Szukaj

Public Offer

GDPR Information
on the processing of personal data of consumers submitting complaints or claims

I. [Data Controller]
The controller of personal data is LBC2019 spółka z ograniczoną odpowiedzialnością (NIP: 7010968698, KRS: 0000826204), located at ul. Stawki 4B, unit 2, 00-193 Warsaw, Poland.

II. [Purposes, Legal Basis, and Retention Period of Personal Data Processing]

The Controller processes personal data:
  1. For the purpose of receiving, reviewing the complaint, clarifying all circumstances, providing a response, and taking any other necessary actions to resolve the matter – based on the consent given by the complainant. By submitting a complaint to the Controller, the complainant explicitly confirms their consent to the processing of personal data contained in the complaint and any other information necessary to process the complaint (Article 6(1)(a) in connection with Article 4(11) of the GDPR) – for the period necessary to resolve the matter.
  2. If the complaint includes special category personal data, particularly health-related data, whether included in the complaint or in attached documentation, explicit consent must be provided by the consumer through a statement included in the complaint, as follows:
  3. "I consent to the processing of my personal data, including special category data contained in my complaint or claim, as well as data necessary for processing my complaint by the Controller (Article 6(1)(a) and Article 9(2)(a) of the GDPR)."
  4. Consent may be withdrawn at any time, but withdrawal does not affect the lawfulness of processing conducted before withdrawal. However, withdrawing consent will prevent further processing of the complaint by the Controller.
  5. The data included in the complaint and processed to clarify the circumstances of the case may also be processed further by the Controller for the establishment, exercise, or defense of legal claims directly or indirectly related to the complaint, based on Article 6(1)(f) of the GDPR, and for special category data, based on Article 9(2)(f) of the GDPR – for the following periods:
  6. a)One year from the response date – for standard cases, provided the complainant does not submit further claims or complaints. If the documentation concerns financial settlements, the retention period is determined by the Accounting Act.
  7.  b) Three years from receipt of the complaint – in accordance with the Civil Code as the standard limitation period for claims. If legal proceedings are initiated, data may be retained until the final resolution of the case and the expiration of any new limitation periods – for complex, non-standard cases or when the complainant submits further claims, complaints, or initiates proceedings before public authorities.
III. [Disclosure of Personal Data]
  1. The Controller may disclose personal data of complainants when proceedings are initiated by either the complainant or the Controller, in compliance with legal obligations. Personal data may be shared with external legal offices cooperating with the Controller, postal operators, or couriers.
  2. Personal data of complainants may be disclosed to entities cooperating with the Controller based on written data processing agreements, for the purpose of fulfilling specific tasks or services for the Controller, including IT support, administrative services, legal or consulting services.
IV. [Rights of Data Subjects]

Every individual whose data is processed has the right:
  1. To access their data – obtaining confirmation from the Controller whether their personal data is being processed. If so, they are entitled to access the data and receive details about the processing purposes, data categories, recipients, data retention periods, and their rights regarding correction, deletion, or restriction of processing (Article 15 GDPR).
  2. To receive a copy of the data – obtaining a copy of the processed data. The first copy is free, while the Controller may charge a reasonable fee for additional copies based on administrative costs (Article 15(3) GDPR).
  3. To rectify data – requesting correction of incorrect personal data or completion of incomplete data (Article 16 GDPR).
  4. To request data deletion – if the Controller no longer has a legal basis for processing or the data is no longer necessary for the purposes of processing (Article 17 GDPR).
  5. To restrict processing – under the following conditions (Article 18 GDPR):
  6.  a) The accuracy of the personal data is contested by the data subject – for a period allowing the Controller to verify its accuracy.
  7.  b) The processing is unlawful, but the data subject opposes erasure and requests restriction instead.
  8.  c) The Controller no longer needs the data, but the data subject requires it for the establishment, exercise, or defense of legal claims.
  9.  d) The data subject has objected to processing, pending verification of whether the Controller's legitimate grounds override those of the data subject.
  10. To object to processing – for reasons related to their particular situation, unless the Controller demonstrates compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or if the data is required for legal claims (Article 21 GDPR).
  11. To data portability – in cases where processing is based on consent or a contract and is carried out by automated means, the data subject can request that their data be transferred to another controller (Article 20 GDPR).
  12. To withdraw consent at any time – without affecting the legality of processing before withdrawal (Article 7(3) GDPR).
  13. To lodge a complaint with a supervisory authority – if they believe that data processing violates GDPR regulations.
V. [President of the Personal Data Protection Office]

A data subject has the right to file a complaint with the President of the Personal Data Protection Office (PUODO) in Poland, located at ul. Stawki 2, 00-193 Warsaw, through:
  1. Mail: ul. Stawki 2, 00-193 Warsaw, Poland,
  2. Electronic submission via the website: https://www.uodo.gov.pl/pl/p/kontakt,
  3. Phone: (+48) 22 531 03 00.
VI. [Data Protection Officer]

A data subject may also directly contact the Controller’s Data Protection Officer:
  1. By email at [email protected],
  2. By mail to the address provided above, with the note: "Data Protection Officer."
VII. [Legal Acts Referenced in This Clause]
  1. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (Official Journal of the EU L 2016 No. 119, p. 1).
  2. Article 74(2)(6) of the Accounting Act of September 29, 1994 (Journal of Laws 2018, item 395, as amended).
  3. Article 118 of the Civil Code of April 23, 1964 (Journal of Laws 2018, item 1025, as amended).

© 2025 Alís. Technologia Shopify.

  • American Express
  • Apple Pay
  • Google Pay
  • Klarna
  • Mastercard
  • PayPal
  • Shop Pay
  • Visa