Skip to content
  • Polski
  • English

Privacy Policy

1. Definitions

The terms used in the Privacy Policy shall mean respectively:

Website — the website operating in the domain optimamalt.pl based on the terms set out in these Terms of Use and in accordance with the applicable laws.

Website Operator or Operator (hereinafter also referred to as “we”, “us” or “our”) — the entity managing the Website, i.e. Optima Malt Sp. z o.o., a company with its registered office in Poznań (ul. Bałtycka 48, 61-016 Poznań), entered into the Register of Entrepreneurs kept by the District Court Poznań Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register under no. KRS 0000123627.

User (hereinafter also referred to as “you” or “your”) — any natural person, legal person or organizational unit without legal personality using the Website.

Personal Data — any information related to an identified or identifiable natural person (“data subject”), i.e. a person who can be identified, directly or indirectly, in particular by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Personal Data Controller or Controller — a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

GDPR — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

2. Introductory information

1. Optima Malt attaches particular importance to respecting your privacy. We take appropriate measures to ensure that all data, including personal data, provided by you is properly protected. This Privacy Policy contains basic information on the processing and protection of your personal data, including the legal basis, purposes and scope of the processing of personal data and the rights of data subjects.

2. The Controller of your personal data processed in connection with your use of the Website is the Operator. If you have any questions or concerns regarding the processing of your personal data and your rights, please contact the Operator via the contact form.

3. Your personal data is processed in accordance with the applicable laws and regulations, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR).

4. The provision of personal data by Users is voluntary, except in the following circumstances:

a) Conclusion of a contract: Failure to provide personal data necessary for the conclusion and performance of a contract prevents the conclusion of this contract. The provision of personal data in this case is a contractual requirement. Therefore, in order to conclude a contract, the data subject is obliged to provide the necessary data, as defined on the Website.

b) Statutory obligation: The provision of personal data in this case is a statutory requirement under the relevant legal provisions which require the Controller to process personal data. Failure by Users to provide the necessary data prevents the Controller from fulfilling this obligation.

5. We take steps to assure that the data we collect:

— is processed in accordance with the applicable laws;
— is collected for legitimate purposes and not further processed in a manner incompatible with those purposes;
— is factually correct and adequate in relation to the purposes for which it is processed;
— is stored in a form that permits the identification of the data subject for no longer than it is necessary to achieve the purpose of processing;
— is processed in a manner that ensures its security using appropriate technical and organizational measures.

6. Please be advised that the Website may include links that allow Users to go directly to other websites or to use features integrated into third-party applications and systems, such as Facebook or Google. The Operator has no influence on the privacy policies of other entities. Therefore, for security reasons, before using the resources of other websites, you should consult their privacy policies or contact the administrator of the respective website for information.

7. The use of the Website is possible without providing personal data. The Controller then gains access to information such as data on the User’s device (including IP address) and data on the User’s visits to the Website (including time and length of visit, pages visited, searches, downloaded material, etc.). The information is used exclusively for administrative and statistical purposes and to optimise the structure, content and functionality of the Website.

8. Information on cookies and similar technologies can be found in the Cookie Policy.

3. Purpose, basis, period and scope of the processing of personal data

1. The Controller has the right to process your personal data if at least one of the following applies:

— The data subject has given consent to the processing of his/her personal data for specific purposes.
— Processing is necessary for the performance of a contract to which the data subject is a party or in order to take actions at the request of the data subject prior to entering a contract.
— The controller is required to process personal data in order to comply with a legal obligation.
— Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
— Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
— Processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. (The Administrator hereby informs that the content presented on the Website is not directed to children.)

2. The Controller may process Users’ personal data in order to conclude and perform a contract or to take action at the request of the data subject prior to entering into a contract. The legal basis in this regard is Article 6 (1) (b) of the GDPR. The data processed includes name, email address, contact telephone number, residential, business or registered office address; for Users who are not consumers, the Controller may additionally process the company name, tax identification number and business register number. The data shall be stored for the period necessary for the performance, termination or expiry of the contract and, after termination, until the expiry of the time limits for claims arising therefrom.

3. The Controller may process Users’ personal data for direct marketing purposes. The legal basis in this regard is Article 6 (1) (f) of the GDPR. The data processed includes email address. The data shall be stored for the period of existence of the legitimate interest pursued by the Controller to improve the functioning of the Website by improving its structure and content and to prevent possible abuses, but not longer than the period of the statute of limitations for claims against the data subject on account of the Controller’s business activities (the period of the statute of limitations is determined by the provisions of law, in particular the Civil Code). The Controller may not process the data for direct marketing purposes in the event of an effective objection by the data subject.

4. The Controller may process Users’ personal data in order to carry out marketing activities. The legal basis in this regard is Article 6 (1) (a) of the GDPR. The data processed includes name and email address. Data shall be stored until the data subject has withdrawn his/her consent to further data processing for this purpose.

5. The Controller may process Users’ personal data in order to comply with its legal obligations, including those under tax legislation. The legal basis in this regard is Article 6 (1) (c) of the GDPR. The data processed includes name, email address, contact telephone number, residential, business or registered office address; for Users who are not consumers, the Controller may additionally process the company name, tax identification number and business register number. The data is stored for the period required by law, e.g. until the expiry of the statute of limitations on tax liability.

6. The Controller may process Users’ personal data for analytical purposes and for security reasons. The legal basis in this regard is Article 6 (1) (f) of the GDPR. The data processed includes, among other things, data on User activity on the Website, such as pages visited and time spent there, as well as data on search history, IP address, device ID number and the browser and operating system data. The data shall be stored for the period of existence of the legitimate interest pursued by the Controller to improve the functioning of the Website by improving its structure and content and to prevent possible abuses, but not longer than the period of the statute of limitations for claims against the data subject on account of the Controller’s business activities (the period of the statute of limitations is determined by the provisions of law, in particular the Civil Code).

7. The Controller may process Users’ personal data in order to establish or assert claims or defend against claims. The legal basis in this regard is Article 6 (1) (f) of the GDPR. The data processed includes name, email address, contact telephone number, residential, business or registered office address; for Users who are not consumers, the Controller may additionally process the company name, tax identification number and business register number. The data shall be stored for the period of existence of the legitimate interest pursued by the Controller, but not longer than the period of the statute of limitations for claims against the data subject on account of the Controller’s business activities (the period of the statute of limitations is determined by the provisions of law, in particular the Civil Code).

4. Transfer of data and recipients of data

1. The proper functioning of the Website requires the support of external entities. The Controller only uses entities that provide appropriate technical and organisational measures to ensure compliance with the GDPR and to protect the rights of data subjects.

2. Your personal data may be disclosed to third parties acting on our behalf only to the extent necessary to achieve a specific purpose of data processing.

3. Users’ personal data may be communicated to the following recipients or categories of recipients:

— postal or courier service operators;
— banks and entities enabling remote payment;
— providers of accounting, legal and advisory services;
— suppliers providing technical, IT and organisational solutions enabling the Controller to conduct its business (in particular software, email and hosting providers).

4. Users’ personal data may also be forwarded to state authorities or other entities authorised for this by law.

5. As the level of protection of personal data outside the European Economic Area (EEA) differs from that provided by the European law, the Controller transfers personal data outside the EEA (to the so-called third countries) only when necessary, and with an adequate level of protection.

6. The Controller shall give notice of its intention to transfer personal data outside the EEA at the stage of data collection.

5. Automated decision-making, including profiling

1. In fulfilment of the obligation to inform about automated decision-making, including profiling, as referred to in Article 22 (1) and (4) of the GDPR, about the principles of such decision-making and about the significance and foreseeable consequences of such processing for the data subject, the Controller informs that profiling may be used on the Website.

2. This profiling consists in the automatic analysis or forecasting of Users’ behaviour on the Website based on their previous history of activities. The condition for such profiling is that the Controller holds the Users’ personal data.

3. Personal data is processed by automated means, including profiling, for the sole purpose of tailoring the content of the website to Users’ preferences and interests. Automated processing, including profiling, will not produce any legal effects or materially affect Users’ situation.

6. Rights of data subjects

You have the following rights with respect to your personal data:

1. The data subject has the right to obtain from the Controller confirmation as to whether personal data concerning him/her are being processed. If the processing takes place, the data subject has the right to access the data and to obtain the following information:

— purpose of processing;
— categories of personal data processed;
— information on the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular the recipients in third countries or international organisations;
— where possible, the intended period of storage of personal data, and where this is not possible, the criteria for determining that period;
— information on the right to request from the Data Controller the rectification, erasure or restriction of the processing of personal data concerning the data subject, and to object to such processing;
— information on the right to lodge a complaint with a supervisory authority;
— information on automated decision-making, including profiling, relevant information on the principles of such decision-making, as well as the significance and the envisaged consequences of such processing for the data subject.

This right must not affect the rights and freedoms of others.

2. The data subject has the right to request from the Controller an immediate rectification of inaccurate data or the completion of incomplete data without delay.

3. The data subject has the right to request from the Controller the immediate erasure of his/her personal data without delay (“right to be forgotten”). The Controller is obligated to delete these personal data without undue delay if one of the following circumstances applies:

— the personal data is no longer necessary for the purposes for which they were collected or otherwise processed;
— the data subject has withdrawn the consent on which the processing has been based in accordance with Article 6 (1) (a) and there is no other legal basis for the processing;
— the data subject has objected to the processing under Article 21 (1) (and there are no overriding legitimate grounds for the processing) or Article 21 (2) of the GDPR;
— personal data has been unlawfully processed;
— personal data must be erased in order to comply with a legal obligation under EU or Member State law to which the Controller is subject;
— the personal data was collected in connection with the offering of information society services as referred to in Article 8 (1) of the GDPR.

4. The data subject has the right to request the Controller to restrict processing in the following cases:

— the data subject questions the accuracy of the personal data (for a period allowing the Controller to verify the accuracy of the data);
— the processing is unlawful and the data subject opposes the erasure of the personal data, requesting instead the restriction of its use;
— the Controller no longer needs the personal data for the purposes of the processing, but they are needed by the data subject to establish or assert claims or defend against claims;
— the data subject has objected to the processing under Article 21 (1) of the GDPR (until such time as it is determined whether the legitimate grounds on the part of the Controller override the grounds of the data subject’s objection).

5. The data subject has the right to obtain his/her personal data which (s)he has provided to the Controller in a structured, commonly used machine-readable format and to transmit such personal data to another controller without any hindrance from the Controller, if the processing is based on consent pursuant to Article 6 (1) (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and if the processing is carried out by automated means. The data subject has the right to request that the personal data be sent by the Controller directly to another controller, insofar as this is technically possible.

6. The data subject has the right to object at any time to the processing of his/her personal data (including profiling) for purposes arising from the legitimate interests of the Controller or a third party. Further processing is only possible if there are valid legitimate overriding grounds for processing the personal data or the data concerned is necessary for the establishment or assertion of claims or the defence against claims.

7. The data subject has the right to object at any time to the processing of his/her personal data (including profiling) for the purposes of direct marketing conducted by the Controller to the extent that the processing is related to such direct marketing.

8. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects in relation to the data subject or similarly significantly affects the data subject. However, this right may not be exercised where the automated decision-making is necessary for the conclusion or performance of a contract, where the data subject’s explicit consent to making the decision has been obtained, or where the automated decision-making is authorised by the local law of an EU Member State, although in the first two cases the data subject may still have the right to obtain a human review of the decision, to express his/her own views and to challenge the decision.

9. If the processing of personal data is based upon the consent of the data subject, the data subject has the right to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal.

10. The data subject has the right to lodge a complaint with the supervisory authority: Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa.

11. Contact with the Controller in relation to the exercise of the rights mentioned above shall be made in the manner indicated in Article 2 (2) of this Privacy Policy. Where there is reasonable doubt as to the identity of the person making the request in this regard, the Controller may request additional information to help identify that person.

12. In response to a request containing an appropriate demand from the data subject, the Controller shall, without undue delay, within one month from the receipt of the request, provide information on the actions taken in relation to the request and either comply with it in accordance with the request or notify that the deadline for complying with the request needs to be extended by further two months due to the complexity of the request or the number of requests, or refuse to comply with the request and inform the data subject of the reasons for inaction. Being informed that the request has not been complied with entitles the data subject to lodge a complaint with the supervisory authority.

13. The first copy of the personal data list is provided free of charge; an administrative fee is charged for subsequent copies. In special cases, at the request of the data subject, the Controller may reduce or waive the administrative fee.

7. Updating the Privacy Policy

This Privacy Policy may be modified and updated on an ongoing basis. We therefore recommend that you check it frequently for updates.

Przedsiębiorca uzyskał pomoc w ramach programu rządowego pod nazwą:
„Pomoc dla sektorów energochłonnych związana z nagłymi wzrostami cen gazu ziemnego i energii elektrycznej w 2022 r.”