Privacy Policy

General provisions

This Privacy and Cookies Policy describes the principles for processing personal data and the use of cookies within the website https://solaro.pl/
(hereinafter referred to as the “Website”).

The Administrator of the personal data collected via the Website is Dragon – Korgul Sp. J., with its registered office in Gdańsk (80-017), at ul. Trakt Św. Wojciecha 223/225.

The Administrator can be contacted by e-mail at: dragon@solaro.pl
or by phone at: +48 58 309 02 24, fax: +48 58 309 02 25 (Mon–Fri: 8:00 a.m. – 4:00 p.m.).

Any entity using the Website is considered its User.

The personal data of the Website User is processed by the Administrator in accordance with applicable laws, in particular in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”).

Processing of Personal Data

User account

When creating an account, the User must provide the data necessary to set it up, such as an e-mail address, first and last name, address details, and phone number. Providing this data is voluntary, but necessary to create an account. When editing account details, the User may provide additional information.

The data provided in connection with creating an account is processed for the purpose of setting up and maintaining the account, based on a contract for the provision of electronic services concluded through account registration (Article 6(1)(b) of the GDPR).

The data contained in the account will be processed by the Administrator for the duration of the account’s existence. If the User decides to delete the account, the Administrator will also delete the data contained therein. Please note that deleting the account does not result in the deletion of information regarding orders placed by the User using the account.

The User has the right to access the content of their personal data, request its rectification, and request restriction of its processing. At any time, the User may also delete their account. The User is also entitled to the right to data portability referred to in Article 20 of the GDPR, as well as the right to lodge a complaint with the President of the Personal Data Protection Office.

Orders

When placing an order, the User must provide the data necessary to complete the order, such as first and last name, billing address, e-mail address, and phone number. Providing this data is voluntary, but necessary to place an order.

The data provided to the Administrator in connection with an order is processed for the purpose of fulfilling the order (Article 6(1)(b) of the GDPR), issuing an invoice (Article 6(1)(c) of the GDPR), including the invoice in accounting documentation (Article 6(1)(c) of the GDPR), and for archival and statistical purposes (Article 6(1)(f) of the GDPR), which constitutes the Administrator’s legitimate interest.

Order data will be processed for the time necessary to complete the order, and thereafter until the expiry of the limitation period for claims arising from the concluded contract. After this period, the data may still be processed by the Administrator for statistical purposes. Please also note that the Administrator is obliged to retain invoices containing personal data for a period of 5 years from the end of the tax year in which the tax obligation arose.

With regard to order data, the User has the right to access the content of the data. However, it is not possible to rectify this data after the order has been completed. It is also not possible to object to the processing of the data or request its deletion until the expiry of the limitation period for claims arising from the concluded contract. Similarly, it is not possible to object to the processing of data or request the deletion of data contained in invoices.

After the expiry of the limitation period for claims arising from the concluded contract, the User may object to the processing of their personal data by the Administrator for statistical purposes and may request the deletion of such data from the database.

With regard to order data, the User is also entitled to the right to data portability referred to in Article 20 of the GDPR and the right to lodge a complaint with the President of the Personal Data Protection Office.

Users’ data is not subject to automated decision-making, including profiling.

Data Recipients

For the proper functioning of the Company, including the performance of concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as software providers, couriers, or payment service providers). The Administrator uses only the services of such processors that provide sufficient guarantees of implementing appropriate technical and organizational measures so that the processing complies with the GDPR and protects the rights of data subjects.

The Administrator does not transfer data in every case and not to all recipients or categories of recipients indicated in the Privacy Policy. Data is transferred only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve that purpose.

Users’ personal data may be transferred to the following recipients or categories of recipients:

Providers of legal, accounting, and advisory services supporting the Administrator with accounting, legal, or advisory services (e.g., a law firm or debt collection agency).
Couriers / freight forwarders / carriers – in the case of a Customer who chooses delivery of a Product by postal or courier shipment, the Administrator makes the Customer’s collected personal data available for the purpose of delivering the Product.
Entities handling electronic payments or payment card transactions.
Service providers supplying the Administrator with IT, technical, and organizational solutions enabling the Administrator to conduct its business operations, including the website and electronic services provided through it (in particular, providers of software for operating the Website and online store, e-mail and hosting providers, and providers of software for company management and technical support).

Cookies

Cookies are IT data, in particular text files, which are stored on the Website User’s end device and are intended for use with websites. Cookies usually contain the name of the website they come from, the time they are stored on the end device, and a unique number.

The Website does not automatically collect any information except for information contained in cookies.

The entity placing cookies on the Website User’s end device and gaining access to them is the Website Operator.

Cookies are used for the following purposes:

Adapting the content of the Website to the User’s preferences and optimizing the use of websites; in particular, these files allow the User’s device to be recognized and the website to be properly displayed, tailored to their individual needs.
Creating statistics that help understand how Users use websites, which enables improvements to their structure and content.
Maintaining the User’s session (after logging in), so that the User does not have to re-enter their login and password on each subpage of the Website.

Within the Website, two main types of cookies are used: “session cookies” – temporary files stored on the User’s end device until logging out, leaving the website, or closing the software (web browser); and “persistent cookies” – files stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.

The User may change their browser settings at any time to block the handling of cookies or to receive notifications each time cookies are placed on their device. Other available options can be found in the settings of the web browser used. Please note that most browsers are set by default to accept the storage of cookies on the end device..