Privacy Policy
Globihome Privacy Policy - information about the controller, purposes of data processing, cookies, and tools used on the website.
1. General Information
1.1. The Website, available at: www.globihome.com (hereinafter: the "Website"), is operated by GLOBIHOME spółka z ograniczoną odpowiedzialnością, with its registered office in Kielce, ul. K. Olszewskiego 6, 25-663 Kielce, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court in Kielce, 10th Commercial Division of the National Court Register, under KRS number: 0001140561, REGON: 540367254, NIP: 9592078123, email address: dawid@globihome.com.
1.2. In connection with the operation of the Website, data of users of the website on which the Website is located (hereinafter: the "Users"), including personal data, may be collected, processed, and used.
1.3. User data may be collected as a result of: their voluntary provision by Users and the use of cookies, both first-party cookies and cookies from third parties.
1.4. Information may also be collected about the User's IP address, the time the request is received and the response is sent, the address of the Website from which the user was redirected to the Website, and the type of software used by the user (type of operating system and type of browser). This information is used for the purposes of administering the Website and for statistics and analysis.
1.5. The Controller ensures proper protection of Users' data by applying appropriate organizational and technical measures.
1.6. The security of personal data during transmission is ensured by the SSL transmission protocol used by the Controller.
1.7. The current version of the Privacy Policy is effective as of 24 February 2025.
2. Personal Data
Controller
2.1. The controller of Users' personal data is GLOBIHOME spółka z ograniczoną odpowiedzialnością, with its registered office in Kielce, ul. K. Olszewskiego 6, 25-663 Kielce, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court in Kielce, 10th Commercial Division of the National Court Register, under KRS number: 0001140561, REGON: 540367254, NIP: 9592078123, email address: dawid@globihome.com.
Purposes of processing
2.2. The Controller may process personal data for purposes such as:
2.2.1. contacting the data subject if that person has sent a message to the Controller or completed a contact form:
2.2.1.1. the legal basis for processing will be Article 6(1)(f) GDPR, because responding to inquiries or correspondence is the Controller's legitimate interest;
2.2.1.2. providing personal data and an email address or phone number for this purpose of processing is voluntary, but may be necessary for the person to contact the Controller and receive a response;
2.2.1.3. without providing the data, it may not be possible to obtain a response from the Controller, but this will depend on the specific situation;
2.2.2. direct marketing of the Controller's products and services, including sending newsletters:
2.2.2.1. the legal basis for processing will be Article 6(1)(f) GDPR, because direct marketing of the Controller's products and services is its legitimate interest;
2.2.2.2. processing data for the purpose of sending marketing content by email or communicating it by phone will take place only if the data subject has consented to receiving commercial information by email or, as applicable, to the use of their phone number for marketing purposes;
2.2.2.3. providing personal data for this purpose of processing is voluntary;
2.2.2.4. if personal data such as a phone number or email address is not provided, the data subject will not receive marketing content;
2.2.3. statistics and analysis of User behavior within the Website:
2.2.3.1. the legal basis for processing will be Article 6(1)(f) GDPR, because conducting statistics and analyzing User behavior within the Website is the Controller's legitimate interest;
2.2.3.2. providing personal data for this purpose of processing is voluntary, but some data may also be collected automatically;
2.2.3.3. without providing the data, it will not be possible to carry out statistics and analyze User behavior.
Data recipients
2.3. The Controller may disclose personal data to recipients who process data on behalf of the Controller or process personal data as separate, independent controllers.
2.4. The Controller provides recipients with personal data in accordance with applicable law, for example on the basis of data processing agreements.
2.5. The Controller may disclose personal data to its subcontractors (entities whose services it uses in processing), such as:
2.5.1. providers of IT tools and applications used within the Website, including applications that help manage the Website;
2.5.2. providers of services such as email, virtual drive, and office applications;
2.5.3. entities providing marketing services;
2.5.4. entities providing IT system support and maintenance services;
2.5.5. entities providing IT and programming services related to the creation and development of the Website;
2.5.6. hosting service providers, in particular Website hosting providers;
2.5.7. providers of tools for conducting marketing activities.
2.6. Recipients of personal data will also include providers of tools used on the Website, which involve the use of cookies. More information on this can be found below.
2.7. The Controller is also entitled to disclose personal data to other entities if such an obligation arises from legal provisions.
Transfer of data outside the EEA
2.8. The Controller does not transfer personal data outside the European Economic Area, except for sharing data with the Controller's subcontractors (entities that process data on its behalf) that provide the Controller with tools and applications or render services to it. If any subcontractor is located or has its registered office outside the European Economic Area—in countries for which the European Commission has not issued an adequacy decision—then the Controller ensures appropriate safeguards for personal data. These safeguards include, in particular, the standard data protection clauses adopted by the European Commission (Article 46(2)(c) GDPR), which the Controller concludes with the entities referred to above. The clauses are available on the Internet, on the European Commission website (ec.europa.eu). The clauses may also be provided by the Controller upon request of the data subject.
2.9. The Controller may transfer data outside the European Economic Area in connection with the use of tools and applications it uses within the Website. Details can be found in point 4 of the Privacy Policy.
Joint controllership of personal data - Meta Platforms Ireland
2.10. With regard to the personal data contained in event data concerning actions of individuals on websites and in User applications that integrate Facebook business tools offered by Meta Platforms, for which the Controller and Meta Platforms Ireland jointly determine the means and purposes of processing, the Controller and Meta Platforms Ireland are joint controllers of personal data pursuant to Article 26 GDPR.
2.11. More information about Facebook business tools offered by Meta Platforms can be found at this link: https://www.facebook.com//legal/terms/businesstools_jointprocessing.
2.12. The joint processing by the Controller and Meta Platforms Ireland is governed by the "Controller Addendum", which is available at this link: https://www.facebook.com/legal/controller_addendum.
2.13. Meta Platforms Ireland remains an independent controller pursuant to Article 4(7) GDPR with respect to any processing of such data that takes place after it is transferred to Meta Platforms Ireland.
2.14. Meta Platforms Ireland and the Controller have determined in the "Controller Addendum" the scope of responsibility for ensuring compliance with obligations arising from the GDPR in relation to Joint processing as follows [X indicates which entity is responsible for fulfilling a given obligation]:
-
Article 6 - requirement for a legal basis for Joint processing: Meta Platforms Ireland is responsible for processing by Meta Platforms Ireland, and the Controller is responsible for the Controller's own processing.
-
Articles 13 and 14 - providing information about Joint processing of personal data: the Controller is responsible.
-
Article 26(2) - making the content of the Addendum available to controllers: the Controller is responsible.
-
Articles 15-20 - rights of data subjects in relation to personal data stored by Meta Platforms Ireland after Joint processing: Meta Platforms Ireland is responsible.
-
Article 21 - right to object, if Joint processing is based on Article 6(1)(f): Meta Platforms Ireland is responsible for processing by Meta Platforms Ireland, and the Controller is responsible for the Controller's own processing.
-
Article 32 - security of Joint processing: Meta Platforms Ireland is responsible for the security of product data, and the Controller is responsible for the proper technical implementation and configuration of product data.
-
Articles 33 and 34 - personal data breaches concerning Joint processing: Meta Platforms Ireland is responsible insofar as the personal data breach concerns Meta Platforms Ireland's obligations under the Controller Addendum, and the Controller is responsible insofar as the personal data breach concerns the Controller's obligations under the Controller Addendum.
2.15. In view of the above, the Controller indicates that:
2.15.1. Meta Platforms Ireland is a Joint Controller within the framework of Joint processing; the information required by Article 13(1)(a) and (b) GDPR can be found in the Facebook Data Policy available at https://www.facebook.com/about/privacy;
2.15.2. the Controller's use of product data and the purposes for which the collection and transfer of personal data within Joint processing takes place are governed by the terms of the relevant product; the terms of use for Facebook business tools offered by Meta Platforms are available at https://www.facebook.com/legal/terms/businesstools; information about Page statistics is available at https://www.facebook.com/legal/terms/page_controller_addendum; other terms and conditions are available at https://www.facebook.com;
2.15.3. more information about how Meta Platforms Ireland processes personal data, the legal basis, and ways to enforce the rights of data subjects against Meta Platforms Ireland can be found in Meta Platforms Ireland's Data Policy at https://www.facebook.com/about/privacy; more information about Joint processing can be found in the terms of the relevant product.
2.16. The Controller also indicates that the Controller and Meta Platforms Ireland:
2.16.1. accept the provisions of the "Controller Addendum" in order to define the appropriate scope of responsibilities for ensuring compliance with obligations arising from the GDPR in relation to Joint processing (in accordance with the terms of the relevant product);
2.16.2. acknowledge that the Controller is responsible for providing data subjects with at least the information listed in the table above in point 2;
2.16.3. have agreed that between the Parties, Meta Platforms Ireland is responsible for ensuring the enforcement of the rights of data subjects under Articles 15-20 GDPR with regard to personal data stored by Meta Platforms Ireland after Joint processing.
2.17. Regardless of the circumstances indicated above, the Controller indicates that:
2.17.1. it has implemented appropriate technical and organizational measures to provide the processing with the necessary safeguards so as to meet the requirements of GDPR and protect the rights of data subjects;
2.17.2. it is responsible for the lawful processing of personal data, and in particular for the lawful collection of such data.
2.18. If a personal data breach concerns the Controller's obligations under the "Controller Addendum", the Controller is responsible for preparing the personal data breach notice, including submitting the notice to the supervisory authority and conducting further correspondence regarding the notice.
2.19. In addition, Meta Platforms Ireland and the Controller have agreed in the "Controller Addendum" that:
2.19.1. each Party is individually responsible for any other obligations regarding the fulfillment of obligations under GDPR in relation to Joint processing.
2.19.2. With regard to Article 32 GDPR, the measures applied by Meta Platforms Ireland include the measures listed in the Facebook Data Security Terms, as periodically updated, for example to reflect technological changes (these terms are available at https://www.facebook.com/legal/terms/data_security_terms), which are expressly incorporated into the "Controller Addendum". All employees of Meta Platforms Ireland involved in Joint processing are bound by appropriate confidentiality obligations regarding personal data subject to Joint processing.
2.19.3. the "Controller Addendum" does not grant the Controller any right to request disclosure of the personal data of any Facebook user processed in connection with Meta Platforms products.
2.19.4. Data subjects may enforce their rights under Articles 15-21 GDPR with regard to their personal data processed by Meta Platforms Ireland directly against Meta Platforms Ireland. If data subjects enforce rights under GDPR in relation to Joint processing against the Controller or if a supervisory authority contacts the Controller in relation to Joint processing, each such instance being referred to as a "Request", the Controller shall promptly provide Meta Platforms Ireland with any relevant information regarding such Requests, within a maximum of seven calendar days. Meta Platforms Ireland shall respond to data subject Requests in accordance with the obligations arising from the "Controller Addendum". The Controller undertakes to take all reasonable action in due time to cooperate with Meta Platforms Ireland in responding to any such Request. The Controller is not entitled to take action or respond to such Requests on behalf of Meta Platforms Ireland.
2.20. The lead supervisory authority for the Joint processing is the Irish Data Protection Commission (irrespective of the provisions of Article 55(2) GDPR, where applicable).
Data retention period
2.21. Personal data processed for the purpose of:
2.21.1. contacting the User are processed for a period of 1 year from the date of collection;
2.21.2. direct marketing of the Controller's products and services are processed until consent is withdrawn or until an objection to the processing of personal data for this purpose is received;
2.21.3. statistics and analysis of User behavior are processed for a period of 3 years from the date of collection.
2.22. Personal data collected through cookies may be processed for a period other than those indicated above. The User may delete cookies earlier at any time.
User rights
2.23. The data subject User has the following rights:
2.23.1. the right to access the provided personal data and the right to receive a copy of it;
2.23.2. the right to rectify personal data;
2.23.3. the right to erase personal data;
2.23.4. the right to request restriction of the processing of personal data;
2.23.5. the right to data portability;
2.23.6. the right to object to the processing of personal data;
2.23.7. the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
2.24. Where processing is based on consent, the data subject User also has the right to withdraw consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
2.25. The right to withdraw consent also applies to consent to receive commercial information and consent to the use of telecommunications terminal equipment and automated calling systems for the purposes of direct marketing.
2.26. The data subject may in particular object at any time to the processing of their personal data for marketing purposes.
2.27. In order to exercise their rights, Users whose data are processed may contact the Controller.
2.28. The User may also contact the Controller to obtain information about why the Controller considered that it may process the User's personal data on the basis of legitimate interests.
Automated decision-making
2.29. The Controller does not make decisions concerning Users that are based solely on automated processing, including profiling, and that produce legal effects concerning those persons or similarly significantly affect them.
3. Cookies
3.1. Cookies stored on Users' end devices are used within the Website.
3.2. The use of cookies means their storage and access by the Controller.
3.3. Cookies are IT data, in particular text files, stored on the User's end device.
3.4. Cookies usually contain:
3.4.1. content (e.g. action identifiers);
3.4.2. the website name;
3.4.3. information about the time they are stored on the end device
3.4.4. number.
3.5. Cookies are used for the purpose of:
3.5.1. adapting the content of the Website to the User's preferences and optimizing the use of the Website; in particular, these files allow the User's device to be recognized and the Website to be displayed accordingly, adapting it to their needs and preferences;
3.5.2. creating statistics and analyses regarding the use of the Website;
3.5.3. adapting advertisements displayed to the User to their preferences.
3.6. Two basic types of cookies are used on the Website: "session" cookies (session cookies, session storage) and "persistent" cookies (persistent cookies, local storage).
3.7. "Session" cookies are temporary files, i.e. those stored on the User's end device until the session expires (e.g. leaving the Website, deleting them by the User, or closing the browser).
3.8. "Persistent" cookies are files stored on the User's end device for the period specified in the cookie parameters. The User may, however, delete them earlier.
3.9. The following types of cookies may be used on the Website
3.9.1. necessary cookies;
3.9.2. analytical cookies;
3.9.3. functional cookies;
3.9.4. marketing cookies.
3.10. The cookies used on the Website are presented in the table below:
- Posthog: website behavior analysis; cookie provider: PostHog Inc, 2261 Market Street #4008, San Francisco, CA 94114; retention period: 12 months.
3.11. Necessary cookies are cookies used by the Controller to ensure the Website functions properly. These may be files installed to enable login to the website, to complete and send forms on the website, as well as files installed for the purpose of remembering privacy settings.
3.12. Analytical cookies are cookies used by the Controller to check details regarding visits and traffic on the Website, including how Users reach it. Cookies of this type also allow verification of how Users use the Website (e.g. session duration on the website). Consent to the use of this type of cookies is voluntary. If consent is not given, the Controller will not be able to obtain information related to the use of the Website.
3.13. Functional cookies are cookies used by the Controller to enable Users to use the Website in accordance with their preferences (e.g. in terms of using plugins available on the website). Consent to the use of this type of cookies is voluntary. If consent is not given, some elements of the Website may not function properly or in accordance with the preferences of the relevant User.
3.14. Marketing cookies are cookies used by the Controller to tailor advertising content received by Users to their interests or preferences. Using this type of cookies may mean that they will also receive such advertising content outside the Website. Consent to the use of this type of cookies is voluntary. If consent is not given, advertisements will still be displayed, but they will not be selected according to the preferences or interests of the relevant User.
3.15. Cookies do not cause configuration changes on the User's end device or in the software installed on that device.
3.16. The default settings of web browsers usually allow cookies to be stored on the end devices of website users. However, these settings may be changed by the User.
3.17. The User may determine the conditions for the use of cookies through the settings of the software (web browser) installed on their end device and through the plugin available on the Website.
3.18. The User also has the ability to change the set conditions for the use of cookies. The change may consist of partially or completely limiting the ability to store cookies on the User's end device.
3.19. Blocking cookies or deleting them may make it more difficult to use the Website, for example because some of its options will not be available to the User.
3.20. Pursuant to the provisions of the Telecommunications Law, the consent of the end user to store information or obtain access to information already stored in the telecommunications terminal equipment of the end user may also be expressed by the user through the settings of the software installed on the end device they use. Therefore, if the user does not wish to give such consent, they should change the settings of the web browser.
3.21. Detailed information on changing browser settings regarding cookies and on deleting them can be found on the official website of the specific browser.
3.22. In particular, the above information can be found at the addresses below. Clicking a given link will take the User outside the Website. Depending on the browser used by the User, information on changing settings can be found at the following addresses:
3.22.1. Firefox browser;
3.22.2. Chrome browser;
3.22.3. Microsoft Edge browser;
3.22.4. Opera browser;
3.22.5. Safari browser.
4. Tools used within the website
4.1. The Controller uses IT tools provided by third parties within the Website. Using these tools may involve the use of cookies belonging to those entities.
Google business tools
4.2. The Controller uses tools provided by Google within the Website, including Google Ireland Limited with its registered office in Ireland:
4.2.1. Google Analytics;
4.2.2. Google Ads.
4.3. By using cookies, Google Analytics analyzes traffic and the way Users use the Website.
4.4. The Controller uses the data collected by Google Analytics for remarketing/retargeting, reporting impressions in the Google advertising network, and analyzing Users' demographic data and interests.
4.5. The Controller may determine the keywords, ads, ad groups, and campaigns that attract customers most effectively.
4.6. The Controller may also observe activity on the Website: scrolling, copying its elements, the activity time of a given user, and other events.
4.7. Users may prevent the use of their data in Google Analytics. More information on how to do this can be found at this link: https://tools.google.com/dlpage/gaoptout.
4.8. Google Ads is an advertising platform that enables the display of the Controller's ads on Google services and on Google's partner websites.
4.9. Google Ads may collect information about Users' demographic data and behavior in order to personalize ads and analyze their effectiveness.
4.10. Users may opt out of personalized advertising according to the instructions provided at this link: https://policies.google.com/technologies/ads.
4.11. Google's privacy policy is available at this link: https://policies.google.com/privacy.
4.12. Google may transfer data to third parties. More information about Google's use of cookies can be found at this link: https://policies.google.com/technologies/cookies?hl=pl&gl=pl.
4.13. In the case of Google LLC, personal data are transferred to the USA. Transfers of data outside the European Economic Area take place on the basis of adequacy decisions published on the European Commission website available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en (Article 45 GDPR) and standard contractual clauses (Article 46(2) GDPR).
4.14. Information about data transfers outside the European Economic Area by Google is available at this link: https://policies.google.com/privacy?hl=pl#europeanrequirements. Information about adequacy decisions and standard contractual clauses is available at this link: https://policies.google.com/privacy/frameworks?hl=pl.
Facebook business tools
4.15. The Controller uses Facebook business tools provided by Meta Platforms, Inc. (including Meta Platforms Ireland Limited, with its registered office in Ireland) such as Meta Ads, which are used for marketing activities.
4.16. Meta Ads is a platform that enables the creation and management of advertising campaigns. Ads are displayed on services belonging to Meta Platforms, i.e. on Facebook, Instagram, Messenger, and in Meta partner networks.
4.17. Meta Ads collects, among other things, information such as demographic data, a given User's activity on a portal belonging to Meta Platforms, and the User's preferences, for the purpose of personalizing ads and measuring their effectiveness.
4.18. More information about data processing rules on Facebook can be found at this link: https://www.facebook.com/privacy/explanation, and on Instagram at this link: https://help.instagram.com/155833707900388.
4.19. In the case of Meta Platforms Ireland, personal data are transferred to the USA. Transfers of data outside the European Economic Area take place on the basis of adequacy decisions published on the European Commission website available at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en (Article 45 GDPR) and standard contractual clauses (Article 46(2) GDPR).
4.20. Information about the transfer of data to the USA by Meta Platforms Ireland is available at this link: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0. Information about adequacy decisions and standard contractual clauses is available at this link: https://www.facebook.com/legal/EU_data_transfer_addendum.
PostHog
4.21. The Controller uses the PostHog Cloud EU analytics tool on the Website.
4.22. This tool is provided by PostHog Inc. with its registered office in San Francisco, California, United States. The Controller uses PostHog Cloud EU, whose servers are hosted by AWS in Frankfurt.
4.23. The purpose of this tool is to analyze the User's behavior while using the Website. PostHog records the way the User moves around the Website (including, for example, navigation or cursor movement and clicks). However, the Controller does not obtain any other User data through this tool. This tool is used by the Controller solely to analyze and optimize the operation of the Website.
4.24. More information about PostHog's privacy policy can be found at https://posthog.com/privacy.
4.25. It is also possible for a given User to disable the analysis of their behavior on the Website in the cookie settings.
Cloudflare
4.26. The Controller uses services provided by Cloudflare Inc. with its registered office in the United States on the Website.
4.27. CloudFlare offers a worldwide distributed Content Delivery Network with DNS designed to ensure server security and stability, among other things, by protecting against cyberattacks.
4.28. More information about Cloudflare's data processing can be found at: https://www.cloudflare.com/privacypolicy/.
4.29. In the case of CloudFlare, personal data are transferred to the USA. Transfers of data outside the European Economic Area take place on the basis of standard contractual clauses (Article 46(2) GDPR).
4.30. Information about data transfer to the USA by Cloudflare together with information about standard contractual clauses is available at this link: https://www.cloudflare.com/cloudflare-customer-dpa/.
Azure
4.31. The Controller uses Azure cloud platform services on the Website, provided by Microsoft Corporation with its registered office in Redmond, Washington, United States.
4.32. Azure enables the storage of Users' data, including in databases that store data provided by Users, and also stores data about their interactions on the Website.
4.33. More information about Microsoft's data processing can be found at: https://www.microsoft.com/pl-pl/privacy/privacystatement.
4.34. In the case of Azure, personal data are transferred to the USA. Transfers of data outside the European Economic Area take place on the basis of standard contractual clauses (Article 46(2) GDPR).
4.35. Information about data transfer to the USA by Microsoft together with information about standard contractual clauses is available at this link: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.
Kinde
4.36. The Controller uses the Kinde service on the Website, provided by Kinde Australia Pty Ltd.
4.37. The Controller uses Kinde to manage Users' identities (login), including processing the data necessary for User registration and login.
4.38. More information about Kinde's data processing can be found at: https://docs.kinde.com/trust-center/privacy-and-compliance/privacy-policy/.
4.39. In the case of Kinde, personal data are transferred outside the European Economic Area, which takes place on the basis of standard contractual clauses (Article 46(2) GDPR).