Privacy policy
§1 General
1. The Controller - Richter Motors Poland sp.z o.o. [a limited liability company] seated in Taciszów (44-171), ul. Gliwicka 41, entered into the Register of Entrepreneurs kept by the District Court in Gliwice, 10th Commercial Division of the National Court Register under number 0000971426, NIP: 9691651459, REGON: 22022569, share capital PLN 20,000 - paid in full.
2.Personal Data - information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including a device’s IP, location data, internet identifier and information collected via cookies and other similar technology.
3. Policy - this Privacy Policy.
4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.
5. Website - a Website run by the Controller at https://higyro.com/pl/
6. User - any natural person visiting the Website or using one or more services or functionalities described in the Policy.
§2 Data processing in connection with the use of the Website
1. In connection with the User's use of the Website, the Controller collects data to the extent necessary to provide individual services offered, as well as information about the User's activity on the Website.
2. The principles and purposes of processing Personal Data collected during the use of the Website by the User are described in detail below.
§3 Purposes and legal grounds for processing on the Website and the use of the Website
1. Personal Data of all persons using the Website (including the IP address or other identifiers and information collected via cookies or other similar technologies) and who are not registered Users (i.e. persons who do not have a profile on the Website) are processed by the Controller:
a) in order to provide electronic services in the scope of making the content collected on the Website available to Users - then the legal basis for processing is the necessity of processing to perform the contract (legal basis for processing: Art. 6 (1) (B) GDPR);
b) for analytical and statistical purposes - then the legal basis for processing is the Controller's legitimate interest (legal basis for processing: Art. 6 (1) (F) GDPR), consisting in analyzing Users' activity, as well as their preferences in order to improve the functionalities used and services provided;
c) in order to possibly establish and pursue claims or defend against claims - the legal basis for processing is the Controller's legitimate interest (legal basis for processing: Art. 6 (1) (F) GDPR), consisting in the protection of its rights;
2. The User's activity on the Website, including his Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used for the provision of services by the Controller). The information collected in the logs is processed primarily for purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, for the purposes of ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes - in this respect, the legal basis for processing is the legitimate interest of the Controller (legal basis for processing: Art. (1) (F) GDPR).
§4 Mechanisms and methods of data processing and registration on the Website
1. Persons who register on the Website are asked to provide the data necessary to create and service the account. In order to facilitate service, the User may, using the functionalities made available to him/her as part of his account, provide additional data. Such data can be deleted at any time. Providing data marked as mandatory is required to set up and operate an account, and failure to do so results in the inability to create an account. Providing other data is voluntary.
2. Personal Data are processed:
a) in order to provide services related to the maintenance and service of an account on the Website - the legal basis for processing is the necessity of processing to perform the contract (legal basis for processing: Art. 6 (1) (B) GDPR);
b) for analytical and statistical purposes - the legal basis for processing is the legitimate interest of the Controller (legal basis for processing: Art. 6 (1) (F) GDPR), consisting in conducting analyzes of Users' activity on the Website and the manner of using the account, as well as of Users’ preferences in order to improve the functionalities used;
c) in order to possibly establish and pursue claims or defend against claims - the legal basis for processing is the Controller's legitimate interest (legal basis for processing: Art. 6 (1) (F) GDPR), consisting in the protection of its rights;
d) for the marketing purposes of the Controller and other entities - the rules for the processing of Personal Data for marketing purposes are described in the MARKETING section.
3. Should the User place any Personal Data of other people on the Website (including their name, address, telephone number or e-mail address), he/she may do so only on condition that the law and personal rights of these persons are not infringed.
§5 Placing orders
1. Placing an order (e.g. for purchase of goods or services - if the Controller gives such an option) by the Website User involves the processing of his/her Personal Data. Providing data marked as mandatory is required in order to accept and handle the order, and failure to do so results in the failure to fulfill the order. Providing other data is optional.
2. Personal Data are processed:
a) in order to proceed the order placed - the legal basis for processing is the necessity of processing to perform the contract (legal basis for processing: Art. 6 (1) (B) GDPR);
b) in order to fulfill the statutory obligations incumbent on the Controller, resulting in particular from tax and accounting regulations - the legal basis for processing is the legal obligation (legal basis for processing: Art. 6 (1) (C) GDPR);
c) for analytical and statistical purposes - the legal basis for processing is the Controller's legitimate interest (legal basis for processing: Art. 6 (1) (F) GDPR), consisting in analyzing Users' activities on the Website, as well as Users' shopping preferences in order to improve functionalities used;
d) in order to possibly establish and pursue claims or defend against claims - the legal basis for processing is the Controller's legitimate interest (legal basis for processing: Art. 6 (1) (f) GDPR), consisting in the protection of its rights.
§6 Contact via the form
1. The Controller provides the possibility of contacting them by using electronic contact forms. Using the form requires providing Personal Data necessary to contact the User and answer the inquiry. The User may also provide other data to facilitate contact or handling the inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to do so results in the inability to handle it. Providing other data is voluntary.
2. Personal Data are processed in order to identify the sender and to handle his/her inquiry sent via the provided form - the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (legal basis for processing: Art. 6 (1) (B) GDPR).
§7 Marketing
1. The Controller processes Users' Personal Data in order to carry out marketing activities, which may include:
a) displaying marketing content to the User that is not tailored to his/her preferences (contextual advertising);
b) sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service);
c) conducting other types of activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
2. In order to carry out marketing activities, the Controller uses profiling in some cases. This means that thanks to automatic data processing, the Controller creates a User’s profile and, on the basis of the collected information, assesses selected factors relating to the User (e.g. e-mail address, order history, device type, technology used, frequency of visits, vehicle model) in order to analyze their behavior as buyers or create a purchasing forecast for the future. This allows for a better adjustment of the displayed content to the individual preferences and interests of the User.
3. The Controller processes Users' Personal Data for marketing purposes in connection with directing contextual advertising to Users (i.e. advertising that does not match the User's preferences). The processing of Personal Data takes place then in connection with the implementation of the legitimate interest of the Controller (legal basis for processing: Art. 6 (1) (F) GDPR).
§8 Newsletter
1. The Controller provides the newsletter service on the terms set out in the regulations to persons who have provided their e-mail address for this purpose. Providing data is required to provide the newsletter service, and failure to do so results in the inability to send it. This form of communication with the User may include profiling. This means that thanks to automatic data processing, the Controller creates a User’s profile and, on the basis of the collected information, assesses selected factors related to the User (e.g. e-mail address, order history, device type, technology used, frequency of visits) in order to analyze their behavior as buyers or create a purchasing forecast for the future. This allows for a better adjustment of the content sent to the individual preferences and interests of the User.
2.Personal Data are processed:
a) in order to provide the newsletter distribution service - the legal basis for processing is the necessity of processing to perform the contract (legal basis for processing: Art. 6 (1) (B) GDPR);
b) in the case of sending marketing content to the User as part of a newsletter - the legal basis for processing, including the use of profiling, is the Controller's legitimate interest (legal basis for processing: Art. 6 (1) (F) GDPR) in connection with the consent given to receiving a newsletter;
c) for analytical and statistical purposes - the legal basis for processing is the Controller's legitimate interest (legal basis for processing: Art. 6 (1) (F) GDPR), consisting in conducting analyzes of Users' activities on the Website in order to improve the functionalities used;
d) in order to possibly establish and pursue claims or defend against claims - the legal basis for processing is the Controller's legitimate interest (legal basis for processing: Art. 6 (1) (f) GDPR), consisting in the protection of its rights.
§9 Direct marketing
1.The User's Personal Data may also be used by the Controller to direct the marketing content to him/her through various channels, i.e. via e-mail, MMS / SMS or by phone. Such actions are taken by the Controller only if the User has consented to them, which may be withdrawn at any time.
2. The Controller may, in some cases, also carry out direct marketing via traditional mail. The User has the right to object to this type of marketing.
§10 Social media
1. The Controller processes the Personal Data of Users visiting the Controller's profiles in social media (Facebook, YouTube). These data are processed only in connection with keeping the profile, including to inform Users about the Controller's activity and to promote various types of events, services and products.
2. The legal basis for the processing of Personal Data by the Controller for this purpose is their legitimate interest (legal basis for processing: Art. 6 (1) (f) GDPR), consisting in promoting their own company.
§11 Posting comments
1. The Controller provides the option of posting comments on the Website. Providing data in the fields marked as "required field" is voluntary, but failure to do so results in the inability to post a comment. The publicly visible datum for all Users is: User nickname.
2. Personal Data are processed in order to publish a comment as part of the functionalities provided by the Controller - the legal basis for processing is the necessity of processing to provide the service (legal basis for processing: Art. 6 (1) (B) GDPR).
§12 Cookies
1. Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information that facilitates the use of the Website - e.g. by remembering the User's visits to the Website and the activities performed by the User.
2. The Controller uses the so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. Therefore, the Controller and other entities providing analytical and statistical services to him/her use cookies by storing information or accessing information already stored in the User's telecommunications end device (computer, telephone).
3.Cookies used for this purpose include:
a) cookies with data entered by the User (session’s ID) for the duration of the session (user input cookies);
b) authentication cookies used for services that require authentication for the duration of the session (authentication cookies);
c) cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies);
d) session cookies for multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
e) persistent cookies used to personalize the User's interface for the duration of the session or slightly longer (user interface customization cookies).
§13 Analytical and marketing tools used by the Controller's partners
1. The Controller and his Partners use various solutions and tools applied for analytical and marketing purposes. Some basic information about these tools can be found below. Detailed information in this regard can be found in the privacy policy of a given partner.
2. Google Analytics cookies are files used by the Google company to analyze how the User uses the Website, to create statistics and reports on the functioning of the Website. Google does not use the collected data to identify the User and does not combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found at the link: https://www.google.com/intl/pl/policies/privacy/partners.
3. Google Ads is a tool that allows you to measure the effectiveness of advertising campaigns carried out by the Controller, allowing for the analytics of such data as, for example, keywords or the number of unique users. The Google Ads platform also allows us to display our ads to people who have visited the Website in the past. Information on data processing by Google in the scope of the above service is available at the link: https://policies.google.com/technologies/ads?hl=pl,
4. Facebook Pixel is a tool that allows you to measure the effectiveness of advertising campaigns carried out by the Controller on Facebook. The tool allows for advanced data analytics in order to optimize the Controller's activities also with the use of other tools offered by Facebook. Detailed information on data processing by Facebook can be found at this link: https://pl-pl.facebook.com/help/443357099140264?helpref=about_content.
5. HotJar is a tool that allows the Controller to conduct analyzes of Users' activity on the Website, e.g. through surveys or satisfaction surveys, and by anonymous collection of information about clicks on individual places on the Website. The tool does not identify the User. Detailed information on the data collected via HotJar and the method of deactivating the User's monitoring is available at the link: https://www.hotjar.com/privacy.
6. DoubleClick is a tool that allows to measure the effectiveness of advertising campaigns carried out by the Controller (Google Ads campaigns) and analyze their results.
7. YouLead is a marketing automation tool.
8.Google Tag Manager is a tool that allows the Controller to conduct analyzes of Users' activity by enabling the management of other analytical or marketing tools used by the Controller.
9. The User may at any time withdraw consent to the use of cookies in order to collect data through them, including access to data stored on the User's device.
10. Consent is not required only in the case of cookies, the use of which is necessary to provide a telecommunications service (data transmission to display the content).
11. Withdrawal of consent to the use of cookies is possible through the browser settings. Detailed information on this can be found at the following links:
a) Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
b) Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
c) Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
d)Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
e)Safari: https://support.apple.com/kb/PH5042?locale=en-GB
12. The user may at any time verify the status of his current privacy settings for the browser used using the tools available at the following links:
a)http://www.youronlinechoices.com/pl/twojewybory
b) http://optout.aboutads.info/?c=2&lang=EN
§14 The period of Personal Data processing
1. The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the service or the performance of the order, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Controller.
2. The period of data processing may be extended if the processing is necessary to establish and pursue possible claims or defend against claims, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
§15 User’s rights
1. The User has the right to access the data and demand their rectification, deletion, processing restrictions, the right to transfer data and the right to object to the processing of data, as well as the right to lodge a complaint with the supervisory body dealing with the protection of Personal Data.
2. To the extent that the User's data is processed on the basis of consent, this consent may be withdrawn at any time by contacting the Controller or using the functionalities available on the Website.
3.The User has the right to object to the processing of data for marketing purposes, if the processing takes place in connection with the legitimate interest of the Controller, and - for reasons related to the specific situation of the User - in other cases where the legal basis for data processing is a legitimate interest of the Controller (e.g. in connection with the implementation of analytical and statistical purposes).
4. In order to withdraw your consent, you can contact us by sending an e-mail to the address: office@higyro.com
§16 Recipients of data
1. In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing accounting services, couriers (in connection with the implementation of the order) and entities related to Controller.
2. In the case of adding a comment on the Website, it will be made public along with the content of the comment, given by the User's nickname.
§17 Transfer of data outside the EEA
1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when it is necessary and with an adequate level of protection, in particular through:
a) cooperation with entities processing Personal Data in countries for which a relevant decision of the European Commission has been issued concerning the determination of an adequate level of Personal Data protection;
b) usage of standard contractual clauses issued by the European Commission;
c) application of binding corporate rules approved by the competent supervisory authority;
d) in the case of data transfer to the USA - cooperation with entities participating in the Privacy Shield program, approved by a decision of the European Commission.
2. The Controller always informs about the intention to transfer Personal Data outside the EEA at the stage of collecting them.
§18 Security of Personal Data
1.The Controller conducts a risk analysis on an ongoing basis to ensure that Personal Data are processed by them in a safe manner - ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the not the job. The Controller makes sure that all operations on Personal Data are recorded and performed only by authorized employees and associates.
2. The Controller shall take all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Controller.
§19 Website regulations
1. Contact with the Controller is possible via the e-mail address office@higyro.com
2. You have the right to access your data and the right to rectify, delete, limit processing, the right to transfer data, the right to object (e.g. if the data is processed on the basis of your consent, or for marketing purposes or sharing your data); you have the right to withdraw your consent at any time. In order to withdraw your consent, please send an e-mail to office@higyro.com
Providing your Personal Data is fully voluntary. Failure to provide Personal Data will result in the inability to fully fulfill the obligations assumed by the Company name as part of contracts concluded with you.
§20 Change of the privacy policy
1. The policy is verified on an ongoing basis and, if necessary, updated by the Controller.
2. The current version of the Policy was adopted and is effective as of July 5, 2022.