1. General Information

1. This policy applies to the website operating at: ormigo.com.pl
2. The website operator and data controller is: ORMIGO Sp. z o.o. ul. Broni Pancernej 16, 68-200 Żary, Poland
3. Operator’s email contact address: biuro@ormigo.com.pl
4. The Operator is the controller of your personal data provided voluntarily through the website.
5. Personal data is processed for the following purposes:
   
   • Newsletter management
   • Commenting system management
   • Live chat functionality
   • Handling inquiries via contact forms
   • Order preparation, packaging, and shipping
   • Fulfillment of ordered services
   • Presenting offers or information
6. The website collects information about users and their behavior in the following ways:
   
   1. Through data voluntarily entered in forms, which are stored in the Operator’s systems
   2. Through cookies stored on users’ end devices

2. Selected Data Protection Measures Used by the Operator

1. Login and data entry areas are protected at the transmission layer (SSL certificate). This ensures that personal data and login credentials entered on the site are encrypted on the user’s device and can only be read by the target server.
2. Personal data stored in the database is encrypted in a way that only the Operator with the decryption key can read it, thus protecting it in the event of database theft.
3. User passwords are stored using a hashed form. The hashing function is one-way and irreversible, which is a current standard for password storage.
4. The Operator regularly creates backup copies to protect data.
5. An essential element of data protection is the regular updating of all software used by the Operator for processing personal data, particularly software components.

3. Hosting

1. The website is hosted (technically maintained) on the servers of dhosting.
2. To ensure technical reliability, the hosting company maintains server-level logs, which may include:
   
   • Resources identified by URL addresses (requested pages or files),
   • Time of request arrival,
   • Time of response,
   • Name of the client device (as identified by the HTTP protocol),
   • Information about HTTP errors,
   • Referrer URL (if the user accessed the site via a link),
   • Information about the user’s browser,
   • IP address,
   • Diagnostic data related to service ordering through on-site forms,
   • Information related to email communication sent to or from the Operator.

4. Your Rights and Additional Information on Data Processing

1. In certain situations, the Data Controller may be obliged to transfer your personal data to other recipients if it is necessary to fulfill a contract with you or to meet legal obligations. This applies to the following groups:
   
   • Hosting company (under data processing agreement)
   • Couriers
   • Postal operators
   • Law firms and debt collectors
   • Payment operators
   • Comment system providers
   • Live chat service providers
   • Authorized employees and associates who use the data to operate the website
   • Marketing service providers acting on behalf of the Operator
2. Personal data is processed for no longer than necessary for the activities defined by separate legal regulations (e.g., accounting laws). Data used for marketing purposes will not be processed for more than 3 years.
3. You have the right to request from the Controller:
   
   • Access to your personal data,
   • Rectification of your data,
   • Deletion of your data,
   • Restriction of processing,
   • Data portability.
4. You have the right to object to processing based on legitimate interests pursued by the Controller, including profiling. The objection may not be considered if there are valid legal grounds for processing that override your interests, rights, and freedoms, especially for the establishment, exercise, or defense of legal claims.
5. You have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).
6. Providing personal data is voluntary but necessary to use the website’s services.
7. Automated decision-making, including profiling, may be used in relation to service provision and direct marketing.
8. Personal data is not transferred outside the European Union.

5. Information in Forms

1. The website collects data voluntarily provided by users, including personal data if supplied.
2. The website may record information about connection parameters (timestamp, IP address).
3. In some cases, the website may store data linking form entries to the user’s email address. In such cases, the user’s email address may appear in the URL of the page containing the form.
4. Data submitted in forms is processed for the specific purpose of each form, such as handling service requests, commercial contact, or service registration. Each form clearly indicates its purpose.

6. Administrator Logs

1. User activity on the website may be logged. This data is used to administer the website.

7. Key Marketing Techniques

1. The Operator uses Google Analytics (Google Inc., USA) to analyze website traffic. No personal data is shared with the service provider, only anonymized information. The service uses cookies on the user’s device. Users can view and manage information collected by the Google advertising network using the tool: https://www.google.com/ads/preferences/
2. The Operator uses the Facebook Pixel (Facebook Inc., USA), which allows Facebook to recognize users visiting the site. This is based on data for which Facebook is the controller. The Operator does not transfer any additional personal data to Facebook. The service uses cookies stored on the user’s device.
3. The Operator uses tools for analyzing user behavior, such as heatmaps and session recordings. These data are anonymized before being transmitted to the service provider and do not include passwords or other personal data.

8. Information about Cookies

1. The website uses cookies.
2. Cookies are IT data, in particular text files, which are stored on the end device of the Website User and are intended for the use of the Website’s pages. Cookies typically contain the name of the website from which they originate, their storage time on the end device, and a unique number.
3. The entity placing cookies on the User’s end device and accessing them is the Website operator.
4. Cookies are used for the following purposes:
   
   1. Maintaining the user’s session (after login), so the user does not have to re-enter credentials on every page
   2. Achieving the purposes defined in the section “Key Marketing Techniques”
5. The Website uses two main types of cookies: “session” cookies and “persistent” cookies. Session cookies are temporary files stored on the User’s end device until logging out, leaving the website, or turning off the web browser. Persistent cookies are stored on the User’s end device for the time specified in the cookie parameters or until deleted by the User.
6. By default, the web browser allows storing cookies on the User’s device. Website Users can change their settings in this regard. The web browser allows the deletion of cookies. It is also possible to automatically block cookies. Detailed information on this topic is available in the help or documentation of the web browser.
7. Restrictions on the use of cookies may affect some of the functionalities available on the Website’s pages.
8. Cookies placed on the User’s end device may also be used by entities cooperating with the Website operator, in particular companies such as: Google Inc. (USA), Facebook Inc. (USA), Twitter Inc. (USA).

9. Managing Cookies – How to Give and Withdraw Consent

1. If you do not wish to receive cookies, you can change your browser settings. Disabling essential cookies may affect website usability or, in extreme cases, prevent its use.
2. To manage cookies, choose your browser below and follow the instructions:
   
   • Edge
   • Internet Explorer
   • Chrome
   • Safari
   • Firefox
   • Opera

   Mobile devices:

   • Android
   • Safari (iOS)
   • Windows Phone