1. General provisions and data controller

This Privacy Policy sets out the rules for the processing and protection of the personal data of visitors to the website available at dietaryfactory.com (hereinafter: the “Website”), as well as the rules for the use of cookies and other tracking technologies.

The Website is of an informational and advertising nature. It presents an offer of contract packaging and (contract) manufacturing services for dietary supplements. The Website is not an online store, does not sell any goods or services online, and does not allow the conclusion of contracts or the making of payments through it.

The controller of personal data (hereinafter: the “Controller”) is PPHU Jerzy Siemionczyk with its registered office in Magnoliowa 2/11 15-669 Białystok, entered into CEIDG, Tax ID (NIP): 5422750795.

The Controller may be contacted on matters relating to the protection of personal data:

  • by post – to the registered office address indicated above;
  • by e-mail – at: contact@dietaryfactory.com;

2. Key terms

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Personal data – any information relating to an identified or identifiable natural person.

User – any natural person visiting the Website or using its functionalities.

Cookies – small text files stored on the User’s end device while using the Website.

3. Purposes, legal bases and scope of data processing

The Controller processes Users’ personal data for the following purposes and on the following legal bases:

3.1. Handling enquiries submitted via the contact form, e-mail or telephone

If a User contacts the Controller (e.g. to obtain information about the services or to request an offer), the Controller processes the data provided, such as first name, surname, e-mail address, telephone number, company name and the content of the message.

  • Purpose: responding to the enquiry and conducting correspondence.
  • Legal basis: Article 6(1)(f) GDPR – the legitimate interest of the Controller consisting in handling enquiries and, to the relevant extent, Article 6(1)(b) GDPR – steps taken at the request of the data subject prior to entering into a contract.

3.2. Statistics, analytics and marketing (including Google Ads)

In connection with running advertising campaigns on the Google network and analysing traffic on the Website, the Controller processes data collected automatically by means of cookies and similar technologies, such as: IP address, cookie identifiers, information about the device and browser, the source of entry to the Website, the subpages visited, and other data relating to activity on the Website.

  • Purpose: compiling statistics, analysing the effectiveness of advertising, directing advertising to Users (including remarketing) and optimising the Website.
  • Legal basis: Article 6(1)(a) GDPR – the User’s consent expressed through the consent management tool (cookie banner). Consent is voluntary and may be withdrawn at any time.

3.3. Establishing, pursuing or defending claims

  • Purpose: the possible establishment, pursuit of or defence against claims.
  • Legal basis: Article 6(1)(f) GDPR – the legitimate interest of the Controller.

4. Voluntary nature of providing data

Providing personal data is voluntary; however, when contacting the Controller it is necessary in order to respond to the enquiry. The use of cookies for analytical and marketing purposes takes place only after the User has given consent.

5. Data recipients

Users’ personal data may be shared with entities that support the Controller in conducting its business and operating the Website, in particular:

  • providers of hosting and e-mail services;
  • providers of analytical and advertising tools (including Google Ireland Limited – Google Analytics and Google Ads services);
  • entities providing IT, legal, accounting and marketing services;
  • authorised state authorities, where the obligation to provide data arises from the law.

Entities processing data on the Controller’s behalf do so solely on the basis of a data processing agreement and to the extent specified by the Controller.

6. Transfer of data outside the European Economic Area

In connection with the use of tools provided by Google (Google Analytics, Google Ads), Users’ personal data may be transferred to countries outside the European Economic Area (EEA), including the United States.

Data transfers are carried out with the appropriate safeguards provided for in the GDPR, in particular on the basis of standard contractual clauses approved by the European Commission or on the basis of a European Commission adequacy decision (the Data Privacy Framework). The User may obtain a copy of the safeguards applied by contacting the Controller.

7. Data retention period

Personal data is stored for the period necessary to achieve the purposes for which it was collected:

  • data provided as part of correspondence – for the time necessary to handle the enquiry and then until the limitation period for any claims expires;
  • data processed on the basis of consent (analytical and marketing cookies) – until consent is withdrawn or the relevant cookie expires, in accordance with the table in the cookies section;
  • data processed on the basis of a legitimate interest – until an effective objection is raised or that interest ceases.

8. User rights

In connection with the processing of personal data, the User has the following rights:

  • the right to access their data and to obtain a copy of it;
  • the right to rectification (correction) of data;
  • the right to erasure of data (the “right to be forgotten”);
  • the right to restriction of processing;
  • the right to data portability;
  • the right to object to processing based on a legitimate interest;
  • the right to withdraw consent at any time, without affecting the lawfulness of processing carried out before its withdrawal;
  • the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland) – if the User considers that the processing of their data infringes the GDPR.

To exercise the above rights, the User may contact the Controller using the contact details indicated in section 1.

9. Automated decision-making and profiling

The User’s data may be subject to profiling for marketing and advertising purposes (e.g. matching the advertisements displayed within Google Ads campaigns, including remarketing). Such profiling does not produce legal effects concerning the User or similarly significantly affect them. Profiling takes place only after consent to the relevant cookies has been given.

10. Cookies and similar technologies

The Website uses cookies, i.e. small text files stored on the User’s end device. Cookies serve various functions – from ensuring the proper operation of the Website to statistical measurement and advertising purposes.

On the first visit to the Website, the User is shown a banner (a consent management tool) by means of which they can give or refuse consent to individual categories of cookies. Cookies other than necessary ones are activated only after consent has been given.

We use the following categories of cookies:

CategoryPurposeExample tools / providersLegal basis
NecessaryEnsuring the basic, proper operation and security of the Website.The Website’s own cookies, the cookie consent tool.Legitimate interest (Art. 6(1)(f) GDPR).
AnalyticalCreating anonymous statistics and analysing how the Website is used.Google Analytics (Google Ireland Ltd.).Consent (Art. 6(1)(a) GDPR).
Marketing / advertisingDisplaying and measuring the effectiveness of ads, remarketing, matching advertising content.Google Ads, Google Analytics (Google Ireland Ltd.).Consent (Art. 6(1)(a) GDPR).

10.1. Managing cookies

The User may, at any time, change or withdraw their consent using the settings of the consent management tool available on the Website, as well as manage cookies from their web browser settings – including blocking or deleting them. Restricting the use of cookies may affect some functionalities of the Website.

Information on managing cookies in the most popular browsers is available in their respective help documentation (Google Chrome, Mozilla Firefox, Microsoft Edge, Safari, Opera).

10.2. Google services – additional information

The Website uses Google Analytics and Google Ads services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The rules for the processing of data by Google are described in Google’s privacy policy available at: https://policies.google.com/privacy.

The User may opt out of Google ad personalisation in Google Ads Settings: https://adssettings.google.com, and may also install a browser add-on that blocks Google Analytics: https://tools.google.com/dlpage/gaoptout.

11. Data security

The Controller applies appropriate technical and organisational measures to protect the personal data processed, in particular to safeguard it against access by unauthorised persons, loss, destruction or damage. The connection to the Website is encrypted using the SSL/TLS protocol.

12. Links to other websites

The Website may contain links to other websites. The Controller is not responsible for the privacy practices applicable on those websites. We recommend reviewing the privacy policies of the individual websites.

13. Changes to the Privacy Policy

The Controller reserves the right to make changes to this Privacy Policy, in particular in the event of changes to the law, the technologies used or the scope of the business conducted. The current version of the Policy is published on the Website each time, together with the date of its last update.