Privacy Policy

Effective Date

Apr 1, 2026

PRIVACY POLICY

VITRA-SOL by JSBC

Effective Date: 1 April 2026

This document has been prepared in accordance with: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR); the Polish Act on Personal Data Protection of 10 May 2018 (Dz.U. 2019 item 1781); the Polish Act on the Provision of Electronic Services of 18 July 2002 (Dz.U. 2020 item 344); and the Polish Telecommunications Act of 16 July 2004 (Dz.U. 2022 item 1948).

At VITRA-SOL by JSBC, we are committed to protecting your privacy and processing your personal data responsibly, transparently, and in full compliance with applicable data protection legislation. This Privacy Policy fulfils the information obligation set out in Articles 13 and 14 of the GDPR and explains how we collect, use, store, and protect information when you visit our website or engage with our services.

§ 1. Data Controller

The controller of your personal data within the meaning of Article 4(7) GDPR is:

JSBC Jan Strzałkowski Business Consulting

ul. Dębnik 114, 37-100 Łańcut, Republic of Poland

NIP: 6762398151

E-mail: jan.strzalkowski@jsbc.pl

Website: www.vitra-sol.com

The Controller has not appointed a Data Protection Officer (DPO), as there is no such obligation under Article 37 GDPR for entities of this size and processing scope. For all matters relating to personal data, please contact the Controller directly at the e-mail address above.

§ 2. Categories of Personal Data Processed

Depending on how you interact with our website and services, we may process the following categories of personal data:

Data provided voluntarily by you:

— Full name, company name, and job title.

— Business e-mail address and phone number.

— Postal or registered business address.

— Content of inquiries submitted via contact forms or e-mail correspondence.

— Information relating to interest in BIPV products or the VITRA-SOL distribution partner programme.

Data collected automatically when you visit the website:

— IP address and approximate geographical location.

— Browser type, device type, and operating system.

— Date and time of the visit, pages viewed, session duration, and traffic source.

— Data collected via cookies and similar tracking technologies (see § 8).

The Controller does not process special categories of personal data as referred to in Article 9 GDPR (sensitive data), nor data relating to criminal convictions and offences under Article 10 GDPR.

§ 3. Purposes and Legal Bases for Processing

Personal data are processed only for specified, explicit, and legitimate purposes, on the following legal bases set out in Article 6 GDPR:

— Handling business inquiries and correspondence — processing is necessary to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) GDPR); or, where no contractual relationship is contemplated, on the basis of the Controller's legitimate interest (Art. 6(1)(f) GDPR) in conducting its business and responding to inquiries.

— Concluding and performing a partnership or agency agreement — processing is necessary for the performance of a contract to which the data subject is party, or to take pre-contractual steps at their request (Art. 6(1)(b) GDPR).

— Compliance with legal obligations — processing is necessary for compliance with a legal obligation applicable to the Controller (Art. 6(1)(c) GDPR), including obligations under Polish tax law (Tax Ordinance) and accounting legislation (Accounting Act of 29 September 1994).

— Direct marketing and commercial communications — on the basis of the Controller's legitimate interest (Art. 6(1)(f) GDPR) or, where required by the Polish Act on the Provision of Electronic Services and the Telecommunications Act, on the basis of the data subject's prior and freely given consent (Art. 6(1)(a) GDPR). Consent may be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal.

— Website analytics and service improvement — on the basis of the Controller's legitimate interest (Art. 6(1)(f) GDPR) in maintaining a functional website, or on the basis of consent (Art. 6(1)(a) GDPR) expressed through cookie preference settings.

— Establishing and defending legal claims — on the basis of the Controller's legitimate interest (Art. 6(1)(f) GDPR) in protecting its legal rights.

§ 4. Data Retention Periods

Personal data are retained for the period necessary to fulfil the purpose for which they were collected, and thereafter for such additional period as required by law or justified by the need to establish or defend legal claims:

— Contact form and correspondence data — retained for the duration of pre-contractual or commercial discussions and, after their conclusion, for a period not exceeding 3 years from the last contact, in line with the limitation period applicable to commercial claims under the Polish Civil Code (Art. 118 k.c.).

— Contract-related data — retained for the full duration of the contract and for 5 years following its termination or expiry, for accounting and tax documentation purposes (Art. 86 § 1 of the Tax Ordinance; Art. 74 of the Accounting Act).

— Data processed on the basis of consent — until consent is withdrawn.

— Analytical and technical data (cookies, server logs) — for up to 13 months from the date of collection, or until a valid objection is raised, in accordance with guidance issued by the Polish Personal Data Protection Office (UODO).

§ 5. Recipients of Personal Data

The Controller may entrust or disclose personal data exclusively to trusted third parties, in accordance with the following principles:

— Data processors — providers of IT and hosting services, CRM platforms, e-mail systems, and analytics tools — on the basis of data processing agreements complying with Article 28 GDPR, which impose the required level of data protection obligations.

— Entities entitled by law — public administration authorities, courts, prosecutors, and law enforcement agencies — solely where disclosure is expressly required by applicable law.

— Business partners — prospective commercial partners or agents, to the extent necessary to evaluate a potential collaboration and only in connection with the data subject's inquiry.

The Controller does not sell, lease, or otherwise make personal data available to third parties for marketing purposes without the prior consent of the data subject.

§ 6. Transfers to Third Countries

To the extent that the Controller uses analytics or hosting tools provided by entities located outside the European Economic Area (EEA), personal data may be transferred to third countries. Any such transfer takes place exclusively:

— on the basis of an adequacy decision issued by the European Commission (Art. 45 GDPR); or

— subject to the Standard Contractual Clauses adopted by the European Commission (Art. 46(2)(c) GDPR); or

— on the basis of another appropriate safeguard provided for in Article 46 GDPR.

You have the right to obtain a copy of the safeguards applied or information on where they are accessible by contacting the Controller.

§ 7. Your Rights

Under the GDPR and the Polish Act on Personal Data Protection, you are entitled to the following rights. To exercise any of them, please contact us at jan.strzalkowski@jsbc.pl.

Right of Access (Art. 15 GDPR) — Request confirmation of whether we process your personal data and obtain a copy of the data held, along with information on the purposes and legal bases of processing.

Right to Rectification (Art. 16 GDPR) — Request correction of inaccurate data or completion of incomplete data without undue delay.

Right to Erasure (Art. 17 GDPR) — Request deletion of your personal data ("right to be forgotten"), unless a legitimate ground for continued processing under Art. 17(3) GDPR applies.

Right to Restriction of Processing (Art. 18 GDPR) — Request restriction of processing in the cases specified by law, e.g. where you contest the accuracy of the data or have objected to processing.

Right to Data Portability (Art. 20 GDPR) — Receive your data processed by automated means on the basis of consent or a contract in a structured, machine-readable format, and transmit it to another controller.

Right to Object (Art. 21 GDPR) — Object to processing based on legitimate interest, including processing for direct marketing purposes. An objection to direct marketing is absolute and takes immediate effect.

Right to Withdraw Consent (Art. 7(3) GDPR) — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.

Right to Lodge a Complaint (Art. 77 GDPR) — Lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data infringes the GDPR.

Supervisory authority in Poland:

Prezes Urzędu Ochrony Danych Osobowych (UODO)

ul. Stawki 2, 00-193 Warsaw, Republic of Poland

www.uodo.gov.pl

The Controller will respond to any request within one month of receipt. Where necessary, this period may be extended by a further two months, of which you will be informed (Art. 12(3) GDPR). The exercise of your rights is free of charge. In cases of manifestly unfounded or excessive requests, the Controller may charge a reasonable fee or refuse to act (Art. 12(5) GDPR).

§ 8. Cookies and Tracking Technologies

The website vitrasol.framer.website may use cookies and similar tracking technologies. Cookies are small text files stored on your device. The Controller uses them in accordance with Articles 173 and 174 of the Polish Telecommunications Act and guidance issued by the relevant supervisory authorities.

Essential (Technical) Cookies — Required for core website functionality. Cannot be disabled without affecting the basic operation of the site. No consent required.

Analytics / Statistical Cookies — Enable analysis of how visitors interact with the website (e.g. pages viewed, session duration) in order to improve its performance and content. Require your consent.

Marketing Cookies — Used to deliver relevant content and measure the effectiveness of communications and campaigns. Require your consent.

Third-Party Cookies — May be placed by external service providers embedded in the site. Governed by those providers' own privacy policies. Require your consent.

You may manage or withdraw your cookie consent at any time via your browser settings or, where available, through the site's consent management panel. Disabling non-essential cookies will not prevent you from accessing the main content of the website.

§ 9. Security of Personal Data

The Controller applies appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access (Art. 32 GDPR). These measures include in particular:

— Encryption of data transmission using SSL/TLS protocol (HTTPS).

— Access controls to IT systems and databases, based on the principle of least privilege.

— Regular data backups.

— Incident response procedures, including the obligation to notify the UODO of a personal data breach within 72 hours of becoming aware of it (Art. 33 GDPR), and to inform affected individuals where the breach poses a high risk to their rights and freedoms (Art. 34 GDPR).

§ 10. Third-Party Links

The website may contain links to external websites or resources operated by third parties. The Controller is not responsible for the privacy practices or content of those sites. We recommend reviewing the privacy policy of any third-party website before submitting personal data.

§ 11. Protection of Minors

The website and the services offered by VITRA-SOL by JSBC are directed exclusively at business professionals and commercial entities. They are not intended for individuals under the age of 18. The Controller does not knowingly collect personal data from minors. Should the Controller become aware that such data have been submitted, they will be deleted without undue delay.

§ 12. Changes to This Privacy Policy

The Controller reserves the right to update this Privacy Policy, in particular in response to changes in applicable law, guidance from supervisory authorities, or the technologies used. Material changes will be communicated by publishing an updated version on www.vitra-sol.com with a revised Effective Date. We encourage you to review this page periodically. Previous versions are available upon request at jan.strzalkowski@jsbc.pl.

§ 13. Contact

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact:

JSBC Jan Strzałkowski Business Consulting

ul. Dębnik 114, 37-100 Łańcut, Republic of Poland

NIP: 6762398151

E-mail: jan.strzalkowski@jsbc.pl

Website: www.vitra-sol.com

© 2026 VITRA-SOL by JSBC · JSBC Jan Strzałkowski Business Consulting · All rights reserved.


Create a free website with Framer, the website builder loved by startups, designers and agencies.