This Privacy Policy is a complete information document setting out the rules for the processing of personal data and the use of cookies and tracking technologies within:
Personal data collected by the Controller is processed in accordance with the highest security standards and legal provisions, in particular:
The data controller of the personal data is Alnor Systemy Wentylacji Sp. z o.o. with its registered office in Warsaw (00-719), ul. Zwierzyniecka 8b, entered into the register of entrepreneurs of the National Court Register under KRS number: 0000038889, Tax Identification Number (NIP): 521-10-68-747, Business Registry Number (REGON): 010685817, with the share capital of PLN 334,500.00 (hereinafter: the "Controller" or "Alnor").
The Policy is addressed to all users of the Website and the B2B Platform (hereinafter: the Users), in particular to:
Sole Proprietorship status: The User's status as a Professional Entrepreneur or an Entrepreneur on Consumer Rights may be verified on the basis of the User's declaration, registration data and the nature of the specific transaction. To the extent that the Entrepreneur on Consumer Rights benefits from the protection provided for consumers, the Controller shall apply to them the information and protection standards of legal regulations in force.
In the interests of transparency and ease of communication, the Controller has designated dedicated channels of contact.
The User may contact the Controller on matters related to data processing:
E-mail: rodo@alnor.com.pl
Office address: Alnor Systemy Wentylacji Sp. z o.o., Aleja Krakowska 10, 05-552 Wola Mrokowska
In accordance with the requirements of DSA Regulation, the Controller has designated an electronic contact point for the reporting of illegal content and for communication with supervisory authorities and the European Commission:
E-mail: b2b.support@alnor.com.pl
Languages of communication: Polish, English
The Controller processes personal data for specific purposes, based on the legal grounds indicated below and for a limited period of time (retention).
| Purpose of Processing | Legal Basis | Scope of Data | Retention Period |
|---|---|---|---|
| 1. Registration and Operation of a B2B Business Account Conclusion and execution of the agreement for the provision of electronic services, verification of entrepreneurial status. |
Article 6(1)(b) of GDPR (Necessity for performance of the agreement). | Name, e-mail address, telephone number, VAT number, company name, business address, password (encrypted), order history. | For the duration of the Service Agreement (having the Account). Upon deletion of the account – for the period of the statute of limitations for claims (3 years for B2B claims, 6 years in other cases). |
| 2. Execution of Orders and Sale Agreements Delivery of goods, payment processing, invoicing. |
Article 6(1)(b) of GDPR (Execution of the sale agreement) and Article 6(1)(c) of GDPR (Legal obligation – tax/accounting). | Delivery address details, contact person details (full name, telephone number), invoice details. | 5 years counting from the end of the calendar year in which the deadline for payment of the tax expired (a requirement of the Tax Ordinance). |
| 3. Product Safety (GPSR) and Traceability Safety notifications, recalls, service actions, batch tracking. |
Article 6(1)(c) of GDPR read with GPSR (Legal obligation). | Customer contact details, order history (goods indices, batch numbers). | 10 years after the product is placed on the market (in line with product safety and traceability requirements). |
|
Important: The withdrawal of marketing consents or the lodging of objections to marketing does not affect the Controller's ability to contact the User on matters relating to product safety, recalls and mandatory technical and warning messages.
|
|||
| 4. Direct Marketing (Newsletter, SMS, Telephone) Sending of offers, price lists, news. |
Article 6(1)(f) of GDPR (Legitimate interest – own marketing) OR Article 6(1)(a) of GDPR (Consent). Read with Article 398 of ECL (Consent to the communication channel). | E-mail address, telephone number, first name, purchase history. | Until the withdrawal of consent to the communication or making an effective objection. |
|
Cold Calling Prohibition: The Controller does not carry out telephone or e-mail marketing without the prior consent required by the provisions of the Electronic Communications Law (Article 398 of the ECL), regardless of whether the recipient is a consumer or a professional entity (B2B).
|
|||
| 5. Individual Pricing (Omnibus) Presentation of personalised commercial terms and discounts. |
Article 6(1)(b) of GDPR (Performance of the agreement) and Article 6(1)(f) of GDPR (Legitimate interest). | History of cooperation, volume of purchases, timeliness of payments, commercial parameters. | For the duration of an active B2B Account and trade cooperation. |
| 6. Analytics, Statistics and Development Traffic analysis, process automation, recommendations (including AI). |
Article 6(1)(f) of GDPR (Legitimate interest) or Consent (for marketing cookies). | Anonymised statistical data, cookies, device parameters. | In accordance with the validity period of the cookies (details in the cookie banner), a maximum of 2 years. |
| 7. Handling of DSA Requests and Moderation Decisions Dealing with reports of illegal content. |
Article 6(1)(c) of GDPR (Legal obligation under the DSA). | Reporting party's data, content of the report, correspondence, decision. | For the duration of the investigation and report archiving for 5 years (in accordance with the DSA reporting requirements). |
As a rule, personal data is collected directly from Users. In some cases, data may be obtained from other sources:
Personal data may be transferred to entities cooperating with the Controller in order to provide services. We ensure legal compliance with each data processor (e.g. through outsourcing agreements). The recipients of the data may be:
Roles of third parties: With regard to the use of analytical and marketing tools (e.g. Google, Meta), these providers may act as:
The Controller generally processes data in the European Economic Area (EEA). However, in connection with the use of global technology providers, the Controller may transfer anonymised statistical data (cookies) or technical data to third countries. The transfer is always carried out in compliance with the requirements of GDPR based on:
We would like to inform you that the prices, discounts, bonuses and commercial terms presented to Users on the B2B Platform are of an individual nature. They are determined based on the history of cooperation, volume of purchases, timeliness of payments and other commercial parameters. This means that an offer presented to one user may differ from an offer to another counterparty and does not constitute a uniform public offer.
The Controller informs that data on purchase history and activity on the Platform may be used to personalise the commercial offer (e.g. presentation of recommended products, commercial conditions or discounts), but is not used to mislead as to prices, promotions or to manipulate product rankings within the meaning of the regulations on consumer protection and unfair competition practices (the so-called Omnibus / Office of Competition and Consumer Protection (UOKiK)).
The Controller reserves the right to use tools to support data analysis, process automation, profiling or commercial recommendations (including artificial intelligence algorithms). These activities are aimed at improving the B2B service (e.g. recommendations of complementary products).
The Controller informs that decisions regarding the granting, modification or revocation of a trade credit limit are not taken solely by automated means and are always subject to review by an employee. The User has the right to request human intervention and to make their point of view known.
The B2B Platform uses cookies in two main categories:
The Controller may, depending on the analytical or marketing tools currently in use, use consent management mechanisms and privacy signals (e.g. as part of consent management platforms – CMPs or solutions offered by third party tool providers) that allow information about the User's consent status to be transmitted to these tools. Irrespective of the technical solution used, cookies and non-essential tools are only activated with the appropriate consent of the User, in accordance with the provisions of the Electronic Communications Law and GDPR.
In the absence of the User's consent, the Controller does not store analytical or marketing category cookies on the User's device and the data, if processed, is only aggregated or anonymised.
If the Website uses sorting or presentation mechanisms for products (e.g. "most popular", "recommended"), the order may be determined on the basis of objective business criteria, such as: availability of goods, popularity (sales volume), current sale campaigns or margins.
If the function for publishing opinions is made available, the Controller shall indicate each time an opinion is published whether and how it verifies that it comes from an actual customer who purchased the product.
Each User has rights under GDPR:
To exercise your rights, please contact: rodo@alnor.com.pl
Protections: The connection to the B2B Platform is encrypted (SSL/TLS protocol) and user passwords are stored in hashed form.
Infringement procedure: The Controller has procedures in place to detect and report data breaches. In the event of a violation that threatens the rights or freedoms of persons, the Controller:
In relation to the implementation of the Digital Services Act (DSA) and the fairness (interface fairness) principles:
The Privacy Policy is continuously reviewed and updated in the event of changes in law or technology. Registered Customers shall be informed of significant changes by e-mail in advance.