PRIVACY POLICY

applying to the Website www.aniro.pl

Article 1.
[Personal Data Controller]

  1. The Personal Data Controller of your data as a user of the website available at www.aniro.pl (hereinafter: “Site”, “Website”, or “WWW”) is ANIRO Limited liability company, with its registered office in Toruń (87-100), Bolesława Chrobrego 64, registered in the register of entrepreneurs of the National Court Register (KRS) maintained by the District Court in Toruń, 7th Commercial Division of the National Court Register with the KRS No.: 0000240757, using the Tax Identification Number (NIP): 5252336245 and the Regon number 140144905 (hereinafter: “ANIRO”, “Company”, or “Data Controller”).
  2. In all issues related to processing of your personal data by ANIRO, you can contact us using one of the following methods:
    1. by email – by sending a message to: rodo@aniro.pl,
    2. using the available contact form, or
    3. by post – by sending a message to the address of our registered office provided above.
  3. The Company will make all efforts possible to protect privacy of the Website users by carefully selecting and applying appropriate technical measures, including those of IT and organisational character, ensuring protection of processed data, in particular, protecting data against making it available to unauthorised persons, disclosure, loss and damage, unauthorised modification, or processing in a way being in breach of current legislation.
  4. We process personal data in accordance with provisions of the current legislation, including provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), in particular, we process your data for and in accordance with clearly specified purposes.

Article 2.
[Applicability]

Provisions of this Policy apply to all users (hereinafter: “Users”) of the WWW. The Site content is not intended for the Users under 16 years of age, and any personal data of such Users is not collected by us intentionally.

Article 3.
[Processing scope, purpose and duration]

The table below presents the scope, purpose, and duration of processing of Users’ personal data, and a legal basis for individual processes of processing of that data.

Activity type or a category of processed dataPurpose of processingData typeLegal backgroundProcessing duration
Ensuring operability of the WebsiteWe collect this data to ensure correct functioning of the Website.This data will include, in particular, a session identifier and other data associated with selections and functional preferences.Article 6.1 (f) of GDPRUntil cookies are deleted.
AnalyticsWe collect this data to analyse the way in which the Website is used by its users, and to improve its functionality and usability.Data concerning the user’s behaviour on the website (e.g. clicking, mouse movements, scrolling, navigation pathways), session information (visit duration, landing and exit pages), technical data (browser type and version, operating system, screen resolution), approximated location (country/region), and data recorded in cookies. The content entered into forms is automatically detected and masked, and its actual content is not transferred to Microsoft Clarity. The User’s IP address is anonymised before further processing.Article 6.1 (a) of GDPRSession recording data – 30 days. Aggregated data and heat maps – up to 13 months. On expiration of those dates the data is permanently removed.
Device and network data associated with Website browsingWe collect this data to ensure safety and correct functioning of the Website.Information about your device (such as an IP address, location, device name, its software) and network details, including the type of connection, functioning details, and cookies.Article 6.1 (f) of GDPR (legitimate interest of the Data Controller concerning ensuring correct functioning of the Site)While you are using the Site, but no longer than 13 months.
Registration of the Account – Account setting up and maintainingAccount setting up and maintaining.For the “Product Catalogue” Account: name and surname, VAT number, e-mail address, and telephone number.
For the “Automation Engineer Guide” Account: name and surname and e-mail address.		Article 6.1 (b) of GDPRFor the period of maintaining the Account and for 6 years of the date on which it was deleted.
Order performanceOrder performance by ANIRO.Identifying (name and surname, company name), contact (address of residence, address of delivery, telephone number, email address), and registration (VAT, KRS, and REGON numbers, and for foreign customers – EU VAT and other identifying details) details, and a bank account number.Article 6.1 (b) of GDPR; Article 6.1 (c) of GDPR in relation to specific provisions of the Accountancy Act and tax actsFor a period of 6 years of a date of performing an order and issuing an invoice.
Notifying a device for a maintenance service / Notifying a device defect to be repairedNotifying a device for a maintenance service or defect to be repaired.Company name, VAT number, address (street and place), name and surname, telephone number, and email address of a contact person.Article 6.1 (b) of GDPRFor 6 years of a date of lodging a complaint.
Online consultationsProviding online consultations by the Company team.Name and surname, email address, address for correspondence, telephone number.Article 6.1 (b) of GDPR; Article 6.1 (a) of GDPRUntil the consent is withdrawn.
TrainingCollecting people interested in training sessions organised by the Company, including contact with participants of previous trainings to present an offer with new training sessions.Name and surname, email address, and telephone number.Article 6.1 (b) of GDPR; Article 6.1 (a) of GDPRFor a period of 6 years of a date of completing the training, and if a consent concerning a contact related to future training sessions is granted – until the consent is withdrawn.
ComplaintsReceiving and analysing notified complaints.Identifying (name and surname, company name), contact (address of residence, telephone number, email address), and registration (VAT, KRS, and REGON numbers, and for foreign customers – EU VAT and other identifying details) details.Article 6.1 (c) of GDPR; Article 6.1 (b) of GDPR; Article 6.1 (a) of GDPR (for details provided voluntarily)For a period of 6 years of a date of lodging a complaint, and for details provided voluntarily – until the consent is withdrawn; however, no longer than for 6 years.
Handling complaints concerning the Site functioningReacting to possible Website defects and malfunctions.Name and surname, email address and other details provided voluntarily in relation to the complaint.Article 6.1 (b) of GDPR; Article 6.1 (a) of GDPR (for details provided voluntarily)For a period of 6 years of a date of lodging a complaint, and for details provided voluntarily – until the consent is withdrawn; however, no longer than for 6 years.
Contact dataWe collect this data in response to your message sent using a contact form available at the Site.This will be, in particular, your email address, but if you contact us by post, this will be your address for correspondence or telephone number.Article 6.1 (f) of GDPRFor 30 days of responding to your message; however, at least for a period of maintaining email correspondence.
NewsletterWe collect this data to send a newsletter and commercial information.Identifying (name and surname) and contact (email address) details.Article 6.1 (a) of GDPRUntil the consent is withdrawn.
MarketingThis data is used for marketing purposes (contact with users interested in offers and displaying relevant advertisements).Data associated, in particular, with exploring and analysing the Platform users’ behaviours, including orders placed (value, date, quantity) or cart content.Article 6.1 (a) of GDPRData will be retained for 13 months; however, no longer than until the consent is withdrawn.

With time, additional functionalities can be added to the Site, or the existing ones can be expanded, e.g. in relation to commercial, marketing, or promotional activities conducted by the Company. In each such case, we will update this Privacy Policy or prepare additional information.

Article 4.
[Personal data disclosure]

  1. Your personal data will be disclosed to entities with which the Company cooperates, as a part of the Site functioning. In particular, this will concern:
    1. hosting services provided by home.pl Sp. z o.o. with its registered office in Szczecin,
    2. analytical services provided by Microsoft Ireland Operations Limited and Microsoft Corporation,
    3. analytical and marketing services provided by Meta Platforms Inc. with its registered office in the United States of America, and Meta Platforms Ireland Ltd in Ireland,
    4. services of video content embedding (YouTube), provided by Google Ireland Limited and Google LLC.
  2. Your personal data can also be disclosed to entities other than listed in paragraph 1 above, for purposes associated with business operations conducted by the Company.
  3. In cases specified in relevant legal regulations, your personal data can be disclosed to public or judicial authorities.
  4. The User understands that:
    1. Google and third parties may use cookies, navigation signals and similar technologies to collect or receive information from the website and other Internet sites, and use them to provide measuring, targeting, and advertising services,
    2. they may disable collecting and use of information, specified above, for advertisement targeting services in the settings of their browser, and to use the following sites enabling that selection: http://www.aboutads.info/choices and http://www.youronlinechoices.eu/.

Article 5.
[Personal data transfer outside the EEA and to international organisations]

  1. In relation to the use by the Company of services of entities with their registered office, plant, data centres, or subcontractors in countries outside the European Economic Area, your personal data can be transferred to third countries, as understood by GDPR. For example, such a data transfer occurs in the case of services provided by Google and Microsoft with their registered offices and servers in the United States of America.
  2. In each case, provided for in paragraph 1 above, such transfer is performed in accordance with GDPR and under principles specified in it, including under standard contractual clauses (SCC) or the European Commission decisions, including in particular the European Commission decision of 10 July 2023, acknowledging an adequate level of protection for personal data provided by the so-called EU – US Data Privacy Framework, which governs the personal data exchange between the EU and the United States of America.
  3. Your data will not be transferred to any international organisations.

Article 6.
[Data subjects’ rights]

  1. You have the following rights related to processing of your personal data by us:
    1. a right to demand removal of your personal data – in cases provided for in Article 17.1 of GDPR,
    2. a right to access your data – understood as a request to provide you with information which your personal data are processed by us, and methods of its processing,
    3. a right to request rectifying or supplementing of your data,
    4. a right to request restricting of processing of your personal data – in certain cases resulting from Article 18 of GDPR, you can request from us to restrict processing of your personal data,
    5. a right to request transfer of your personal data,
    6. a right to object to further processing of your personal data,
    7. withdraw your consent to further processing of your personal data processed under your consent. The withdrawal of your consent does not affect the lawfulness of processing based on that consent before its withdrawal.
  2. Furthermore, if you decide that we process your personal data in a way contrary to provisions of GDPR, you can lodge a complaint with the President of the Personal Data Protection Office.
  3. You can perform each of your rights specified above in one of the ways provided for in Article 1.2 of the Policy.

Article 7.
[Voluntary provision of personal data]

Using the Website, you provide your personal data in a completely voluntary way, excluding cases when processing this data is needed or necessary, e.g. to perform an agreement or issue an invoice. A failure to provide this data may make using of the Site impossible (e.g. if email address is not provided in a contact form, no cookie consent) or difficult.

Article 8.
[Cookie information]

  1. When you enter the Platform, you select which cookies can be used (essential, analytical, or marketing). Cookies usually contain the name of the internet site from which they come, the duration of their storing on the device, and the unique number. We use two types of cookies: persistent and session. The former are stored on your device for a specific time, regardless of leaving our Site (e.g. until they are deleted). The latter are associated with the current use of our Website, and they are deleted on leaving it.
  2. Internet browsers usually accept storage of information in cookies by default. However, this can be changed in your browser at any time. Comprehensive information is available in settings of a relevant browser.

Article 9.
[Profiling]

  1. We do not conduct profiling involving automated processing of your personal data for any purpose.
  2. However, profiling can be conducted by entities to which this data was disclosed either by us or directly by you.

Article 10.
[Data processing information]

In cases when the Company processes personal data of representatives, agents, employees, or partners of an entity having their Account on the Website in relation to the use of the Website, the said entity undertakes towards the Company that it will provide the said representatives, agents, employees, or partners with information included in this Policy on the Company’s behalf.

Article 11.
[Security and protection measures]

To the best of our knowledge, we have implemented all data security and protection measures required by legal regulations and technical standards, and your personal data is processed with due care and appropriately protected against an unauthorised access.

Article 12.
[Amendments to the Policy]

We reserve the right to amend this document at any time. Any amendments will be published on the Site, will remain in force in the future, and will require your acceptance.