Skip to content

Polityka Prywatności

This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users in connection with the use of the website https://www.airflowperformance.pl (hereinafter: the “Service”). This Privacy Policy is for informational purposes and has been prepared in compliance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

1. Personal Data Controller

The controller of Users’ personal data (hereinafter: the “Controller”) is the entity operating the Service: Airflow Performance, with its registered office in Oborniki, ul. Kowanowska 55, contact e-mail: info@airflowperformance.pl.

The Controller takes special care to protect the interests of data subjects and, in particular, ensures that:

  • Data is processed lawfully, fairly, and transparently.
  • Data is collected for specific, explicit, and legitimate purposes.
  • Data is not further processed in a way that is incompatible with those purposes.
  • Data is accurate and, where necessary, kept up to date.
  • Data is stored in a form that allows identification of the data subject for no longer than is necessary for the purposes for which the data is processed.
  • Data is processed in a manner ensuring appropriate security of personal data.

2. Scope and purposes of data processing

Users’ personal data may be processed for the following purposes:

  • Provision of services ordered by Users – if the Service allows placing orders, requests, or reservations.
  • Contact with the User – in the case of filling out a contact form, sending an e-mail, or submitting a request for quotation.
  • User account management – if the User creates an account on the website (where such functionality is available).
  • Direct marketing – with the explicit consent of the User, e.g. through newsletter subscriptions, promotional offers, and notifications.
  • Analysis of traffic on the Service – to improve the functionality of the Service and adapt the offer to Users’ preferences.
  • Fulfillment of legal obligations – to the extent required by law for data storage.

Providing personal data is voluntary; however, failure to provide data marked as necessary may prevent the provision of services or contact with the User.

3. Legal basis for processing

The Controller processes Users’ personal data based on:

  • Art. 6(1)(a) GDPR – consent of the data subject (e.g. for direct marketing).
  • Art. 6(1)(b) GDPR – necessity of processing for the performance of a contract or taking steps at the request of the data subject prior to entering into a contract (e.g. handling inquiries submitted through a form).
  • Art. 6(1)(c) GDPR – compliance with a legal obligation to which the Controller is subject (e.g. accounting, record-keeping).
  • Art. 6(1)(f) GDPR – legitimate interests pursued by the Controller (e.g. analysis of traffic on the Service, pursuing or defending claims).

4. Processing of cookies

  1. The Service uses cookies to:
    • Ensure proper operation and functionality of the Service.
    • Customize content to Users’ preferences.
    • Create anonymous statistics to improve the structure and content of the Service.
    • Carry out marketing purposes.
  2. Cookie management within the Service is supported by the CookieBot tool, which enables Users to grant and withdraw consent for the use of certain types of cookies.
  3. Cookies are not used to collect any personal data of Users and do not enable the identification of a User’s identity.
  4. Users may change their cookie settings at any time – via the CookieBot panel in the Service or in their browser settings. Please note, however, that restricting the use of cookies may affect some functionalities of the Service.

5. Data retention period

Users’ personal data will be stored for the period necessary to fulfill the purposes of processing specified in this Policy, or until consent is withdrawn (where processing is based on consent).

In some cases, the data retention period may result from applicable legal provisions (e.g. regarding accounting records).

6. Data recipients

  1. In connection with the purposes specified in this Policy, Users’ personal data may be disclosed to entities cooperating with the Controller, in particular:
    • Hosting providers (for hosting services and server maintenance).
    • IT service providers and entities providing technical support for the Service.
    • Entities providing accounting, legal, or advisory services, to the extent necessary to carry out assigned tasks.
    • Providers of analytical tools (e.g. CookieBot or other traffic analysis tools).
    • Marketing service providers (where the User has given the relevant consent).
  2. The Controller ensures that all entities entrusted with personal data apply appropriate safeguards required by law.

7. Users’ rights

Every person whose personal data is processed has the following rights:

  • Right of access – the User may obtain confirmation as to whether the Controller processes their data and, if so, access it and receive information about its purpose, categories, and recipients.
  • Right to rectification – if the data is incorrect or incomplete, the User may request correction or supplementation.
  • Right to erasure (“right to be forgotten”) – in certain cases, e.g. when data is no longer necessary for the purposes it was collected.
  • Right to restriction of processing – e.g. when the accuracy of data is contested or an objection has been lodged.
  • Right to data portability – where processing is based on consent or a contract and is carried out by automated means.
  • Right to object – to processing based on the Controller’s legitimate interests or for direct marketing.
  • Right to withdraw consent – at any time, if processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
  • Right to lodge a complaint – with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (PUODO).

To exercise these rights, please contact the Controller using the contact details provided in Section 1.

8. Transfer of data to third countries

As a rule, Users’ personal data will not be transferred outside the European Economic Area (EEA).

If services or technologies are used that may involve the transfer of data to third countries (e.g. servers located outside the EEA), the Controller will ensure the application of legal instruments required under GDPR (e.g. standard contractual clauses).

9. Personal data security

The Controller applies technical and organizational measures to ensure the protection of processed data, appropriate to the risks and categories of data being protected, in particular to secure the data against unauthorized access, acquisition by an unauthorized person, unlawful processing, and against alteration, loss, damage, or destruction.

10. Final provisions

The Controller reserves the right to amend this Privacy Policy. Changes may arise, among others, from amendments to the law, guidelines of supervisory authorities in the field of personal data protection, or modifications to the functionalities of the Service.

Users will be informed of material changes to the Privacy Policy by an appropriate notice on the Service’s homepage or in another manner chosen by the Controller.

This Privacy Policy applies from the moment of its publication on the Service.