Privacy policy

I. General Provisions

  1. This Privacy Policy defines how personal data of Users necessary to provide electronic services through the leanoir.com website (hereinafter: the Service) are collected, processed, and stored.
  2. The Service collects only the personal data necessary for the provision and development of the services offered therein.
  3. Personal data collected through the Service are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR), and the Polish Act on the Protection of Personal Data of 10 May 2018.

II. Data Controller

The controller of personal data collected through the Service is ALPHA PRIME limited liability company with its registered office in Wrocław (50-125), ul. Św. Mikołaja 8/11, unit 208, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under KRS number: 0001160286, NIP: 8971950547, REGON: 541113917, with a share capital of PLN 5,000.00, e-mail address: contact@leanoir.com (hereinafter: the Controller).

III. Purpose of Collecting Personal Data

Providing data is voluntary but necessary to conclude a contract or use other functionalities of the Service. Personal data are used for the following purposes:

  1. Registration of an account and verification of the User’s identity.
  2. Enabling login to the Service.
  3. Execution of the contract for services and e-services.
  4. Communication with the User (live chat, contact form, etc.).
  5. Sending a newsletter (upon the User’s consent).
  6. Operating a comment system.
  7. Providing community services.
  8. Promotion of the Controller’s offer.
  9. Marketing and remarketing activities.
  10. Personalization of the Service for Users.
  11. Analytical and statistical activities.
  12. Debt collection.
  13. Establishing, pursuing, or defending against legal claims.

IV. Legal Basis for Processing Personal Data

Processing of personal data is based on:

  1. Art. 6(1)(b) GDPR – where processing is necessary for the performance of a contract or to take steps prior to entering into a contract (e.g. account registration, order fulfillment, payment handling).
  2. Art. 6(1)(c) GDPR – where processing is necessary to comply with a legal obligation to which the Controller is subject (e.g. accounting and tax record keeping).
  3. Art. 6(1)(f) GDPR – where processing is necessary for the purposes of legitimate interests pursued by the Controller, such as pursuing claims, direct marketing, analytics, and statistics.
  4. Art. 6(1)(a) GDPR – where processing is based on the User’s consent (e.g. newsletter, profiling, marketing activities).

V. Type of Processed Personal Data

  1. The Controller may process the following User data: name and surname, date of birth, address of residence, e-mail address, phone number, tax identification number (NIP).
  2. In the case of online payments, data concerning the transaction may also be processed, such as bank account number, payment card data (processed by an external payment provider), or transaction identifiers.

VI. Data Retention Period

  1. Users’ personal data will be processed for the following periods:
    a) where the basis for processing is contract performance – until the limitation period for claims arising after contract completion,
    b) where the basis for processing is consent – until withdrawal of consent, and after withdrawal until the limitation period for claims.
  2. In both cases, the limitation period is 6 years, and for periodic benefits and business-related claims – 3 years (unless otherwise provided by specific law).
  3. Personal data processed for accounting and tax purposes will be retained for the period required by law, i.e., 5 years from the end of the calendar year in which the tax event occurred.

VII. Disclosure of Personal Data

  1. Users’ personal data may be transferred to: entities affiliated with the Controller, subcontractors, and entities cooperating with the Controller, such as e-payment service providers, courier/postal companies, or law firms.
  2. Users’ personal data will be transferred outside the European Economic Area (EEA).
  3. When data are transferred outside the EEA, the Controller ensures an adequate level of protection by applying standard contractual clauses approved by the European Commission or other legal mechanisms compliant with the GDPR to guarantee data security.

VIII. Users’ Rights

  1. The User has the right to: access their personal data, rectify, erase, restrict processing, transfer data, object to processing, and withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal).
  2. The right to erasure does not apply where processing is necessary for the Controller to comply with legal obligations, such as accounting or the pursuit of claims.
  3. Requests to exercise these rights should be sent to: contact@leanoir.com
  4. The Controller will comply with or refuse the request promptly – no later than within one month of its receipt.
  5. The User has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe the processing violates their rights and freedoms (GDPR).

IX. Cookies

  1. The Service collects information using cookies – session, persistent, and third-party cookies.
  2. The collection of cookies supports the proper provision of services in the Service and serves statistical purposes.
  3. The User may define the scope of cookies’ access to their device in browser settings.

X. Automated Decision-Making and Profiling

  1. Users’ data are not processed in an automated way that could result in any decisions affecting them.
  2. Users’ data may be profiled to tailor content and personalize offers, subject to their consent.
  3. The User may withdraw consent for profiling at any time by contacting the Controller at contact@leanoir.com.

XI. Final Provisions

  1. The Controller reserves the right to amend this Privacy Policy, provided that Users’ rights will not be limited.
  2. Information about any changes will appear as a notice available in the Service.
  3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and Polish law shall apply.