Privacy policy

This privacy policy (“Privacy Policy”) defines the principles of data processing, including personal data, hereinafter referred to as “data”, by ELDRUT sp. z o.o. sp.k. with its registered office in Wadowice Górne, address: Przebendów 42A, 39-308 Wadowice Górne, hereinafter referred to as the “Company”, in connection with the activity of manufacturing, sale and maintenance of vending and other devices concerned with the collection and processing of personal data, hereinafter referred to as “devices”.

  1. Purpose of data collection and processing: The Company processes customer and end-user data for the purposes of providing after-sales service, handling complaints, compiling analyses and sales and marketing statistics regarding the equipment, as well as for diagnostic and product range development purposes, including applications (Kwiatomat 24 EA, SushiVend 24 EA, MultiVend 24 EA) extending the Company’s services. These analyses are used for the purposes of improving the offer, adjusting the assortment to market needs and optimising business processes (e.g. suggesting sales strategies via devices, as well as information on the activity of a given customer on the platform and the data posted there). This data is also used to provide the highest level of service, including providing after-sales support and personalising the shopping experience.

Customers acknowledge that, in the context of fulfilling the purposes referred to above, the Company retains the right to view the sales statistics of individual devices, as well as the right to access the monitoring recordings for service purposes only. The statistics obtained within the framework of the aforementioned purposes and the analyses compiled on the basis thereof may only be presented collectively, without singling out specific devices and customers (in order to keep their individual data fully confidential). Specific statistics from a specific device and the analyses developed on the basis of these statistics may only be made available upon request to the entity that owns the device in question.

  1. Type of data collected: The company collects various categories of data, including:
    • identification data: name, surname, residential address, email address, telephone number, identification number;
    • contact data: e-mail address, telephone number;
    • demographic data: age, gender, education, occupation;
    • digital data: SIM card numbers, user passwords and logins, video surveillance recordings, IP addresses or other identifiers and information collected through cookies or other similar technologies and system logs;
    • transactional data: purchase information, transaction history, purchase preferences, quantity and price of products sold in relation to the time period of the transaction;
    • data related to customer interactions with the Company: opinions, comments, feedback, queries, feedback on products and services.
  2. Legal basis for data processing: The processing of data, depending on the specific case, is based on various legal bases, including primarily:
    • the data subject’s consent to the processing of personal data for the purposes set out in the Privacy Policy;
    • the legitimate interests of the controller of the personal data;
    • the need to process the data in order to perform a contract concluded with the customer or to take action at the customer’s request prior to the conclusion of the contract;
    • applicable legislation, including legislation on the protection of personal data.
  3. Protection, data security: The company takes all necessary technical, organisational and procedural measures to protect data against unauthorised access, loss, damage or unauthorised disclosure. Appropriate information security procedures are implemented, up-to-date technical solutions are used to ensure the security of the processed data. Regular security audits and employee training on data protection are carried out. Opportunities to develop these safeguards by implementing new measures described in standards created for this purpose are also analysed.
  4. Transfer of data to third parties: Data may only be shared or transferred to third parties where this is necessary to fulfil the purposes set out in the Privacy Policy and within the limits permitted by applicable legislation. The transfer of data may take place in the case of cooperation with entities providing services to the Company (e.g. IT service providers, courier companies), whereby we ensure that the third parties processing the data act on the basis of the relevant agreements concluded and comply with the relevant data security standards.
  5. Rights of customers/data subjects: Such individuals have a number of rights in relation to the processing of their data, including the right to:
    • access to their data and to receive information on how their data is processed;
    • to rectify their data if it is inaccurate or incomplete;
    • to have their data erased (“right to be forgotten”) in specific cases, e.g. where the data are no longer necessary for the purposes for which they were collected;
    • to restrict the processing of your data in cases laid down by law;
    • to object to the processing of your data in situations laid down by law, including the processing of your data for marketing purposes;
    • to data portability, i.e. to receive data from the Company in a structured, commonly used machine format and to send such data to another data controller.
  6. Data retention period: Data is kept for the time necessary to fulfil the purposes for which it was collected and in accordance with the applicable legislation. The data retention period may vary depending on the specific circumstances and the type of data processed by the Company. In this context, the limitation periods for claims are an important factor.
  7. Contact: For matters relating to data protection, the exercise of customer rights and any questions or concerns relating to data processing, you can contact the Company via email address: zapytania@eldrut.pl, by telephone at 48 606918397 or in writing to the registered office address. Data collected in this way is processed solely for the purpose of communication and resolution of the matter contacted.
  1. Update of the Privacy Policy: This Privacy Policy may be updated from time to time to adapt to changes in the law and the Company’s practices. The current version of the policy is available at https://www.eldrut.pl/rodo.
  2. Verification of data accuracy: The Company regularly monitors and verifies the accuracy and timeliness of the data stored ensuring its accuracy and completeness.
  3. Data security incident actions: In the event of a data security incident, the Company takes the necessary actions to quickly identify, locate and mitigate the impact of the incident. The affected persons will be informed of the incident if required by applicable law or justified by the interest of the person.
  4. Data minimisation principle: The company applies the principle of data minimisation, collecting only the information that is necessary for the specific purposes of data processing.
  5. Transfers of data outside the EU: Where data is transferred outside the European Economic Area (EEA), the Company provides appropriate safeguards and guarantees of compliance with applicable data protection laws.
  6. Automated decision-making: The Company does not use automated decision-making, including profiling, with significant impact on customers/end-users without their explicit consent.

This Privacy Policy has been drawn up with due diligence and in accordance with applicable legislation, including data protection law. Its purpose is to provide customers and end-users with full transparency and trust regarding the processing of their data by the Company.