Privacy policy_

DEFINITIONS
Data Controller: Karton-Pak Spółka Akcyjna with registered office in Nowa Sól, ul. Hutnicza 10-12, 67-100 Nowa Sól, which decided on objectives and means of personal data processing (hereinafter referred to as Karton-Pak S.A.).

personal data: all information about an identified or identifiable natural person by means of one or several specific factors defining physical, physiological, mental, economic, cultural or social identity of a natural person, including IP number of a device, location, internet ID and information collected by means of cookie files or a similar technology.

Karton-Pak S.A. - Karton-Pak Spółka Akcyjna with registered office in Nowa Sól, ul. Hutnicza 10-12, 67-100 Nowa Sól

personal data protection: personal data protection in Karton-Pak S.A.

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

website:
• The website at www.kartonpak.pl.
B2B plaform:
• The B2B platform at www.b2b.kartonpak.pl.

User: every natural person visiting the Website or B2B platform and using their functionalities.

DATA PROCESSING IN RELATION TO USE OF THE WEBSITE AND B2B PLATFORM
In relation to use of the Website and B2B Platform by the User, the Controller collects personal data in the scope necessary for performance of individual services and information on the User’s activeness. Please find below the description of detailed principles and objectives of processing of personal data collected when the User uses the Website and B2B Platform.

OBJECTIVES AND LEGAL GROUNDS OF DATA PROCESSING IN RELATION TO USE OF THE WEBSITE AND B2B PLATFORM
Use of the Website and B2B Platform
Personal data of all persons using the Website (including IP or other identifiers and information collected by means of cookies or similar technologies) are processed by the Controller:
• for the purpose of disclosure of the contents of the Website to users – in such case they are processed on the ground of the Controller’s legitimate interest (article 6 sec. 1 letter f of GDPR), that means they are processed in relation to the business activity aimed at marketing of own products and services,
• for administrative (including diagnostics), analytical and statistical purposes - in such case they are processed on the ground of consent of a data subject (article 6 sec. 1 letters a and f of GDPR), that means analysis of user activeness and their preferences in order to improve applied functionalities and rendered services.
Information collected in the logs is processed mainly for purposes related to rendered services. The Controller also processes such data for technical and administrative purposes, to ensure security of the IT system and to manage the IT system, and for analytical and statistical purposes - in such case they are processed on the ground of your consent and the Controller’s legitimate interest (article 6 sec. 1 letter f of GDPR), that means taking care for quality of electronic services and statistical analysis of such services.

Contact forms
The Controller ensures the possibility of contact by means of electronic contact forms. To use a contact form, personal data necessary to contact a User and answer to a question must be provided. The User may also provide other data to facilitate contacts or handling of a request. Contact data (e-mail address or phone number) are provided on voluntary basis but it is obligatory for the purpose of receipt of feedback. Other data are disclosed on voluntary basis. Persons, who use a contact form, are given respective information on processing of their personal data before they send a message. The contact form at the Website may be used, if consent on data processing for the purpose of handling of the contacts is given. Consent on data processing for the purpose of commercial contacts is voluntary.
Personal data are processed for the purpose of identification of a sender, reply and undertaking all necessary activities related to handling of a received e-mail. Processing is based on the legal ground of your consent and the Controller’s legitimate interest (article 6 sec. 1 letter f of GDPR), where the legitimate interest means marketing of own products and assertions of and defence against claims. If there is already a legal relationship between the Controller and a person contacting it via a contact form, the legal ground of personal data processing may include the fact that processing is necessary for the performance of a service agreement (article 6 sec. 1 letter b of GDPR).

Registration on B2B platform
The Controller discloses documents on the status of fulfilment of their orders and contracts to the counterparties and their staff. Access to the data requires disclosure of personal data necessary for registration of an account and logging there later. Persons using B2B Platform are provided with respective information on processing of their personal data at the stage of registration.
Personal data of B2B Platform Users are processed for the purpose of creation and management of the User Account on the ground of consent (article 6 sec. 1 letter a of GDPR), execution of an agreement through automation of data transfer with a counterparty (article 6 sec. 1 letter b and f of GDPR), where the legitimate interests include improvement of the quality of rendered services and ensuring security and development of data IT systems on the basis of article 6 sec. 1 letter f and c of GDPR.

Commercial information
The User data may be also used by the Controller to address commercial information to the User by means of various channels, that is via e-mail, by phone. Such activities are undertaken by the Controller only if the User has granted respective consent that may be withdrawn by the User any time.

SOCIAL MEDIA
The Controller processes personal data of Users visiting the Controller’s profiles in the social media (Facebook). Such data are processed only in relation to the profile, including in order to notify Users on activeness of the Controller and promotion of various events, services and products. The personal data are processed by the Controller in this case on the ground of the Controller’s legitimate interest (article 6 sec. 1 letter f of GDPR), that means promoting of own brand, services and products.

COOKIES AND SIMILAR TECHNOLOGY
Cookies are small text files installed on devices of a User who visits the Website. Cookies collect information facilitating use of the Website, e.g. through remembering of User’s visits and activities performed by them.  

Service cookies
The Controller uses so called service cookies mainly to provide the User with services rendered by electronic means and improve the quality of such services. Consequently, the Controller and other entities that render analytical and statistical services for the Controller use cookies when keeping the information or obtaining access to information, which is already stored in the User’s telecom terminal (computer, phone, tablet, etc.). Cookies are used for the purpose of:
• adjustment of the contents of the Website to the User’s preferences and optimisation of use of the Website; in particular cookies enable recognition of the User’s device and displaying of the website adjusted to the User’s individual needs,
• generation of statistics which help to understand how Users use websites, which enables improvement of the structure and contents of the websites; collective summaries in form of such statistic do not include any identifying features of visitors of the Website,
• possibly to maintain the User’s session of the Website.

At the website we use the following types of cookies:
• “necessary” cookies enabling use of services available at the Website,
• cookies used to guarantee security,
• cookies enabling collection of information on the manner of use of the Website.

In many cases, the software used for browsing the Internet (the Internet browser) allows storage of cookies on the User’s device as default setting. Users of website may change the setting of cookie files any time on their own. Such setting may be changed in particular to block automatic handling of cookies in the settings of the Internet browser or to notify on their every placement in the device of a website User.

Detailed information on possibilities and manners of cookie handling is available in settings of the software (Internet browser). If the settings of cookies are not changed, it means that they will be placed on the User’s terminal, which means that we will store information on the User’s terminal and obtain access to such information.
The Website uses Google Analytics mechanism to collect statistical data.

Google Analytics cookies
Google Analytics uses 5 cookies: _utma, _utmb, _utmc, _utmz, oraz _utmv.

Cookie, type, description
_utma, persistent, unique domain identifies (sometimes called hash) which is unique for every website
_utmb, persistent, responsible for storage of information on a given visit
_utmc, session, cooperates with _utmb and its task is to determine whether a new visit shall commence or collected data are to be applied to the previous visit
_utmz, persistent, contains information about sources of visits
_utmv, persistent, occurs only when non-standard variables are tracked at a website

You may find out more at:
https://developers.google.com/analytics/devguides/collection/gajs/cookie-usage
Google Analytics Privacy Policy: http://www.google.pl/intl/pl/analytics/privacyoverview.html

Instruction of deletion of cookies
The level of protection against cookies may be set in the Internet browser, even up to total blockade of cookies.

Google Chrome
Default settings of Google Chrome enable storage of cookies. To change settings, you should:
• click menu “Google Chrome Settings” and select option “Settings”,
• click “See advanced settings” at the bottom of the page,
• select option “Contents settings” in options of “Privacy”,
• select required settings,
• if you want to enter special settings for a selected portal, you should click “Manage exceptions” and select own settings for websites,
• to confirm, click button “Done”.

Microsoft Internet Explorer
Default settings of Microsoft Internet Explorer enable storage of cookies but block files that may come from portals without privacy policy. To change settings, you should:
• click menu “Tools” and select “Internet options”,
• select “Privacy” tab
• by means of the zipper set the demanded level of settings (the highest one block cookies completed, the lowest one allows storage of all cookies),
or:
• click “Advanced” and selected demanded settings on your own,
• you want to enter special settings for a selected portal, you should click “Websites” and select own settings for websites,
• to confirm, click button “OK”.

Mozilla Firefox
Default settings of Mozilla Firefox enable storage of cookies. To change settings, you should: click menu “Tools” (in other versions click “Firefox” button) and select “Options”. Then select “Privacy” tab and mark demanded settings; to enter special settings for a given Website, you should click “Exceptions” and select own settings for websites; confirm with “OK” button.

Opera
Default settings of Opera enable storage of cookies. To change settings, you should: click “Preferences”, select “Advanced” option and then “Cookies”; select required settings; to enter special settings for a given Website, you should enter selected website, click there with the right mouse button, select command “Preferences for websites” and go to card “Cookies” and then enter required settings and confirm with “OK” button.

PERIOD OF PERSONAL DATA PROCESSING
A period of personal data processing by the Controller depends on the purpose of processing. In principle, data are processed throughout the period of rendered services until consent is withdrawn (e.g. by a User of B2B platform) or en effective objections is made to data processing if they are processed on the ground of the Controller’s legitimate interest.
The period of personal data processing may be prolonged if processing is necessary for determination, assertion of or defence against possible claims, and after such period only in case and scope required by legal provisions. After lapse of the data processing period, data are irreversibly deleted or anonymised.

USER’S RIGHTS
You have numerous rights in relation to the personal data protection law on how we process your personal data, but they are not unlimited and we will not be able to fulfil your requests in certain cases. If it is not possible to execute any of the foregoing rights, we will contact you and inform about the reason.

The user shall have the right to:
• Right to access your personal data kept by us.
• Right to demand that we rectify any incorrect personal data, which are kept by us.
• Right to demand that we delete any information about you, that is kept by us. This right may be exercised, for instance, when:
- we do not need your personal data any longer for the purpose, for which they were collected,
- you withdraw your consent,
- you object to the manner of our processing of your personal data.
• Right to limit our processing of your personal data. This right may be exercised, for instance, when:
- you do not agree with correctness of your personal data, which are kept by us,
- we do not need to process your personal data any longer, but you prefer that we restrict data processing instead,
- we do not need to use your persona data for the purpose, for which they were collected, but they are necessary for the purpose of determination, investigation or defence of legal claims.
• The right to obtain the personal data provided to us in an ordered, commonly used and machine readable format. This right shall apply when data processing is based on consent or agreement (see above) and it is automated.
• The right to object to our processing of your personal data kept by us (including for the purpose of dispatch of marketing materials to you). This right shall apply when personal data are processed on the ground of the Controller’s legitimate interest.
• The right to withdraw your consent when we rely on while using your personal data (for instance, to provide you with commercial information).
• The right to submit a complaint to the Personal Data Protection Office dealing with personal data protection.
Demands related to the above rights may be submitted in writing to the Controller’s address or via e-mail at: sekretariat@kartonpak.pl.

DATA RECIPIENTS
In relation to execution of the services, personal data may be disclosed to external entities, including in particular to service providers responsible for handling of IT systems, technical infrastructure, entities rendering consulting services to the Controller, legal services, postal operators and couriers in case of correspondence, or other entities that render services for the Controller.
The Controller reserves the right to disclose selected information on the User to competent authorities on the basis of appropriate legal grounds and in compliance with applicable legal provisions.

DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA
The level of personal data protection outside the European Economic Area (EEA) is different than the one offered by the European legislation. Therefore, the Controller does not transfer personal data outside the EEA.

PERSONAL DATA SECURITY
The Controller performs risk analysis on ongoing basis to ensure that personal data are processed by it in a secure manner and ensuring that access to data is exercised only by authorised persons and only in the scope, in which it is necessary for the purpose of tasks performed by them. The Controller shall take care that all personal data operations are executed by authorised employees and associates only.
The Controller shall undertake all necessary activities to ensure that its subcontractors and other cooperating entities guarantee that they apply appropriate safety measures in every case they process personal data on the Controller’s request.

CONTACT DATA
Contact with the Controller is possible via traditional post addressed to Karton-Pak Spółka Akcyjna, ul. Hutnicza 10-12, 67-100 Nowa Sól.
The Controller has not appointed a Data Protection Inspector. In cases related to personal data protection you may contact us in writing or via e-mail at sekretariat@kartonpak.pl.
Reply to your request should be given within a month from its receipt.

CHANGES OF INFORMATION ON PERSONAL DATA PROTECTION
The information on personal data protection is verified on ongoing basis and updated, when necessary. The last update was adopted and has been applicable since 27 November 2018.

Downloads
Karton-Pak S.A.
Have a question? We’ll answer!
Anti-corruption report
Information about cookies

We use our own and external cookies to personalize content and analyze network traffic. By clicking the More Options button, you can check what data and for what purpose we collect in cookies. You do not have to agree to all of them, and if you change your mind, you can always update your Cookie Settings. You can find the link to the settings in the footer of the website.
Information on how we process your personal data is provided in our Privacy Policy.

Necessary cookies are required for the proper functioning of the site, ensure an adequate level of security, or allow you to customize your preferences regarding the consents you express. Necessary cookies cannot be disabled.

Analytical cookies are used to better understand how visitors interact with our website. They provide us with information about metrics such as the number of visitors, time spent on the site, source of incoming traffic, etc.

Marketing cookies are used to track users across websites. The goal is to display more relevant ads that are more interesting to you and more effective for advertisers.