Privacy Policy - CONREGO

This Privacy Policy complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (GDPR). The GDPR governs the rules for processing personal data and applies uniformly in all EU Member States.

1. Definitions

Controller – CONREGO Spółka z ograniczoną odpowiedzialnością, Plac Jana Pawła II 108a/2, 66-400 Gorzów Wielkopolski, Poland. Registered in the District Court in Zielona Góra, 8th Commercial Division of the National Court Register, KRS: 0000716221, VAT ID: PL5993215285, REGON: 369351080, phone: +48 95 725 3677 (9:00–17:00), e-mail: support@conrego.com

Personal Data – any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Data Protection Officer (DPO) – a person appointed by our company to oversee matters related to the protection of personal data and to ensure compliance with applicable data protection laws, in particular the GDPR.

Newsletter – a regularly distributed, free publication in electronic form (e-mail) containing information, articles, updates, promotions, or other content aimed at a specific group of recipients who have consented to receive marketing content. Detailed information on the newsletter can be found later in this Privacy Policy and in the Newsletter Terms and Conditions.

Policy – this document available at: https://conrego.com/legal/privacy-policy, which informs the User of the scope and manner of personal data processing related to the operation of the Website, as well as data storage, protection, and usage methods, and the possibilities and scope of using data, information, and materials presented on the Website.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Website – the website operated by the Controller at https://conrego.com

Personal Data Protection Act – the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2019, item 1781, as amended).

Electronic Services Act – the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws 2020, item 344, as amended).

Telecommunications Law – the Act of 16 July 2004 Telecommunications Law (Journal of Laws 2024, item 34, as amended).

User – any natural person visiting the Website or using one or more services or functionalities described in this privacy policy.

2. Data Protection Officer

To ensure proper protection of personal data, the Controller has appointed a Data Protection Officer (DPO), who can be contacted via email at dpo@conrego.com or by traditional mail:

CONREGO Sp. z o.o.
Plac Jana Pawła II 108a/2
66-400 Gorzów Wielkopolski
Poland

You have the right to submit a request regarding your rights to our DPO. When you do so, we will make every effort to respond promptly, no later than within 30 days. You also have the right to lodge a complaint with the data protection authority.

3. Data Processing in Connection with Use of the Website

In connection with the User’s use of the Website, the Controller collects data to the extent necessary to provide the offered services, as well as information about the User’s activity on the Website. Your personal data is collected and used only with your consent. Exceptions to this rule include situations where prior consent cannot be obtained and data processing is legally permitted.

You are not required to provide us with your personal data. However, to create an account and use our Services, certain personal data must be provided. If you do not provide the data necessary to deliver the requested services or object to its processing, we may not be able to fully or partially deliver such services.

The purposes and legal bases for processing are outlined in section 4 of this Policy. In certain cases, we process your data based on our legitimate interests. In such cases, we perform a balancing test to ensure that our interests do not override your fundamental rights. Remember, you always have the right to object.

4. Purposes and Legal Bases for Data Processing on the Website

We collect, process, and use your personal data for the following purposes:

No.	Purpose of Processing	Legal Basis	Retention Period
1.	Conclusion and performance of contracts, sending offers, fulfilling service orders.	Art. 6(1)(b) GDPR – processing is necessary for the performance of a contract or to take steps at the data subject’s request before entering into a contract.	Data is processed for the duration of the contract or the time needed to send the offer and receive a response, and then until the expiration of claims. If a contract is concluded, data is retained for 5 years from the end of the calendar year in which the tax payment deadline expired.
2.	Documenting contract execution by issuing invoices or receipts.	Art. 6(1)(b) and (c) GDPR – processing is necessary for the performance of a contract and to comply with legal obligations.	5 years from the end of the calendar year in which the tax payment deadline expired.
3.	Creating and managing your Account.	Art. 6(1)(b) GDPR – processing is necessary for the performance of a contract.	If you delete your Account or request deletion of your data, it will be removed without delay.
4.	Newsletter subscription and delivery.	Art. 6(1)(a) GDPR – voluntary consent.	Until consent is withdrawn.
5.	Establishing, pursuing, or defending against claims.	Art. 6(1)(f) GDPR – legitimate interest of the Controller.	Until the basis for processing ceases (3 years for standard claims, 10 years for business-related claims).
6.	Sending notifications.	Depending on the type of communication: Art. 6(1)(a), (b), or (f) GDPR.	As long as the Account is active or until deletion request/expiration of claims.
7.	Handling complaints and other service-related claims.	Art. 6(1)(b) and (c) GDPR – performance of a contract and legal obligation.	For the duration of the complaint procedure and until the expiration of claims.
8.	Communication via contact form / chat on the Website.	Depending on the communication type: Art. 6(1)(a) or (b) GDPR.	Until consent is withdrawn or claims expire.

The data retention period may be extended if processing is necessary to establish or defend against claims, and afterward only if and to the extent required by law. After that, data will be irreversibly deleted or anonymized.

In cases not listed above, your data will be processed based on the following legal grounds:

Art. 6(1)(a) GDPR – the data subject has given consent;
Art. 6(1)(b) GDPR – necessary for contract performance;
Art. 6(1)(c) GDPR – necessary to comply with a legal obligation;
Art. 6(1)(d) GDPR – necessary to protect vital interests;
Art. 6(1)(f) GDPR – legitimate interests of the Controller or a third party, provided such interests are not overridden by the rights and freedoms of the data subject.

5. Processing of Third-Party Personal Data

If necessary, you may provide the personal data of third parties, but only when required. In such cases, you must do so only with their consent and include only the data that is strictly necessary to fulfill the agreement.

6. Processing of Personal Data of Prospective Clients

1. Establishing Contact

The information you provide when contacting us via phone or email will be stored based on Article 6(1)(b) or Article 6(1)(f) GDPR to respond to your inquiries and provide after-sales support. If you consented to receive marketing content when completing the contact form, your data will be processed based on Article 6(1)(a) GDPR.

Each contact will be recorded to demonstrate that the interaction took place in accordance with legal requirements.

2. Miscellaneous Provisions

Based on Article 6(1)(c) and (f) GDPR, we use and store your personal data and, where necessary, technical information to prevent misuse of the website or other unlawful conduct, including investigating such cases (e.g., in the event of IT system attacks). This may be required by court orders or public authorities, or to protect our rights and interests, including defending ourselves in legal proceedings.

7. Marketing

The Controller processes Users' personal data for marketing purposes, which may include:

displaying marketing content not tailored to the User's preferences (contextual advertising);
displaying marketing content matching the User's interests (behavioral advertising);
sending email or SMS/MMS notifications, sometimes containing commercial information;
conducting direct marketing of goods and services (sending commercial information electronically or telemarketing).

You may withdraw your consent by sending an email to support@conrego.com. Withdrawal of consent does not affect data processing that occurred prior to withdrawal.

The Controller will respond to each request with confirmation that the User has been unsubscribed from the Newsletter.

8. Newsletter

If you have consented to receive the Newsletter, you may withdraw your consent at any time. This will result in the removal of your email address from the Controller’s mailing list and cessation of further communication. Consent may be withdrawn by clicking the "unsubscribe" link, which will redirect you to a page where you will be asked to confirm the withdrawal and provide the subscribed email address. You may also send an email to support@conrego.com with the message "Stop Newsletter". Withdrawal of consent does not affect data processing carried out before its withdrawal.

The Controller will confirm the successful unsubscription from the Newsletter service.

The Controller has prepared separate terms and conditions for the Newsletter, available at: https://conrego.com/legal/newsletter-terms-of-service

9. Social Media

The Controller processes personal data of Users visiting the Controller's social media profiles (Facebook, YouTube, X). This data is processed solely in connection with managing the profile, informing Users about the Controller's activities, promoting events, services, and products, and communicating via social media features. The legal basis for this processing is the User's consent (Article 6(1)(a) GDPR), granted by clicking the brand’s logo on the website. Users should be aware that each social media platform is a separate data controller with its own privacy policy, which should be reviewed before clicking the respective logo:

10. Cookies and Similar Technologies

The Controller has prepared a separate Cookie Policy, available at: https://conrego.pl/regulaminy/polityka-cookies

11. User Rights

Under the GDPR, the User has the following rights:

Right to access personal data – Article 15 GDPR
Right to rectification – Article 16 GDPR
Right to erasure ("right to be forgotten") – Article 17 GDPR
Right to restriction of processing – Article 18 GDPR
Right to data portability – Article 20 GDPR
Right to object to processing – Article 21 GDPR
Right to lodge a complaint with the supervisory authority – President of the Polish Data Protection Office (UODO), email: kancelaria@uodo.gov.pl, address: ul. Stawki 2, 00-193 Warsaw

Where your data is processed based on consent, you may withdraw that consent at any time. In some cases, data may not be fully erased and will be retained to defend against potential claims for the period required by civil law or to comply with legal obligations. The Controller will always provide justification for any further processing.

To exercise your rights, you can contact the Controller by email: support@conrego.com or by mail: Plac Jana Pawła II 108a/2, 66-400 Gorzów Wielkopolski, Poland.

12. Data Recipients

In connection with the provision of services, personal data may be disclosed to external entities, including: IT providers, website administrators, accounting firms, invoicing software providers, newsletter service providers, cloud service providers, marketing service providers, administrative service providers, consulting firms, subcontractors, legal advisors, couriers or postal operators, social media platforms, customer service platforms, product or service platforms, and other entities supporting the Controller in fulfilling processing purposes. The Controller reserves the right to disclose User data to authorized authorities or third parties upon a lawful request in accordance with applicable law.

13. Data Transfers Outside the EEA

User data may be transferred outside the European Union to third countries.

The Controller uses external providers such as Meta Platforms Ireland Limited (owner of Facebook and subsidiaries), Google, Microsoft, and others. As a result, data may be transferred to the United States, where it may be stored on U.S.-based servers. According to the European Commission’s Implementing Decision of 10 July 2023, Google and Facebook have obtained certifications under the EU-U.S. Data Privacy Framework, confirming an adequate level of protection. Data will only be transferred to recipients that guarantee the highest level of data protection, including:

cooperation with processors in countries recognized by the European Commission as offering adequate protection;
use of Standard Contractual Clauses approved by the European Commission;
implementation of Binding Corporate Rules approved by a competent authority;
or where the User has explicitly consented to the transfer.

See the privacy policies of these providers:

Meta Platforms Ireland Limited (Facebook, Instagram): https://www.facebook.com/privacy/explanation
Google LLC: https://policies.google.com/privacy?hl=pl

Currently, services by Google Ireland Limited and Meta Platforms Ireland Limited are mostly provided from within the EU. Nevertheless, we recommend regularly checking their privacy policies for the latest information. MailerLite may store data in the U.S. or use U.S.-based providers, though processing primarily takes place within the EU.

14. Automated Decision-Making and Profiling

User personal data will not be used for automated decision-making that may affect your rights, obligations, or freedoms under the GDPR.

15. Data Security

The Controller ensures personal data security through appropriate technical and organizational measures to prevent unlawful processing or accidental loss, destruction, or damage. Additionally, the Controller takes particular care to ensure that personal data is:

processed lawfully and fairly;
collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes;
adequate, relevant, and not excessive;
accurate and up to date;
kept for no longer than necessary;
stored securely.

16. Contact Information

You can contact the Controller via email at support@conrego.com or by post:

CONREGO Spółka z ograniczoną odpowiedzialnością
Plac Jana Pawła II 108a/2
66-400 Gorzów Wielkopolski
District Court in Zielona Góra, 8th Commercial Division of the National Court Register
KRS: 0000716221
VAT ID: PL5993215285
REGON: 369351080
Phone: +48 95 725 3677 (9:00–17:00)

Changes to the Privacy Policy

The Privacy Policy is reviewed regularly and updated when necessary.