Privacy Policy
Effective from: 01.05.2025
§1 GENERAL INFORMATION
- This Privacy Policy outlines the rules for processing personal data of users using the online store available at: www.draflat.com (hereinafter: the Store).
- The Data Controller is:
Ksawery Fryczyński FRYTASOFT,
ul. Piastowska 2A, 66-436 Słońsk, Poland.
NIP: 4290086146, REGON: 526551566, registered in CEIDG.
Email: info@draflat.com, Phone: 575110691. - The Controller processes personal data in accordance with:
- GDPR (Regulation (EU) 2016/679),
- Polish Data Protection Act of May 10, 2018,
- Act on Providing Services by Electronic Means of July 18, 2002.
§2 SCOPE AND PURPOSE OF DATA PROCESSING
Personal data is processed for the following purposes:
| Purpose | Legal Basis | Data Scope |
|---|---|---|
| Contract performance (subscription) | Art. 6(1)(b) GDPR | Full name, email, billing data, payment |
| Invoicing & storage | Art. 6(1)(c) GDPR | Name, address, NIP, email |
| Order/subscription contact | Art. 6(1)(b)/(f) GDPR | Name, email |
| Newsletter marketing | Art. 6(1)(a) GDPR | Email, name (if provided) |
| Claims, withdrawals | Art. 6(1)(b) GDPR | Identification, contact data |
| Claims, archiving | Art. 6(1)(f) GDPR | Transaction history |
Providing data is voluntary but necessary for subscription or certain store functions.
§3 DATA RECIPIENTS
- IT service providers
- Payment operators
- Accounting offices
- Public authorities if required by law
All processors have signed a data processing agreement as per Art. 28 GDPR.
§4 DATA RETENTION PERIOD
- Contractual data: during the contract and limitation period
- Accounting data: as required by tax law
- Consent-based data (e.g. newsletter): until withdrawal of consent
- Claims-related data: up to 6 years after contract end
§5 DATA SUBJECT RIGHTS
- Access your data (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure – “right to be forgotten” (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
- Withdraw consent at any time
- File a complaint with UODO
To exercise these rights, contact: info@draflat.com
§6 DATA SECURITY
- Appropriate technical and organizational measures are in place (e.g., SSL, backups, access control).
- Only authorized, trained personnel have access to data.
§7 COOKIES
- Cookies are used to:
- Ensure site functionality
- Generate statistics
- Support login and shopping
- Marketing functions (e.g., remarketing, newsletter)
- Users can change cookie settings in their browser.
- More info in the Cookie Policy.
§8 AUTOMATED PROCESSING AND PROFILING
- Profiling may occur for marketing, but not solely automated decisions with legal effect.
- Profiling includes analyzing shopping history or behavior to tailor marketing content.
§9 CHANGES TO THE PRIVACY POLICY
- The Controller may change the policy due to legal, technological, or service changes.
- Users will be informed via the Store or email.