Privacy policy | Galeria Sztuki Współczesnej V.A. Gallery

I. PRIVACY POLICY
§1. General Information

This privacy policy is for informational purposes only.

This document defines the rules of privacy on the website https://www.metalmex.com.pl/.

Personal data collected by the Controller is processed based on the General Data Protection Regulation (GDPR) (EU) 2016/679, the Polish Personal Data Protection Act of 10 May 2018, and the Act on Providing Services by Electronic Means of 18 July 2002.

According to Art. 4 point 7 of the GDPR, the Data Controller is P.P.H.U. METALMEX B.Stań, V.Kowalczyk, E.Stań-Kuźniarek General Partnership, ul. Wierzbowa 162, 62-081 Wysogotowo.

The Controller makes every effort to protect the privacy and data of users of the website.

The Controller selects and applies appropriate technical and organizational measures to ensure the protection of processed data.

Personal data is processed according to Article 5 of the GDPR based on the following principles:

lawfulness, fairness, and transparency;

purpose limitation;

data minimization;

accuracy;

storage limitation;

integrity and confidentiality.

The Controller only processes data of adults. If legal guardians become aware that a minor has submitted data via the website, they are asked to contact the Controller for data removal.

Data may be transferred to third countries (e.g. USA) via tools like Google services used by the Controller.

§2. Purposes and Legal Bases for Processing

Providing personal data is voluntary. It is collected through contact forms for identification, price offers, negotiation, or contract conclusion.

The legal bases for data processing are:

Consent (Art. 6(1)(a) GDPR),

Performance of a contract or steps taken before its conclusion (Art. 6(1)(b) GDPR),

Legal obligation (Art. 6(1)(c) GDPR),

Legitimate interests (Art. 6(1)(f) GDPR), such as claims, correspondence, or internal recordkeeping.

Data may also be processed for marketing purposes with separate consent, in accordance with relevant Polish laws.

§3. Data Retention Period

Data will be stored for as long as necessary to respond, negotiate, fulfill contracts, meet legal obligations, and pursue claims.

If processed based on consent for other purposes, until that consent is withdrawn.

§4. Data Recipients

Recipients include entities necessary to perform services, such as:

employees, partners, accounting firms, IT providers, banks, payment processors, legal offices, state authorities, marketing providers, telecom providers.

§5. Your Rights Under Data Protection

You have the right to:

access your data (Art. 15 GDPR),

rectify your data (Art. 16 GDPR),

erase your data (Art. 17 GDPR),

restrict processing (Art. 18 GDPR),

data portability (Art. 20 GDPR),

object to processing (Art. 21 GDPR).

You may lodge a complaint with the Polish Data Protection Authority (https://uodo.gov.pl).

You may withdraw your consent at any time, without affecting processing based on consent prior to withdrawal.

§6. Data Breach Notification

In the event of a data breach, the Controller will notify the Data Protection Authority within 72 hours, unless unlikely to pose a risk.

If the breach poses a high risk to individuals' rights or freedoms, those affected will also be informed without undue delay.

II. COOKIES POLICY
§1. What Are Cookies and Why We Use Them

Cookies are used on this website (Art. 6(1)(f) GDPR).

Cookies are small text files stored on your device to facilitate website usage and gather statistics.

They allow the Controller to adapt the site and its content to user preferences.

Cookies used are safe and do not transfer malware.

They help tailor ads and remember previously entered information.

Some cookies may qualify as personal data; in such cases, privacy rules apply.

You can object to or withdraw cookie consent at any time.

§2. Types of Cookies

The Controller uses:

Session cookies – deleted after browser session ends,

Persistent cookies – remain until manually deleted,

Analytical cookies – used to improve usability, gather visit statistics.

§3. Additional Information

Cookies may be used by Google and Facebook to serve personalized ads.

Users can manage their Google Ads preferences here: https://www.google.com/ads/preferences/.

Services used:

Google Analytics,

Facebook Pixel.

Users can opt-out of personalized ads and analytics via browser settings or tools like:

https://tools.google.com/dlpage/gaoptout/?hl=pl

Cookie settings can be changed in your browser at any time.

Request for Deletion of Personal Data

Name and surname: ...............................................................
Residential address: ...............................................................
Correspondence address: ...............................................................
Postal code: ............ City: ..............................................
Phone number: ...............................................................
Email address: ...............................................................

“I hereby consent to the processing of the above personal data provided in this form by ............................................... with its registered office in ..................., at ............................................... under Article 6(1)(a) of Regulation (EU) 2016/679 (GDPR). Providing consent is voluntary but necessary to receive confirmation of data deletion from our system. The data will be processed solely for the purpose of deleting them and sending confirmation to the email address provided above.”