Privacy Policy
1. This Privacy Policy sets out the principles for the processing of personal data obtained through the website kphomeservicesltd.pl, hereinafter referred to as the “Website.”
2. The owner of the website and the data controller is KP HOME SERVICES LTD, CW1 3GH Crewe, 1 Barnato Close, Tax Identification Number (NIP): 09653554, hereinafter referred to as the Controller.
3. Personal data collected by the Controller via the Website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as the GDPR.
4. The Controller takes special care to respect the privacy of Customers visiting the Website.
§ 1 Type of Data Processed, Purposes, and Legal Basis
1. The Administrator collects information about individuals conducting legal transactions not directly related to their business activities, individuals conducting business or professional activities on their own behalf, and individuals representing legal entities or organizational units other than legal entities to which the law grants legal capacity, conducting business or professional activities on their own behalf, hereinafter collectively referred to as “Customers.”
2. The Administrator processes Customers’ personal data within the scope of using the contact form service on the Website for the purposes necessary to perform a contract or take steps prior to entering into a contract – the processing basis is Article 6, paragraph 1, letter b of the GDPR.
3. When using the contact form service, the Customer provides the following data:
email address
name
telephone number
4. Additional information may be collected when using the Website, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet service provider, domain name, browser type, access time, and operating system type. Navigational data may also be collected from Customers, including information about links and hyperlinks they choose to click on or other actions taken on the Website, for purposes related to the provision of services, as well as for technical, administrative, analytical, and statistical purposes. In this respect, the basis for processing is also Article 6(1)(f) of the GDPR, i.e., necessary for the purposes of the Controller’s legitimate interest in ensuring IT security and managing the Website, and improving the functionality of the Website and the services provided.
§ 2 Data Recipients
1. Customers’ personal data are transferred to service providers used by the Controller to operate the Website. Depending on contractual arrangements and circumstances, the service providers to whom personal data are transferred are either subject to the Controller’s instructions regarding the purposes and methods of processing such data (processors) or independently determine the purposes and methods of processing (controllers).
1.1. Processors. The Controller uses providers who process personal data only on the Controller’s instructions. These include, among others, providers of hosting services, accounting services, marketing systems, Website traffic analysis systems, and systems for analyzing the effectiveness of marketing campaigns.
1.2. Controllers. The Controller uses providers who do not act solely on instructions and independently determine the purposes and methods of using Customers’ personal data. They provide electronic payment and banking services.
2. Location. Service providers are based primarily in Poland and other countries of the European Economic Area (EEA).
3. Upon request, the Controller shares personal data with authorized state authorities, in particular organizational units of the Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.
§ 3 Data Retention Period
1. Customers’ personal data are stored:
1.1. If consent is the basis for personal data processing, the Client’s personal data is processed by the Controller until consent is revoked, and after revocation, for a period corresponding to the limitation period for claims that may be brought by the Controller and against it. Unless specific provisions provide otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity, three years.
1.2. If the basis for data processing is the performance of a contract, the Client’s personal data is processed by the Controller for as long as necessary.
necessary for the performance of the contract, and after that time for a period corresponding to the limitation period for claims. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business, three years.
§ 4 Cookie Mechanism, IP Address
1. The website uses small files called cookies. They are saved by the Administrator on the end device of the person visiting the website, if the web browser allows it. A cookie typically contains the name of the domain from which it originates, its “expiration time,” and an individual, randomly selected number identifying the file. Information collected using this type of file helps tailor the products offered by the Administrator to the individual preferences and actual needs of visitors to the website.
2. The Administrator uses two types of cookies:
2.1. Session cookies: after the browser session ends or the computer is turned off, the saved information is deleted from the device’s memory. The session cookie mechanism does not allow for the collection of any personal data or any confidential information from Customers’ computers.
2.2. Persistent cookies: They are stored in the memory of the Customer’s end device and remain there until they are deleted or expire. The persistent cookie mechanism does not allow for the collection of any personal data or any confidential information from Customers’ computers.
3. The Administrator uses its own cookies for the following purposes:
3.1. analyses, research, and audience audits, in particular to create anonymous statistics that help understand how Customers use the Website, which allows for the improvement of its structure and content.
4. The Administrator uses third-party cookies for the following purposes:
4.1. presenting a map indicating the location of the Administrator’s office on the Website’s information pages using the website maps.google.com (external cookie administrator: Google Inc., based in the USA).
5. The cookie mechanism is safe for the computers of Customers visiting the Website. In particular, it is impossible for viruses or other unwanted software or malware to enter Customers’ computers this way. However, Customers have the option to limit or disable cookie access to their computers in their browsers. If you use this option, you will be able to use the Website, except for functions that, by their nature, require cookies.
6. The Controller may collect Customer IP addresses. An IP address is a number assigned to the computer of a visitor to the Website by the Internet service provider. The IP number allows you to access the Internet. In most cases, it is assigned to the computer dynamically, meaning it changes with each Internet connection and is therefore generally treated as non-personally identifiable information. The Controller uses the IP address to diagnose technical problems with the server, create statistical analyses (e.g., determine which regions receive the most visits), as information useful in administering and improving the Website, as well as for security purposes and to identify any unwanted automated programs that burden the server and browse the Website’s content.
§ 5 Rights of Data Subjects
The data subjects have the following rights:
1. The right to withdraw consent to data processing at any time:
1.1. The Client has the right to withdraw any consent they have given.
1.2. Withdrawal of consent takes effect from the moment of withdrawal.
1.3. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
1.4. Withdrawal of consent does not entail any negative consequences for the Client; however, it may prevent further use of services or functionalities that, according to the law, the Controller may only provide with consent.
2. Right to object to data processing:
2.1. The Client has the right to object at any time – for reasons relating to their particular situation – to the processing of their personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on these provisions. The Controller is no longer permitted to process this personal data unless they demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or grounds for establishing, pursuing, or defending legal claims.
2.2. By opting out of receiving marketing communications regarding products or services via email, the Client will be deemed to have objected to the processing of their personal data, including profiling for these purposes.
3. Right to erasure (“right to be forgotten”):
3.1. The customer has the right to request the erasure of all or some of the personal data.
3.2. The customer has the right to request the erasure of personal data if:
3.2.1. the personal data are no longer necessary for the purposes for which they were collected or processed.
3.2.2. the customer has withdrawn specific consent to the extent that the personal data were processed based on their consent.
3.2.3. the customer has objected to the processing under Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the customer has objected to the processing under Article 21(2) of the GDPR.
3.2.4. the personal data are processed unlawfully.
3.2.5. the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the Controller is subject.
3.2.6. the personal data were collected in connection with the provision of information society services.
3.3. Despite a request to delete personal data, in connection with an objection or withdrawal of consent, the Controller may retain certain personal data to the extent that processing is necessary to establish, pursue, or defend legal claims, as well as to comply with a legal obligation requiring processing under EU or Member State law to which the Controller is subject. This applies in particular to personal data including: first name, last name, and email address, which are retained for the purpose of handling complaints and claims related to the use of the Controller’s services, as well as additionally, residential/mailing address and order number, which are retained for the purpose of handling complaints and claims related to concluded sales contracts or the provision of services.
4. Right to restrict data processing:
4.1. The Customer has the right to request the restriction of the processing of their personal data. Submitting a request, until it is resolved, prevents the use of certain functionalities or services, the use of which will involve the processing of the data covered by the request. The Controller will also not send any communications, including marketing communications.
4.2. The Customer has the right to request the restriction of the use of personal data in the following cases:
4.2.1. When the Customer contests the accuracy of their personal data – the Controller will restrict their use for the time needed to verify the accuracy of the data, but no longer than 7 days.
4.2.2. When the data processing is unlawful, and instead of deleting the data, the Customer requests the restriction of their use.
4.2.3. When the personal data are no longer necessary for the purposes for which they were collected or used, but the Customer requires them to establish, pursue, or defend legal claims.
4.2.4. When the data subject has objected to the processing of their data – until it is determined whether the Controller’s legitimate grounds override the data subject’s grounds for objection.
5. Right to request access to their personal data from the Controller and receive a copy thereof:
5.1. The Customer has the right to obtain confirmation from the Controller as to whether they are processing personal data, and if so, the Customer has the right to:
5.1.1. Access their personal data.
5.1.2. Obtain information about the processing purposes, the categories of personal data being processed, the recipients or categories of recipients of such data, the planned retention period for the Customer’s data or the criteria for determining this period (when determining the planned data processing period is not possible), the Customer’s rights under the GDPR, and the right to lodge a complaint with a supervisory authority. If the personal data were not collected from the data subject, all available information about their source, any automated decision-making, including profiling referred to in Article 22(1) and (4) of the GDPR, and—at least in these cases—significant information about the principles underlying such decision-making, as well as the significance and envisaged consequences of such processing for the data subject, and the safeguards applied in connection with the transfer of personal data outside the European Union.
5.1.3. Obtain a copy of your personal data. The right to obtain a copy must not adversely affect the rights and freedoms of others.
6. Right to rectification (amendment) of data:
6.1. The Client has the right to request the Controller to immediately rectify any inaccurate personal data concerning them. Taking into account the purposes of processing, the Client whose data is processed has the right to request the completion of incomplete personal data, including by submitting an additional declaration, by sending a request to the email address specified in §6 of the Privacy Policy.
7. Right to data portability:
7.1. The Client has the right to receive their personal data provided to the Controller and then transfer it to another personal data controller of their choice. The Client has the right to:
You also have the right to request that the Controller send your personal data directly to such controller, if technically feasible. In such a case, the Controller will send your personal data in a CSV file, which is a commonly used, machine-readable format that allows the data to be transferred to another controller.
8. Right to lodge a complaint with a supervisory authority:
8.1. The Client has the right to lodge a complaint with the President of the Personal Data Protection Office regarding a violation of their personal data protection rights or other rights granted under the GDPR.
9. If the Client exercises the rights arising from the above rights, the Controller shall comply or refuse to comply with the request immediately, but no later than one month after receiving it. However, if – due to the complex nature of the request or the number of requests – the Controller is unable to comply with the request within one month, it will comply within the next two months, informing the Client within one month of receiving the request of the intended extension and the reasons for it.
10. The Client may submit complaints, inquiries, and requests to the Controller regarding the processing of their personal data and the exercise of their rights.
§ 6 Changes to the Privacy Policy
1. The Privacy Policy may change, of which the Controller is not obligated to notify.
2. Questions regarding the Privacy Policy should be sent to the following email address:
krzysztof.podlasinski@yahoo.co.uk
3. Date of last modification: June 24, 2025
