Logo
sk
User account

Privacy policy

This privacy policy ("Privacy Policy") defines the principles of data processing, including personal data, hereinafter referred to as "data", by ELDRUT sp. z o.o. sp.k. with its registered office in Wadowice Górne, address: Przebendów 42A, 39-308 Wadowice Górne, hereinafter referred to as the "Company", in connection with the activity of manufacturing, sale and maintenance of vending and other devices concerned with the collection and processing of personal data, hereinafter referred to as "devices".

  1. Purpose of data collection and processing: The Company processes customer and end-user data for the purposes of providing after-sales service, dealing with complaints, preparing analyses and sales and marketing statistics regarding the devices, as well as for diagnostic and product range development purposes, including applications (Bouqetmats 24 EA, SushiVend 24 EA, MultiVend 24 EA) extending the Company's services. These analyses are used for the purposes of improving the offer, adjusting the assortment to market needs and optimising business processes (e.g. suggesting sales strategies via devices, as well as information on the activity of a given customer on the platform and the data posted there). The data is also used to provide the highest level of service, including providing after-sales support and personalising the shopping experience.

Customers acknowledge that, in the context of achieving the purposes referred to above, the Company retains the right to inspect the sales statistics of individual devices, as well as the right to access the monitoring recordings exclusively for service purposes. The statistics obtained within the framework of the aforementioned purposes and the analyses compiled on the basis thereof may only be presented collectively, without singling out specific devices and customers (in order to keep their individual data fully confidential). Specific statistics from a particular device and the analyses compiled on their basis may be made available only at the request of the entity that owns the device in question.

  1. Type of data collected: The company collects various categories of data, including:
    • identification data: name, surname, residential address, e-mail address, telephone number, identification number;
    • contact details: e-mail address, telephone number;
    • demographic data: age, gender, education, occupation;
    • digital data: SIM card numbers, user passwords and logins, video surveillance recordings, IP addresses or other identifiers and information collected via cookies or other similar technologies and in system logs;
    • transactional data: purchase information, transaction history, purchase preferences, quantity and price of products sold in relation to the time period of the transaction;
    • data related to customers' interactions with the Company: opinions, comments, feedback, queries, feedback on products and services.
  3. Legal basis for data processing: The processing of data, depending on the specific case, is based on various legal bases, including in particular:
    • the data subject's consent to the processing of personal data for the purposes set out in the Privacy Policy;
    • legitimate interest of the controller of the personal data;
    • the need to process the data for the performance of the contract concluded with the customer or to take action at the customer's request prior to the conclusion of the contract;
    • applicable legislation, including data protection legislation.
  5. Protection, data security: The company takes all necessary technical, organisational and procedural measures to protect data against unauthorised access, loss, damage or unauthorised disclosure. Appropriate information security procedures are implemented, up-to-date technical solutions are used to ensure the security of the processed data. Regular security audits and employee training on data protection are carried out. Opportunities to develop these safeguards by implementing new measures described in standards created for this purpose are also analysed.
  6. Transfer of data to third parties: Data may only be shared or transferred to third parties where this is necessary to fulfil the purposes set out in the Privacy Policy and within the limits permitted by applicable law. The transfer of data may take place in the case of cooperation with entities providing services to the Company (e.g. IT service providers, courier companies), whereby we ensure that the third parties processing the data act on the basis of the relevant agreements concluded and comply with the relevant data security standards.
  7. Rights of customers/data subjects: Such individuals have a number of rights in relation to the processing of their data, including the right to:
    • access to their data and receive information on how they are processed;
    • correct their data if they are inaccurate or incomplete;
    • erasure of your data ("right to be forgotten") in certain cases, e.g. when the data are no longer necessary for the purposes for which they were collected;
    • to restrict the processing of the data in cases laid down by law;
    • to object to the processing of your data in situations laid down by law, including the processing of your data for marketing purposes;
    • data portability, i.e. receiving the data from the Company in a structured, commonly used machine format and sending the data to another data controller.
  9. Data retention period: Data is retained for the time necessary to fulfil the purposes for which it was collected and in accordance with applicable legislation. The data retention period may vary depending on the specific circumstances and the type of data processed by the Company. In this context, the limitation periods for claims are an important factor.
  10. Contact: For matters relating to data protection, the exercise of customer rights and any questions or concerns relating to data processing, the Company can be contacted via email:zapytania@eldrut.pl, by telephone on +48 606918397 or in writing to the address of the registered office. The data collected in this way are processed exclusively for the purpose of communication and resolution of the matter to which the contact relates.
  11. Privacy Policy Update: This Privacy Policy may be updated from time to time to conform to changes in laws and Company practices. The current version of the policy is available athttps://www.eldrut.pl/rodo.
  12. Verification of data correctness: The company regularly monitors and verifies the correctness and timeliness of the stored data ensuring its accuracy and completeness.
  13. Actions related to data security incidents: In the event of a data security incident, the Company shall take the necessary actions to quickly identify, locate and mitigate the impact of the incident. The affected persons will be informed of the incident if required by applicable law or justified by the person's interest.
  14. Data minimisation principle: The company applies the principle of data minimisation, collecting only the information that is necessary for the specific purposes of data processing.
  15. Transfers of data outside the EU: When transferring data outside the European Economic Area (EEA), the Company provides adequate safeguards and guarantees for compliance with applicable data protection laws.
  16. Automated decision-making: The company does not use automated decision-making, including profiling, with significant impact on customers/end-users without their explicit consent.

This Privacy Policy has been drawn up with due care and in accordance with the applicable legislation, including data protection law. Its purpose is to provide customers and end users with full transparency and confidence in the Company's processing of their data.