Privacy Policy

Dear Sir or Madam,

This Privacy Policy sets out the rules for processing and protecting personal data provided by users in connection with their use of the services offered through the website https://lestello.pl.

As the data controller, our company exercises due diligence to ensure the security and protection of your personal data.

The information below is intended to inform customers and all interested parties about the purpose, scope and legal basis for the processing of personal data, the period for which it is stored, and the rights they are entitled to under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).

1. Data Controller and Contact Regarding Personal Data

The controller of your personal data is:

Lestello Sp. z o.o.
Rzeszowska 10
36-105 Cmolas
Podkarpackie Voivodeship, Poland

Tel.: +48 17 28 300 50
E-mail: sklep@lestello.pl

As the Data Controller, we are responsible for ensuring the security of your personal data and processing in writing at the company’s registered office address indicated above.

For all matters related to the processing of personal data, you may contact us:

electronically at: sklep@lestello.pl

2. Data Security

The Controller exercises particular care to protect the interests of data subjects and, in particular, ensures that the collected data are:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject,
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes,
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed,
  • accurate and, where necessary, kept up to date,
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed,
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

3. Categories of Personal Data Collected

Personal data are processed on the basis of the consent expressed by the users of the https://lestello.pl/ website and in cases where the law authorizes the Controller to process personal data.

The Controller may process personal data voluntarily provided by users, in particular for the purpose of:

  • responding to inquiries sent via the contact form, e-mail or telephone,
  • providing services by the Controller, in accordance with Article 6(1)(b) of the GDPR,
  • processing orders and contacting the customer in connection with the execution of the order,
  • conducting correspondence related to customer service,
  • fulfilling obligations arising from legal provisions, including tax and accounting regulations,
  • possible establishment, exercise or defence of legal claims.

Depending on the purpose of processing, these may include, in particular, the following data:

  • first and last name,
  • phone number,
  • e-mail address,
  • delivery or correspondence address,
  • company details and invoice data,
  • other information voluntarily provided by the user in the content of the message or form.

4. Legal Basis for Data Processing

Your personal data may be processed on the basis of:

  • Article 6(1)(a) of the GDPR – on the basis of the consent granted,
  • Article 6(1)(b) of the GDPR – when processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract,
  • Article 6(1)(c) of the GDPR – when processing is necessary for compliance with a legal obligation to which the Controller is subject,
  • Article 6(1)(f) of the GDPR – when processing is necessary for the purposes of the legitimate interests pursued by the Controller, such as contact with the customer, protection against claims or pursuing claims.

5. Data Retention Period

Personal data will be stored for the period necessary to achieve the purpose for which they were collected, and after its completion for the period required by law or until the statute of limitations for potential claims expires.

In particular:

  • data processed on the basis of consent – until it is withdrawn,
  • data related to the performance of a contract or order – for the duration of the contract and for the time required by law,
  • data processed for accounting and tax purposes – for the period resulting from applicable regulations,
  • data processed in connection with the defence or pursuit of claims – until the expiry of the limitation periods.

6. Rights of Data Subjects

At every stage of data processing, you have the right to:

  • access your personal data,
  • obtain a copy of the data,
  • rectify the data,
  • erase the data (“right to be forgotten”), provided there are no grounds excluding this right,
  • restrict processing,
  • object to data processing,
  • data portability, if the processing is based on consent or a contract and carried out by automated means,
  • withdraw consent at any time, if the data are processed on the basis of consent, without affecting the lawfulness of processing based on consent before its withdrawal.

In matters related to the exercise of the above rights, you can contact us by e-mail at: sklep@lestello.pl.

7. Data Recipients

Your personal data may be transferred to entities cooperating with the Controller only to the extent necessary to achieve the purposes of processing, in particular:

  • hosting and IT service providers,
  • courier and postal companies,
  • payment operators,
  • accounting office,
  • providers of tools supporting customer service, online store and communication.

These entities process data on the basis of appropriate agreements and in accordance with applicable law.

8. Right to Lodge a Complaint

A complaint regarding the processing of personal data may be lodged with the supervisory authority dealing with personal data protection.

In the Republic of Poland, the supervisory authority is:
the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).

9. Additional Information

This Privacy Policy is effective from the date of its publication on the https://lestello.pl website and may be updated periodically due to changes in law, technological changes or changes in the operation of the website.

10. Use of Cookies

Upon the first visit to the https://lestello.pl website, the user is informed about the use of cookies.

Cookies are used to:

  • ensure the proper functioning of the website,
  • adjust the website to user preferences,
  • maintain the user’s session,
  • conduct statistics and analyze the operation of the website,
  • support functions related to forms, the shopping cart or other elements of the website.

The user may at any time change the settings of their web browser regarding the handling of cookies, including restricting or completely disabling the possibility of saving them.

Restricting the use of cookies may affect some of the functionalities available on the website.