PRIVACY POLICY

Last updated: 19.04.2025

1. Introduction

This Privacy Policy sets out the principles for collecting, processing, and using data of users of the website ("Website") provided by LABTRONIK ("Controller"). The protection of users' privacy is our priority, therefore we make every effort to ensure that data is processed in accordance with applicable regulations, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (GDPR).

2. Data Controller

The controller of personal data of Website users is:

LABTRONIK
ul.Przemysłowa 13/3u Kraków, Poland
VAT ID: 6792592567
E-mail: biuro@labtronik.com.pl
Phone: +48 12 2690737

3. Personal data we collect

In connection with the use of the Website, we may collect the following data:

3.1. Data provided voluntarily:

• First and last name
• Email address
• Username
• Company name (optional)
• Position (optional)
• Contact details (optional)

3.2. Data collected automatically:

• IP address (in anonymized form)
• Device information (type, model, operating system)
• Browser information (type, version)
• Date and time of using the Website
• Subpages visited within the Website
• User activity data on the Website
• Geographic data (country, region)
• Unique device identifiers

4. Purposes and legal basis for data processing

4.1. We process data for the following purposes:

• Providing services within the Website (legal basis: Article 6(1)(b) GDPR - performance of a contract)
• Managing user accounts (legal basis: Article 6(1)(b) GDPR - performance of a contract)
• Ensuring the security and integrity of the Website (legal basis: Article 6(1)(f) GDPR - legitimate interest)
• Analyzing the use of the Website and improving its functionality (legal basis: Article 6(1)(f) GDPR - legitimate interest)
• Solving technical problems (legal basis: Article 6(1)(f) GDPR - legitimate interest)
• Communication with users (legal basis: Article 6(1)(b) and (f) GDPR - performance of a contract and legitimate interest)
• Fulfilling legal obligations incumbent on the Controller (legal basis: Article 6(1)(c) GDPR - legal obligation)
• Marketing of own products and services (legal basis: Article 6(1)(f) GDPR - legitimate interest or Article 6(1)(a) GDPR - consent, in the case of electronic marketing)

4.2. Legitimate interests

The legitimate interests of the Controller include:

• Ensuring the smooth functioning of the Website
• Ensuring the security of services
• Analyzing and improving the services provided
• Marketing of own products and services
• Pursuing or defending against claims

5. Data retention period

Personal data will be stored for the following period:

• User account data - for the duration of using the Website and for a period of 3 years after its termination or until a request for data deletion
• Data related to settlements - for the period required by law (e.g., tax, accounting)
• Data processed on the basis of consent - until consent is withdrawn
• Data processed on the basis of legitimate interest - until effective objection is raised
• Log and analytics data - for a period of 26 months from their collection

6. Data recipients

Users' data may be shared with the following categories of recipients:

6.1. Entities processing data on our behalf:

• Hosting service providers
• IT and technical support providers
• Analytical tool providers (e.g., Google Analytics)
• Electronic payment service providers
• Marketing service providers

6.2. Other recipients:

• Public authorities - in cases specified by law
• Legal service providers - to the extent necessary to protect the rights and interests of the Controller

7. Google Analytics and other analytical tools

7.1. The Website uses the Google Analytics tool to collect and analyze data on website traffic. Google Analytics may collect the following information:

• IP address (in anonymized form)
• Device and browser information
• Activity data on the website (subpages visited, time spent on the website)
• Geographic data

7.2. Data collected by Google Analytics is processed for the purpose of:

• Analyzing the use of the Website and improving its functionality
• Optimizing the performance and usability of the interface
• Conducting statistics on traffic on the Website

7.3. Users can block Google Analytics by:

• Installing a browser add-on available at: https://tools.google.com/dlpage/gaoptout
• Appropriate settings in their browser

8. Cookies and similar technologies

8.1. The Website uses cookies and similar technologies that enable:

• Remembering user preferences
• Analyzing visitor statistics
• Content personalization
• Ensuring website security
• Proper functioning of the Website features

8.2. Types of cookies used:

• Necessary cookies - essential for the basic functions of the Website
• Functional cookies - remember preferences and selected settings
• Analytical cookies - enable collection of information on how the Website is used
• Marketing cookies - used to deliver personalized advertising content

8.3. Cookie management:

• Users can change browser settings to block or delete cookies
• Detailed information on managing cookies is available in the internet browser settings
• Blocking certain types of cookies may affect the functionality of the Website

9. User rights

Users have the following rights related to the processing of their personal data:

9.1. Right of access to data (Article 15 GDPR)

The right to obtain information whether the Controller processes personal data and to obtain a copy of such data.

9.2. Right to rectification (Article 16 GDPR)

The right to request rectification of inaccurate or completion of incomplete personal data.

9.3. Right to erasure ("right to be forgotten") (Article 17 GDPR)

The right to request the erasure of personal data when they are no longer necessary for the purposes for which they were collected, consent has been withdrawn, effective objection to processing has been raised, or the data is being processed unlawfully.

9.4. Right to restriction of processing (Article 18 GDPR)

The right to request restriction of processing of personal data in certain cases.

9.5. Right to data portability (Article 20 GDPR)

The right to receive personal data in a structured, commonly used format and to transmit it to another controller.

9.6. Right to object (Article 21 GDPR)

The right to object to the processing of personal data based on the legitimate interest of the Controller, in particular direct marketing.

9.7. Right to withdraw consent (Article 7 GDPR)

In the case of data processing based on consent, the right to withdraw it at any time, without affecting the lawfulness of processing carried out before its withdrawal.

9.8. Right not to be subject to automated decision-making (Article 22 GDPR)

The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects the user.

10. Exercise of rights

To exercise these rights, users can contact the Controller through:

• Email address: biuro@labtronik.com.pl
• Correspondence address: LABTRONIK ul.Przemysłowa 13/3u, 30-701 Kraków Poland

The Controller will respond to the request without undue delay, no later than within one month of receiving the request. If necessary, this period may be extended by a further two months due to the complex nature of the request or the number of requests.

11. Right to lodge a complaint

Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection, i.e., the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw, Poland).

12. Transfer of data outside the EEA

12.1. Users' personal data may be transferred to recipients located in countries outside the European Economic Area (EEA), in particular in connection with the use of Google Analytics services.

12.2. In the case of data transfer outside the EEA, the Controller ensures appropriate safeguards through:

• Transferring data to countries for which the European Commission has issued an adequacy decision
• Applying standard contractual clauses approved by the European Commission
• Applying binding corporate rules approved by the competent supervisory authority

13. Data security

The Controller applies appropriate technical and organizational measures to ensure the security of personal data, including:

• Data transmission encryption (SSL protocol)
• Regular security tests
• Data access control
• Staff training in data protection
• Regular backups
• Procedures in case of data security breach

14. Automated decision-making and profiling

14.1. On the Website, we may use profiling for the purpose of:

• Adapting content and features to user preferences
• Analyzing activity on the Website
• Providing personalized recommendations

14.2. Profiling will not produce legal effects for users or similarly significantly affect their situation, unless the user gives separate consent for this.

15. Changes to the Privacy Policy

15.1. The Controller reserves the right to change this Privacy Policy in the event of:

• Changes in legal regulations
• Changes in the functionality of the Website
• Changes in data processing technology
• Organizational or business changes

15.2. Users will be informed of any changes to the Privacy Policy through:

• Displaying an appropriate message on the Website
• Sending information to the email address (if provided)

15.3. Changes come into force on the date indicated in the information about the change, not earlier than 14 days from the moment of informing about the changes.

16. Contact

For matters related to personal data protection, you can contact us:

• By email: biuro@labtronik.com.pl
• By phone: +48 12 269 07 37
• By traditional mail: Labtronik ul.Przemysłowa 13/3u, 30-701 Kraków Poland

---

© 2025 LABTRONIK. All rights reserved.