Privacy Policy
1. General Provisions
a. This Privacy Policy sets out the rules for the processing of personal data and the use of cookies and similar technologies in connection with the use of the website available at: https://pronetkrakow.com.pl/pl/
b. The Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) and national regulations concerning the provision of electronic services and the use of cookies. The rights of data subjects and the legal bases for processing arise directly from the GDPR.
c. The website is of an informational and commercial nature and is used in particular to present the offer, enable contact with the Controller, and handle inquiries regarding products and cooperation. The site includes a contact form and elements of an online store based on PrestaShop.
2. Personal Data Controller
The controller of personal data is:
Pronet Kraków sp. z o.o.
ul. B. Wallek-Walewskiego 9, 30-094 Kraków
KRS: 0000670157
NIP: 6772417306
REGON: 366860822
e-mail: info@pronetkrakow.com.pl
tel.: +48 12 312 46 46
In matters concerning the processing of personal data, you may contact the Controller at the above e-mail address or in writing at the registered office address.
3. Scope and Sources of Data
The Controller may process personal data voluntarily provided by the user, in particular:
first and last name,
e-mail address,
telephone number,
company details,
correspondence or delivery address,
data necessary for issuing accounting documents,
the content of a message sent via the contact form or e-mail,
technical data concerning the use of the website, including IP address, information about the device, browser, session, and activity on the website.
Data are obtained directly from the user and automatically during the use of the website through cookies and similar technologies.
4. Purposes, Legal Bases, and Data Retention Periods
4.1. Contact with the Controller
Data provided in the contact form, e-mail message, or during telephone contact are processed for the purpose of:
responding to an inquiry,
conducting correspondence,
taking steps prior to entering into a contract or performing a contract.
Legal basis:
Article 6(1)(b) GDPR – taking steps at the request of the data subject prior to entering into a contract or performance of a contract,
Article 6(1)(f) GDPR – the Controller’s legitimate interest consisting in handling correspondence and defending against claims.
Retention period:
until the correspondence is concluded, and thereafter until the limitation period for potential claims expires or for the period required by law.
4.2. Handling Quotations, Orders, and Commercial Cooperation
If the user submits a quotation request, an order, or conducts correspondence with the Controller aimed at entering into and performing a contract, personal data are processed for the purpose of:
preparing an offer,
accepting and processing the order,
contact regarding order fulfillment,
product delivery,
issuing accounting documents,
fulfilling obligations related to complaints, statutory warranty, guarantee, or conformity of goods with the contract.
Legal basis:
Article 6(1)(b) GDPR – performance of a contract or steps prior to entering into a contract,
Article 6(1)(c) GDPR – compliance with legal obligations incumbent on the Controller, in particular tax, accounting, and consumer law obligations,
Article 6(1)(f) GDPR – establishment, exercise, or defense of claims.
Retention period:
for the duration of the contract, and thereafter for the period required by law, including tax and accounting regulations, and until the limitation period for claims expires.
4.3. Direct Marketing and Newsletter
If the user gives separate consent to receive commercial information or subscribes to the newsletter, their data will be processed for the purpose of sending marketing content, information about the offer, new products, promotions, or events.
Legal basis:
Article 6(1)(a) GDPR – consent of the data subject,
Article 6(1)(f) GDPR – the Controller’s legitimate interest consisting in analyzing the effectiveness of marketing communication, provided that such analysis is carried out lawfully.
Retention period:
until consent is withdrawn or an effective objection is raised, and thereafter for the period necessary to demonstrate the lawfulness of the Controller’s actions.
Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
4.4. Website Analytics and Statistics
If analytical cookies or similar technologies are used on the website, data may be processed for the purpose of:
generating statistics,
analyzing the way the website is used,
improving the functionality and security of the site.
Legal basis:
Article 6(1)(a) GDPR – user consent, insofar as analytics are based on cookies or similar technologies requiring consent,
Article 6(1)(f) GDPR – the Controller’s legitimate interest in internal analysis and ensuring security, insofar as the processing does not require prior consent. The Polish DPA emphasizes that consent to cookies must not be forced and must be easy to withdraw.
Retention period:
until the cookies expire, are deleted by the user, or consent is withdrawn – whichever occurs first.
4.5. Establishment, Exercise, or Defense of Claims
Data may also be processed for the purpose of establishing, pursuing, or defending against claims related to the Controller’s business activity, the use of the website, or a concluded contract.
Legal basis:
Article 6(1)(f) GDPR – the Controller’s legitimate interest.
Retention period:
until the limitation period for claims expires or until proceedings are finally concluded.
5. Voluntary Provision of Data
Providing personal data is voluntary, but in some cases necessary in order to:
receive a reply to a message,
obtain a quotation,
conclude and perform a contract,
issue accounting documents,
receive a newsletter or other commercial information.
Failure to provide data may make it impossible to handle an inquiry, complete an order, or provide a specific service.
6. Recipients of Data
Personal data may be transferred to entities cooperating with the Controller only to the extent necessary to achieve the purposes of processing, in particular:
hosting and website maintenance providers,
IT support and software providers,
e-mail service providers and standard office software providers,
courier companies, carriers, and logistics operators,
accounting offices and accounting service providers,
providers of analytical or marketing tools – if used,
law firms and entities supporting the Controller in establishing or defending claims,
authorized public authorities, if the obligation to disclose data arises from legal provisions.
7. Transfer of Data Outside the European Economic Area
As a rule, the Controller does not intend to transfer personal data outside the European Economic Area.
However, if the Controller uses tools provided by suppliers established outside the EEA, in particular analytical, marketing, or cloud tools, data may be transferred to third countries only with the use of mechanisms provided for by law, such as:
a European Commission adequacy decision,
standard contractual clauses,
other appropriate safeguards permitted under the GDPR.
The European Commission indicates that transfers to third countries may be based, among other things, on adequacy decisions and standard contractual clauses. With regard to the United States, the Commission has adopted a decision regarding the EU-U.S. Data Privacy Framework.
8. Rights of Data Subjects
Every data subject has the right to:
access their data,
obtain a copy of their data,
rectify their data,
erase their data,
restrict processing,
data portability,
object to processing based on Article 6(1)(f) GDPR,
withdraw consent at any time, if processing is based on consent,
lodge a complaint with the President of the Personal Data Protection Office.
These rights arise from the GDPR, in particular Articles 15–21.
9. Data Security
The Controller applies appropriate technical and organizational measures to protect personal data against loss, destruction, disclosure, unauthorized access, or unauthorized modification.
The website uses an encrypted SSL/TLS connection. The previous policy and the current structure of the website indicate the use of a secure connection, and the site itself operates under HTTPS.
10. Cookies and Similar Technologies
a. The website uses cookies and similar technologies.
b. Cookies may be used for the following purposes:
ensuring the proper functioning of the website,
maintaining the user’s session,
remembering selected settings,
statistics and analytics,
marketing activities – only if such tools are actually used and the user has consented to them.
c. Cookies necessary for the proper functioning of the website may be used without the user’s consent, whereas analytical and marketing cookies require consent if required by applicable law. The Polish DPA emphasizes that consent should be voluntary, informed, and as easy to withdraw as it is to give.
d. The user may manage cookie settings through their browser and – if the website provides such functionality – through the consent banner or consent management panel.
e. Restricting the use of cookies may affect certain functionalities of the website.
f. The retention period of cookies depends on their type and purpose. Session cookies are stored until the session ends, and persistent cookies until they expire or are deleted by the user.
11. Links to External Websites and Social Media
The website may contain links to external websites and social media profiles, including Facebook. The use of these services is subject to the rules and privacy policies applied by their providers. The website contains links to Facebook and other related websites.
12. Changes to the Privacy Policy
The Controller may update this Privacy Policy, in particular in the event of:
changes in legal regulations,
changes in website functionality,
changes in the method of data processing or the tools used.
The current version of the Privacy Policy is published on the website.
Policy update date: 18-03-2026
COOKIE POLICY
Cookie Policy for pronetkrakow.com.pl
effective as of 18 March 2026
1. General Information
a. This Cookie Policy sets out the rules for the use of cookies and similar technologies on the website available at: https://pronetkrakow.com.pl/pl/
b. The website is operated by Pronet Kraków sp. z o.o., ul. Wallek-Walewskiego 9, 30-094 Kraków, KRS 0000670157, NIP 6772417306, REGON 366860822. These details are visible on the website and in the current Privacy Policy.
c. The website uses cookies in accordance with the provisions of the Act of 12 July 2024 – Electronic Communications Law, in particular Articles 399–400, and taking into account the consent requirements arising from the GDPR.
2. What Cookies Are
a. Cookies are small text files stored on the user’s end device, such as a computer, tablet, or smartphone, when using the website.
b. Cookies may be read by the Controller’s ICT system or by third parties whose tools are used on the website.
c. For the purposes of this Policy, the term “cookies” also includes similar technologies, insofar as they involve storing information on the user’s device or gaining access to such information. Consent requirements cannot be circumvented by using other tracking techniques such as pixels, tracking links, or unique identifiers.
3. Legal Basis for the Use of Cookies
a. In accordance with Article 399 of the Electronic Communications Law, storing information on or gaining access to information already stored on the user’s device is permitted if the user has first been informed, in a clear, easy, and understandable manner, about the purpose of the cookies and the possibility of specifying the conditions for their use through the settings of the device or service, and has then given consent.
b. Consent may also be expressed through the settings of software installed on the device or through the configuration of the service, although in practice on websites this most often takes place via a banner or consent management panel.
c. According to Article 399(3) of the Electronic Communications Law, consent is not required if cookies are necessary for:
transmitting an electronic communication over a public telecommunications network, or
providing a telecommunications service or an electronically supplied service requested by the user.
d. Article 400 of the Electronic Communications Law provides that the provisions on personal data protection, i.e. the GDPR principles, apply accordingly to obtaining consent. This means, among other things, that consent must be freely given and that withdrawing it must be as easy as granting it.
4. Types of Cookies Used on the Website
The website may use the following types of cookies:
a. Necessary Cookies
These are cookies required for the proper functioning of the website or for the performance of a service requested by the user, for example maintaining a session, remembering selected technical settings, enabling the contact form, or ensuring security. These cookies may be used without the user’s consent, provided that they are genuinely necessary within the meaning of Article 399(3) of the Electronic Communications Law.
b. Functional Cookies
These cookies make it possible to remember user settings and improve the convenience of using the website, for example language selection, page layout, or other preferences. If they are not necessary for providing the service requested by the user, they require consent.
c. Analytical / Statistical Cookies
These cookies are used to collect information about how the website is used, including the number of visits, traffic sources, time spent on the site, and user behavior, in order to improve the website. If analytical tools are used that are not necessary, they require the user’s prior consent. The guidance referred to by the Polish DPA indicates that consent obligations also apply to tracking technologies other than classic cookies.
d. Marketing Cookies
These cookies may be used to tailor advertising content, measure the effectiveness of campaigns, and track user activity across websites. Such cookies require the user’s prior consent.
5. Purposes of Using Cookies
Cookies may be used for the following purposes:
ensuring the proper functioning of the website,
maintaining the user’s session,
remembering settings and preferences,
ensuring security,
compiling statistics and traffic analysis,
carrying out marketing activities, provided that the user has given consent.
If external tools are used on the website, for example analytical tools, the scope of cookies should be consistent with the actual configuration of the website. As of today, the visible front-end of the website shows an active cookie banner and the use of PrestaShop, but without a technical code audit, I do not categorically confirm which specific analytical or marketing tools are actually running.
6. Cookie Retention Period
a. Cookies may be:
session cookies – deleted after the browser session ends,
persistent cookies – stored for a specified period or until deleted by the user.
b. The retention period depends on the purpose and type of a given cookie and on the configuration of the tool used.
c. The Controller should limit the retention period of cookies to the time necessary to achieve their purpose, in accordance with the data minimization principle arising from the GDPR.
7. Managing Consent to Cookies
a. During the first visit to the website, the user should receive clear information about the use of cookies and be given the possibility to:
accept all cookies,
reject cookies other than necessary cookies,
select specific categories of cookies.
b. The user may change cookie settings or withdraw consent at any time. Withdrawal of consent should be as easy as granting it.
c. The user may also manage cookies through their web browser or device settings.
d. Restricting or disabling necessary cookies may cause some website functions to work incorrectly.
8. Third Parties
a. The website may use solutions provided by third parties, such as the hosting provider, the provider of the store software, and providers of analytical or marketing tools.
b. If such entities store or read cookies on the user’s device, this takes place in accordance with their own policies and within the scope of the consent granted by the user.
c. If such tools involve transfers of data outside the European Economic Area, the Controller should ensure an appropriate legal basis for such transfers in accordance with the GDPR. The European Commission indicates that the current EU privacy framework is based in parallel on the GDPR and the ePrivacy Directive.
9. Personal Data and Cookies
a. Some cookies may involve the processing of personal data, in particular online identifiers, IP addresses, or information about the user’s activity.
b. In such cases, the provisions of the Privacy Policy and the GDPR also apply.
c. The provisions on personal data protection apply accordingly to cookie consent, as expressly stated in Article 400 of the Electronic Communications Law.
10. Changes to the Cookie Policy
a. The Controller may update this Cookie Policy in the event of:
changes in legal regulations,
changes in the technologies used on the website,
changes in website functionality,
changes in providers of external tools.
b. The current version of the Cookie Policy is published on the website.
11. Contact
For matters concerning cookies and privacy, you may contact the Controller:
Pronet Kraków sp. z o.o.
ul. Wallek-Walewskiego 9, 30-094 Kraków
e-mail: info@pronetkrakow.com.pl
tel.: +48 12 312 46 46