M. "Świętokrzyska", Marszałkowska 126/134 street, 00-008 Warsaw
We deliver positive results!
Mon. to Fri. 09:00 - 19:00, Sat. 11:00 - 15:00
Privacy and personal data security policy

On the basis of the provisions of the Act of August 1, 1997 on the protection of personal data and the regulation of the Minister of Internal Affairs and Administration of April 29, 2004 on the documentation of personal data processing and technical and organizational conditions to be met by devices and IT systems used to process personal data, this Privacy Policy and Personal Data Security.

Personal Data Administrator (ADO)
The administrator of personal data collected through the Burman-Robinson.com website system within the meaning of the Act is the company:
Burman Robinson with its seat at Kaliny Jędrusik 6, 01-748 in Warsaw, NIP 5252764840 / REGON 3814174080 (hereinafter referred to as the Administrator)
You can contact the personal data administrator at ado@burman-robinson.com

The Personal Data Administrator is responsible for:
1. Keeping records of persons authorized to process personal data within strictly defined official duties.
2. Controlling the correctness of data processing.
3. Control of the flow of personal data provided on the basis of contracts for entrusting the processing of personal data (UPPDO).
4. Taking action in the event of suspected breach of the integrity or security of personal data files.

Procedure in the event of suspected breach of the security of the personal data set
In the event of any non-compliance or suspicion of data leakage, immediately notify the Personal Data Administrator, and then:
1. Determine the cause of the data security breach.
2. Immediately take all measures to stop and minimize data leakage.
3. Take all steps to reduce the negative effects of the incident.
4. Make changes necessary to stop similar incidents in the future.
5. Take steps to accurately document the case and its scope.
6. Notify the relevant data protection authorities (UODO).
7. Comply with the obligation to notify (within 72 hours from the discovery of the incident) owners whose data may have suffered in any way during the incident.

The structure of personal database files
The information system of the Burman-Robinson.com website processes personal data divided into two main sets.
1. Data voluntarily provided by customers for the purposes related to the performance of contracts.
1.1 Email address
2.1 Name
3.1 Surname
4.1 Telephone number
5.1 Company name
6.1 Tax Identification Number NIP
7.1 Correspondence and shipping addresses.
Including: zip code, city, floor number, street and building number.

2. Statistical data and automatically collected by the system.
1.2 Information about the user's cookies (session and permanent)
2.2 Information about the client's IP address.
Access to data collections is available to the Personal Data Administrator, employees authorized in writing by him, processing data for the purposes of order fulfillment, and external entities processing data on the basis of contracts for entrusting the processing of personal data.

Use of personal data by the Data Administrator
The purpose and scope of the data processed by the Data Administrator are each time based on the consent of the client or applicable law. Giving consent to the use of personal data is completely voluntary, while the lack of consent to the use of data marked as required will prevent the provision of related services.
Data from cookies and voluntarily provided personal data may be used to profile users in order to present and adjust the offer and behavioral advertising (tailored to the customer).
Consent to accept cookies is tantamount to consent to profiling and collecting statistical data if profiling does not have legal effects. The user may withdraw his consent at any time by deleting cookies from his system and appropriate configuration of the browser (in particular, deactivating the automatic acceptance of cookies).

Possible purposes of data processing:
1. Conclusion of the contract for the provision of the customer account maintenance service.
2. Conclusion and implementation of a contract for the sale or reservation of goods.
3. Acceptance and processing of complaints, returns and warranty of goods.
4. Conducting competitions.
5. Presenting advertisements, offers and promotions with appropriate approvals.
6. Fulfilling the seller's legal, tax and accounting obligations.
7. In the case of additional consent of an adult customer for profiling: presenting personalized advertisements, offers and promotions.
8. Solving arising claims.
9. Automatic data processing processes, including customer profiling
10. Marketing of the personal data administrator.

The basis for the use of personal data by the Data Administrator are:
1. Voluntarily expressed consents of customers (setting up an account, communication via the contact form) (Article 6 (1) (a) of the GDPR).
2. Applicable law - when data processing is necessary to fulfill the obligation resulting from tax, accounting and legal regulations (Article 6 (1) (c) of the GDPR).
3. Statistics and customer profiling - art. 6 GDPR - legitimate interest of the administrator.

Provision of personal data
On the basis of contracts concluded by the data controller for the transfer of personal data processing, it is possible to transfer customer data to external service providers. The scope of the transfer depends on the scope of services used by the client and the consents granted by him when using the website.

Examples of external companies:
1. Provider of hosting services and databases where the data is stored.
2. Provider of ICT services used to maintain the Internet connection.
3. Offices as the target place for submitting documents.
4. Head of the Office for Foreigners
5. Entities handling electronic payments and payments made with payment and credit cards.
6. Accounting Firm Employees
Transferring personal data to a third country outside the European Union
The level of data protection and access to their processing when sending them outside the European Economic Area (EEA) may differ from the European standard. For this reason, the Administrator undertakes to send only the necessary data, only when it is necessary and with an appropriate level of protection.

Data may only be transferred to processors outside the EU who:
1. They are based in countries approved by a relevant decision of the European Commission.
2. They have an appropriate agreement signed with the Administrator.
3. In the case of entities from the USA - participate in the Privacy Shield program, approved by the decision of the European Commission. https://www.privacyshield.gov

Retention period of personal data collected by the website system.
Data collected for the purposes of implementing the provisions of the contract concluded between the client and the website are kept in accordance with the law for no longer than it is required to perform the provisions of the contract. (Article 6 (1) (b) of the GDPR - necessity for the performance of a contract to which the User is a party.
Personal data may be processed after the performance of the contract for for an indefinite period for the purposes of applicable law. art. 6 GDPR - legitimate interest of the administrator.
The statistical data is processed to object or withdraw consent to their use by the user, art. 6 sec. 1 lit. f) GDPR - legitimate interest of the administrator.
Data collected for marketing purposes are processed until the user's consent is withdrawn. Art. 6 sec. 1 lit. a) - voluntary consent

Cookie files
The website, after giving the user's consent, automatically collects data in cookie files when using the Burman-Robinson.com website. It also saves them in the system of the browser used to view the website.
Cookies are small text files sent by a website and stored on your computer. They contain anonymous information related to your use of the Site and the Burman-Robinson website. Cookies are used by the Burman-Robinson service to operate the Website and provide you with the opportunity to provide you with interesting information.
Cookies used by the Burman-Robinson.com website may be temporary (session) or permanent. Temporary cookies are deleted when the browser is closed, while permanent cookies are also stored after you have finished using the Website and are used to store information such as your password or login, which speeds up and facilitates the use of the Website.

In terms of their functions, cookies are also divided into:
1. Own - Coming directly from the visited site.
2. External - Comes from an external site but used by the visited site.
3. Functional - allowing the browser to remember the settings and functions set by the user (eg search filters).
4. Necessary - the lack of which prevents the proper operation of the website.
5. Configuration - Allowing to persist the service settings.
6. Advertising - enabling the display of relevant advertising content.
7. Statistical - Necessary for collecting statistical data.

In any case, you can block the installation of cookies or delete permanent cookies using the appropriate options of your web browser. In case of problems, we advise you to use the browser's help file or contact the manufacturer of the browser you are using.
In addition to cookies, the Burman-Robinson.com service may also collect data usually collected by system administrators as part of the so-called logs or log files. The information contained in the logs may include, among others Your IP address, type of platform and web browser, Internet provider and the address of the page from which you entered the Website.

User rights
Under the Act, each user has the following rights:
1. Submitting a complaint to the President of the Personal Data Protection Office (UODO).
2. Right to object - The right to withdraw consents granted to the administrator for data processing.
3. Right to be correctly informed - Requests to correct or update your personal data.
4. The right to data portability - enabling the user to receive their own personal data on a durable medium.
5. Right to be anonymous - The right to replace your own data with aliases that hide their true values. (With the exception of data necessary to fulfill the legal, accounting and tax obligations of the Administrator).
6. Right to be forgotten - The right of the user to request the complete deletion of his personal data from the administrator's system.
7. Right to be informed - The right of the user to obtain accurate information about his data processed by the controller.
8. Right to be notified - In the event of any data leakage, the user has the right to be notified within a maximum of 72 hours after the leak has been discovered.
9. The right to limit data processing - Limiting the processed personal data to the minimum necessary for the performance of the contract or service.
The User may exercise the rights granted under the "Privacy Management" tab, after logging in to his account, or by contacting the Personal Data Administrator directly at ado@burman-robinson.com
The personal data administrator is obliged to respond and justify the steps taken within 30 days of receipt of the customer's claim.

Applicable Security
We make every effort to ensure that customer data is protected to the highest degree from being viewed by third parties. We process only the data necessary to perform the contract concluded with the client and we do not retain unnecessary data after the period for which we are obliged by law.
Security measures at the place of personal data processing are adequately adapted to the data being processed, thus ensuring full security - in accordance with Article 32 of the GDPR.
For security measures in companies to which the administrator entrusts personal data on the basis of an entrustment agreement, they are processed by personal data administrators or personal data inspectors of these companies. All companies with which the Administrator has signed data processing agreements have the highest level of security, adequate to the data being processed - in accordance with Article 32 of the GDPR.
Made on