

In the case of processing personal data for purposes other than those specified in the above privacy policy, KAIZEN undertakes to provide detailed information clauses.

10. Amendments to this Privacy Policy.

We undertake to review this Privacy Policy on a regular basis and to revise and modify it when this becomes necessary or desirable due to: new legislative provisions, new guidelines from authorities responsible for overseeing personal data protection processes, best practices in the area of personal data protection as well as when KAIZEN introduces changes to the technology with which we process personal data and when the means, purposes or legal grounds for our processing of personal data change.