Facebook-f Linkedin-in Youtube
  • +48 42 632 84 84
logo boxmakers top
BOXMAT BOXMAKERS | Machines for corrugated boxes production

Privacy Policy

1. General information

  1. This Privacy Policy sets out the rules for processing personal data of users of the website boxmat.tech, operated by Zemat Technology Group Sp. z o.o.

  2. The Controller makes every effort to protect users’ privacy and ensure the security of the personal data processed.

  3. Personal data are processed in accordance with:

    • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR),

    • the Polish Personal Data Protection Act,

    • other generally applicable legal provisions.

2. Personal data Controller

The Controller of personal data is:

Zemat Technology Group Sp. z o.o.
ul. Brukowa 26
91-341 Łódź, Poland
VAT ID (NIP): PL 658 10 40 598
REGON: 290027468

The Controller is responsible for lawful and proper processing of personal data and for fulfilling the rights of data subjects.

3. Data Protection Officer

  1. The Controller has appointed a Data Protection Officer (DPO).

  2. The Data Protection Officer is: Joanna Styrcz.

  3. The DPO can be contacted at: iod@zemat.com.

  4. You may contact the DPO in all matters related to the processing of personal data and the exercise of rights under the GDPR.

4. Scope of personal data processed

The Controller may process the following categories of personal data of website users:

  1. Identification data, such as:

    • first and last name,

    • company name;

  2. Contact data, in particular:

    • e-mail address,

    • phone number,

    • mailing address;

  3. Data provided in the content of contact forms or quotation/inquiry requests;

  4. Technical data related to the use of the website (e.g., IP address, data contained in cookies).

5. Purposes and legal bases for processing personal data

  1. Personal data of users are processed for the following purposes:
    a) responding to inquiries submitted via the contact form or quotation/inquiry form;
    b) conducting correspondence related to the Controller’s product offering;
    c) sending technical product information, company news, and invitations to trade fairs and industry events as part of a newsletter;
    d) ensuring the proper functioning of the website;
    e) compiling statistics and analyses regarding the use of the website.

  2. The legal basis for processing personal data is:
    a) Article 6(1)(b) GDPR — processing necessary to take steps at the request of the data subject prior to entering into a contract, or for the purpose of conducting commercial correspondence;
    b) Article 6(1)(f) GDPR — the Controller’s legitimate interest consisting in conducting B2B business communication, analyzing website traffic, and ensuring the security and proper operation of the website;
    c) Article 6(1)(a) GDPR — the data subject’s consent, in particular for newsletter subscription.

  3. Providing personal data is voluntary; however, failure to provide them may prevent the Controller from achieving certain purposes, in particular responding to an inquiry or sending the newsletter.

6. Contact forms and quotation/inquiry requests

  1. The Controller enables users to contact it via forms available on the website.

  2. Data provided via forms are used solely for:

    • responding to the inquiry,

    • preparing and presenting information regarding the Controller’s products,

    • conducting further correspondence related to the inquiry.

  3. Data submitted via forms are not used for mass marketing communication without the user’s prior consent.

  4. Correspondence is conducted within B2B business relations and concerns only the Controller’s activities.

7. Newsletter

  1. The Controller operates a newsletter addressed to business recipients.

  2. The newsletter includes:

    • technical information about products,

    • company news,

    • invitations to trade fairs, industry events, and product presentations.

  3. Newsletter subscription requires providing an e-mail address and giving consent to receive the newsletter.

  4. The user may unsubscribe at any time using the unsubscribe link included in each message or by contacting the Controller.

  5. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

8. Recipients of personal data

  1. Users’ personal data may be disclosed only to entities entrusted by the Controller to perform certain activities related to the operation of the website or the processing purposes.

  2. Recipients of personal data may include in particular:
    a) hosting and server service providers — including cyber_Folks S.A.;
    b) IT service providers, including providers of IT systems and the WordPress CMS and plugins supporting website operation;
    c) providers of analytics and marketing tools, in particular Google LLC;
    d) providers of advisory, accounting, or tax services — only to the extent necessary to fulfill the Controller’s legal obligations.

  3. Personal data are not sold or shared with other entities for purposes unrelated to the Controller’s business.

  4. The Controller ensures that entities receiving personal data process them under appropriate agreements and in compliance with applicable law.

9. Transfers of data outside the European Union

  1. Due to the Controller’s use of analytics and marketing tools provided by Google LLC, users’ personal data may be transferred to third countries, in particular to the United States of America.

  2. Transfers of data outside the European Union take place on the basis of:

    • Standard Contractual Clauses approved by the European Commission, pursuant to Article 46 GDPR,

    • additional safeguards applied by service providers.

  3. The Controller makes efforts to ensure that such transfers take place with an adequate level of protection as required by the GDPR.

10. Personal data retention period

  1. Personal data are stored for the period necessary to achieve the purposes for which they were collected.

  2. Data processed in connection with contact or quotation/inquiry requests are stored for the duration of correspondence and, after it ends, for a period enabling the Controller to secure possible claims.

  3. Data processed on the basis of consent, in particular newsletter-related data, are stored until the consent is withdrawn by the user.

  4. Technical and statistical data are stored in accordance with the settings of the tools used and applicable legal provisions.

11. Rights of data subjects

  1. A person whose personal data are processed by the Controller has the following rights:
    a) the right to access personal data and obtain a copy;
    b) the right to rectify personal data;
    c) the right to erasure (“right to be forgotten”), unless circumstances exclude this right;
    d) the right to restrict processing;
    e) the right to data portability;
    f) the right to object to processing — in particular where processing is based on the Controller’s legitimate interest;
    g) the right to withdraw consent at any time where processing is based on consent.

  2. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

  3. To exercise your rights, you may contact the Controller or the Data Protection Officer using the contact details provided in this Privacy Policy.

12. Right to lodge a complaint

  1. A person whose personal data are processed has the right to lodge a complaint with a supervisory authority.

  2. The supervisory authority competent in the Republic of Poland is the President of the Personal Data Protection Office (PUODO).

13. Personal data security

  1. The Controller implements appropriate technical and organizational measures to protect processed personal data, adequate to the nature, scope, and purposes of processing.

  2. The Controller protects personal data against:

    • accidental or unlawful destruction,

    • loss,

    • alteration,

    • unauthorized disclosure or access.

  3. Only persons authorized by the Controller have access to personal data.

14. Cookies and similar technologies

  1. The Controller’s website uses cookies and other similar technologies.

  2. Cookies are used for:
    a) ensuring the proper and secure operation of the website;
    b) adapting website content to user preferences;
    c) compiling statistics and analyses regarding how the website is used;
    d) carrying out analytics and marketing activities using external tools — only after obtaining the user’s consent, where required by law.

  3. In particular, the website uses the following types of cookies:
    a) necessary cookies — essential for the proper functioning of the website;
    b) statistical and analytics cookies (e.g., Google Analytics) — enabling analysis of website traffic and improving its performance;
    c) marketing cookies (e.g., Google Ads) — used for marketing and remarketing activities.

  4. Statistical, analytics, and marketing cookies are used only after obtaining the user’s prior consent, expressed via the cookie banner available on the website.

  5. The user may:
    a) give consent to selected categories of cookies;
    b) refuse consent to cookies other than necessary cookies;
    c) change or withdraw consent at any time via the cookie consent settings available on the website.

  6. The user may also manage cookies via browser settings. Limiting or blocking cookies may affect certain website functionalities.

  7. Detailed information on the cookies used — including their type, purpose, and retention period — is available in the cookie consent management tool displayed to the user on the first visit and accessible at any time from the website.

  8. The Controller uses Google reCAPTCHA to secure the forms available on the website against abuse, spam, and automated submissions by bots.

  9. Google reCAPTCHA is provided by Google LLC, headquartered in the United States of America.

  10. Google reCAPTCHA works by analyzing user behavior on the website, in particular by assessing technical parameters of the connection, such as:
    a) IP address;
    b) browser and operating system information;
    c) time spent on the website;
    d) user interactions with the form.

  11. Data collected as part of Google reCAPTCHA are processed on the basis of Article 6(1)(f) GDPR, i.e., the Controller’s legitimate interest in protecting the website against abuse and ensuring its security.

  12. Data processed in connection with Google reCAPTCHA may be transferred to third countries, in particular to the United States of America, on the basis of:
    a) Standard Contractual Clauses approved by the European Commission, pursuant to Article 46 GDPR, and/or
    b) an adequacy decision (EU–US Data Privacy Framework), if the provider meets its requirements.

  13. The use of Google reCAPTCHA is subject to Google’s privacy policy, available at:
    https://policies.google.com/privacy

15. Changes to the Privacy Policy

  1. The Controller reserves the right to make changes to this Privacy Policy in the event of:

    • changes in law,

    • changes in how the website operates,

    • implementation of new tools or technological solutions.

  2. The current version of the Privacy Policy is always published on the website.

16. Final provisions

  1. This Privacy Policy is effective from the date of its publication on the website.

  2. In matters not regulated by this Privacy Policy, generally applicable laws shall apply, in particular the GDPR.

  3. Any questions or concerns regarding this Privacy Policy should be addressed to the Controller or the Data Protection Officer.

Cookies
We serve cookies. If you think that's OK, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings".
Settings Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year.
Save Accept all