en
Consorfrut
en

Privacy Policy

Privacy Policy

The purpose of this Policy is to inform the users of consorfrut.pl (“Website”) (“Users”) of the purposes of and legal bases for the processing of personal data on the Website, as well as of the manner in which such data are used and the rights that Users have in connection therewith. The Controller of personal data (“Controller”) protects the privacy of the Users and ensures the security of the data provided by them. The Controller complies with the rules of personal data processing and applies technical and organisational measures to ensure that personal data are secure and are processed in a lawful manner. The Users' personal data are processed each time on the basis of the applicable legal regulations, including in particular the Telecommunications Law Act and the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (GDPR). Personal data may be processed in the Users' Cookies according to the rules set out in the Cookies Policy.

Who is the Controller of personal data?

The Controller of personal data is: Consorfrut Polska Spółka z ograniczoną odpowiedzialnością, ul. Christo Botewa 4, 30-798 Krakow, entered in the register of entrepreneurs maintained by the District Court for Krakow–Śródmieście in Krakow, 11th Commercial Division of the National Court Register, under KRS No.: 0000205046, REGON (Statistical Identification Number): 356817366, NIP (Tax Identification Number): 6792797252, a share capital of PLN 400000 (paid-in capital of PLN 400000), contact address: biuro@consorfrut.pl.

The Users whose personal data are processed may also contact the Controller in writing.

Purposes of and legal bases for the processing of personal data:

  • communication through the Website's contact form:
    personal data are processed for the purposes of the legitimate interests of the Controller (Article 6(1)(f) of GDPR). What constitutes the Controller's legitimate interest is communication with the person requesting a response from the Controller, and in particular providing service to the User, answering the User's questions. There may be a number of reasons for the communication that are difficult to categorise. The provision of personal data is voluntary, but may prove to be necessary to receive a response from the Controller.
  • communication through the contact details provided on the Website:
    personal data are processed for the purposes of the legitimate interests of the Controller (Art. 6(1)(f) of GDPR). What constitutes the Controller's legitimate interest is communication with the person requesting a response from the Controller, and in particular providing service to the User, answering the User's questions. There may be a number of reasons for the communication that are difficult to categorise. The provision of personal data is voluntary, but may prove to be necessary to receive a response from the Controller.
  • pursuing and defending claims, preventing fraud, keeping statistics and conducting analyses, ensuring the security of the ICT environment, using internal control systems:
    personal data are processed for the purposes of the legitimate interests of the Controller (Article 6(1)(f) of GDPR). What is the legitimate interest of the Controller is the ability to take the aforementioned actions.
  • installation and use of Cookies on the User's device:
    the purposes of and legal bases for the processing of personal data in Cookies are set out in detail in the Cookies Policy.

Recipients of personal data:

The Users' data will not be made available to other third parties unless it proves to be necessary and the User gives his/her consent for that, or unless the obligation or right to make the data available results from mandatory provisions of law, a final and binding court decision, or a final decision of a competent authority. The Website may contain links to other websites. The Controller will not be held liable for the processing of personal data in connection with the use of such websites by the User. The User, after navigating to other websites, should first familiarise himself/herself with their privacy policies and personal data protection procedures. The Controller does not transfer personal data to third countries outside the EEA or to international organisations.

What is profiling and are the data on the Website profiled?

Profiling means any form of automated processing of personal data which makes it possible to evaluate the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the data subject's performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning the data subject or similarly significantly affects him/her. Data on the Website are not profiled. If, due to the development of the Website, personal data were to be subject to profiling, the Controller will inform the Users of that fact and profiling will take place in accordance with the relevant laws and regulations in that respect. In the event of profiling, the Controller will implement appropriate measures to protect the rights, freedoms and legitimate interests of the Users, i.e., among other things, the Controller will ensure the possibility of human intervention on the part of the Controller, as well as the Users’ right to express their point of view and challenge the decision.

What rights do the Users have?

Under the terms set out in the GDPR, the Users have the right of access to the content of their personal data and the right to the rectification and erasure of data, restriction of processing, as well as the right to data portability. The User also has the right to object to the processing of personal data, in particular with regard to profiling. For that purpose, the User may contact the Controller by electronic mail at: odo@consorfrut.pl; by telephone at: +48 12 342 01 00; or in writing at the address of the Controller's registered office. The User has the right to lodge a complaint with the President of the Personal Data Protection Office if he/she considers that the processing of personal data concerning him/her violates mandatory provisions of law.

How does the Controller protect personal data?

The Controller protects the Users' data against unauthorised access, disclosure, alteration and destruction. In particular, the Controller uses data encryption, physical security measures and verification in the IT systems. The Controller also uses anti-virus software and firewalls. Only authorised persons, obliged to maintain confidentiality, and the subcontractors who have concluded personal data processing agreements with the Controller may have access to the Users' data.

For what period are personal data processed?

The Users' data are processed for the duration of their use of the Website. In the case of the processing of personal data in connection with:

  • communication through the contact form of the Website –  personal data will be processed for the period necessary to respond to the User, complete the provision of service to the User, or until the User raises an effective objection;
  • communication through the contact details provided on the Website –  personal data will be processed for the period necessary to respond to the User, complete the provision of service to the User, or until the User raises an effective objection;
  • pursuing and defending claims, preventing fraud, keeping statistics and conducting analyses, ensuring the security of the ICT environment, using internal control systems – personal data will be processed for the period justified by the nature of the aforementioned activities or by legal regulations, or until the User raises an effective objection;
  • installation and use of Cookies on the User's device – personal data will be processed for the period specified in the Cookies Policy.


Where the period for processing personal data on one legal basis has expired, this does not mean that personal data cannot be processed on another legal basis. Once the processing period has expired and all bases for processing have ceased to exist, the personal data are either permanently deleted or anonymised.

Detailed rules for the processing of personal data for the trading partners who are natural persons, persons representing the trading partners, attorneys of the trading partners as well as the employees and collaborators of the trading partners designated as contact persons and responsible for the performance of the contract can be found here: LINK

We maintain pages on the following social networks:

Facebook, Instagram, Linkedin.

Detailed rules for the processing of personal data with respect to social media can be found here: LINK

The Controller is not responsible for the privacy policies of the third-party entities whose services it uses or the websites to which it links. You should familiarise yourself with the data protection policies of these entities.

Entry into force and amendments to the Privacy Policy:

The Privacy Policy and any amendments to it shall take effect as soon as they are published on the Website.

In order to ensure that the Privacy Policy complies with the current requirements imposed by law, the Controller reserves the right to amend the Privacy Policy.  The User shall be informed of the changes on the Website.