In order to ensure transparency and reliability of the personal data processing carried out by our Company, below we present the personal data protection principles in force at Defro R. Dziubeła spółka komandytowa with its registered office in Ruda Strawczyńska, established in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – hereinafter the GDPR (OJ EU L No. 119, p. 1).
In our activities, we attach great importance to issues related to the processing of personal data and the protection of information—not only because legal provisions impose such an obligation on us, but above all because we respect the right to privacy and believe that it is one of the most important elements of good cooperation and of building trust and a positive image of our company.
The controller of personal data is the company operating under the name DEFRO R. Dziubeła Spółka komandytowa with its registered office in Powiatowa Street 111A, 26-067 Ruda Strawczyńska, NIP 9591968493 – hereinafter DEFRO. The Controller is the entity that decides on the purposes
and means of processing personal data.
In all matters related to the processing of your personal data, you may contact us by post at the address indicated above, as well as by sending e-mail correspondence to the Data Protection Officer (DPO) appointed in our company – iod@defro.pl
In line with the accepted practice of most websites, we store HTTP queries sent to our server. Viewed resources are identified by URL addresses. The detailed list of information stored in the WWW server log files is as follows:
In addition, we process the following data obtained directly from the website user:
DEFRO HOME is one of the largest manufacturers of fireplace inserts in Europe. In connection with the implementation of our business objective, we process personal data for the following purposes:
| PURPOSE OF PROCESSING | LEGAL BASIS AND PERSONAL DATA RETENTION PERIOD | RETENTION PERIOD |
| Actions aimed at concluding and performing a contract with a customer or contractor within the scope of the controller’s business activity, including also for the purpose of conducting authorization and product training. If data is collected for purposes related to the performance of a specific contract, the Controller provides the data subject with detailed information regarding the processing of their personal data at the time of concluding the contract. | Art. 6(1)(b) GDPR (applies to customers/contractors); Art. 6(1)(f) GDPR (applies to persons cooperating with us on behalf of a customer/contractor). (The Controller’s legitimate interest is the need to contact customers/employees/cooperators of customers and contractors in connection with actions taken to conclude or perform a contract, including contacting a training participant to provide organizational information about the training and post-training materials.) | Personal data will be processed until the contract is performed, and also after its completion for purposes related to: a. pursuing claims related to performance of the contract (i.e. as a rule no longer than 6 years from the date of completion of the contract), b. fulfilling obligations resulting from legal provisions, in particular tax and accounting obligations (i.e. as a rule for 5 years, counted from the end of the calendar year in which the tax payment deadline expired), c. data for marketing purposes: until an objection is raised, i.e. until you indicate to us in any way that you do not wish to remain in contact with us or receive information about our activities, or until limitation of claims |
| Preparation of draft ventilation (heat recovery) plans or heat pump selection (at the initiative of the website user) | Art. 6(1)(a) GDPR | Until withdrawal of consent, no longer than 12 months Consent may be withdrawn free of charge at any time via e-mail to biuro@defrohome.pl. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal |
| Establishing, pursuing claims and defending against such claims | Art. 6(1)(f) GDPR (The legitimate interest pursued by the Controller is taking actions to pursue claims and defend against claims – in this scope, data of the customer/contractor and their employees and cooperators is collected to the extent necessary to pursue or defend such claims.) | Art. 6(1)(f) GDPR (The legitimate interest pursued by the Controller is taking actions to pursue claims and defend against claims – in this scope, data of the customer/contractor and their employees and cooperators is collected to the extent necessary to pursue or defend such claims. |
| Archiving documents relating to concluded contracts, including settlement documents | Art. 6(1)(c) and (f) GDPR | Until DEFRO fulfills specific legal obligations related to document retention, as set out in individual legal provisions. With respect to documents whose retention period is not explicitly specified in legal provisions, for the period during which claims may be pursued, in line with the Controller’s legitimate interest. |
| Conducting settlements, accounting and financial reporting. | Art. 6(1)(c) GDPR | For the period until the expiry of data retention obligations resulting from legal provisions, in particular the retention of accounting documents (as a rule, for 5 years after the year in which the legal event occurred that required issuing an accounting document). |
| Conducting marketing activities without using electronic means of communication referred to in the Act on Providing Services by Electronic Means and the Telecommunications Law. | Art. 6(1)(f) GDPR (The legitimate interest is conducting marketing activities promoting Defro products and services.) | Until an objection is raised as referred to in Art. 21 GDPR and you indicate to us in any way that you no longer wish to receive such information. |
| Conducting marketing activities using electronic means of communication referred to in the Act on Providing Services by Electronic Means and the Telecommunications Law, in particular via e-mail, SMS, direct telephone contact, as well as sending newsletters to contractors | Art. 6(1)(f) GDPR In the case of marketing using a telephone number or e-mail address, the controller will obtain consent for the communication channel in accordance with the Act on Providing Services by Electronic Means or the Telecommunications Law. (The legitimate interest is conducting marketing activities promoting) | Until an objection is raised, i.e. until you indicate to us in any way that you do not wish to remain in contact with us or receive information about our activities, or until limitation of claims. |
| Communication in traditional and electronic form | Art. 6(1)(f) GDPR The controller’s legitimate interest is conducting service quality assessment surveys, market research and needs analysis. | For the period necessary to handle the matter/provide a response, or longer in the event of potential claims, for the limitation period provided by law, in particular the Civil Code, or for other purposes resulting from our legitimate interests. In each case, the longer retention period for personal data is decisive. |
| Conducting recruitment processes | Art. 6(1)(a) and (c) GDPR applies to job candidates Art. 6(1)(a) and (b) GDPR applies to candidates for cooperation) | Until completion of the recruitment process for a specific position, and in the case where the candidate consents to processing their data for the purposes of other recruitment processes – no longer than 12 months. |
| Video surveillance on DEFRO premises in order to ensure the safety of persons and property and to maintain information security. | Art. 6(1)(c) and (f) GDPR Access control for persons staying on Defro premises is our legitimate interest, and in the case of employees it results from a legal provision (Art. 222 of the Labour Code). | Recorded video footage is stored for a maximum of 3 months or until a justified objection is raised. An exception applies where the recording constitutes evidence in proceedings conducted by law enforcement/judicial authorities (in such a case, until the final conclusion of such proceedings, or until an objection is raised). |
| Contact via contact forms | Art. 6(1)(f) GDPR communication with you and responding to your message via the communication channel chosen by you (the controller’s legitimate interest is proper customer service, including responding to inquiries addressed to us). Art. 6(1)(b) GDPR depending on the content of the communication, where it is necessary to take action at your request before concluding an appropriate contract | For the period necessary to provide a response, or longer in the event of potential claims, for the limitation period provided by law, in particular the Civil Code, or for other purposes resulting from our legitimate interests. In each case, the longer retention period for personal data is decisive. |
| Telephone contact Calls made to the main switchboard number and the service hotline number are recorded – appropriate information is provided at the beginning of the call. Recordings are available only to the Controller’s employees and persons servicing the Controller’s hotline | Art. 6(1)(f) GDPR (the controller’s legitimate interest is proper customer service, including enabling contact with Defro) Personal data in the form of a call recording is processed: for purposes related to serving customers and visitors via the hotline, if the Controller provides such a service – the legal basis for processing is the necessity of processing for the provision of the service (Art. 6(1)(b) GDPR); to monitor service quality and verify the work of hotline consultants, as well as for analytical and statistical purposes – the legal basis is the Controller’s legitimate interest (Art. 6(1)(f) GDPR) consisting in ensuring the highest possible quality of service for customers and visitors, as well as the work of consultants, and conducting statistical analyses of telephone communications. | until the matter is handled For a period of 6 months counted from the month following the month in which the recording was made, or until an objection is raised. An exception applies where the recording constitutes evidence in proceedings conducted by law enforcement/judicial authorities (in such a case, until the final conclusion of such proceedings). |
| Chat (applies to your personal data that you provide via the Chat placed on the website www.defrohome.pl) | – handling an inquiry via chat – legal basis: Art. 6(1)(f) GDPR, (the legitimate interest pursued by the Controller is proper service and enabling contact for customers/contractors and potential customers and providing them with requested information), – depending on the content of the communication, taking action at your request before concluding an appropriate contract; – legal basis: Art. 6(1)(b) GDPR, i.e. necessity to take steps prior to entering into a contract; | As a rule, we will process your data until the end of communication with you, or we will store it longer in the event of potential claims, for the limitation period provided by law, in particular the Civil Code, or for other purposes resulting from our legitimate interests. In each case, the longer retention period for Personal Data is decisive. |
| Processing of cookies | Art. 6(1)(f) GDPR (the legitimate interest is enabling the basic functions of the website and tailoring website content to users’ needs, including for marketing, statistical purposes, and optimizing the use of online services) | Data is processed for the periods indicated in the Cookie Policy or until an objection to data processing is raised. |
| For purposes related to initiating and maintaining business contacts (e.g. exchange of business cards, sending seasonal greetings, exchange of information, including personal data at industry events, business meetings) | Art. 6(1)(f) GDPR (the controller’s legitimate interest is building a network of contacts in connection with conducted business activity) | Until an objection is raised as referred to in Art. 21 GDPR and you indicate to us in any way that you no longer wish to receive such information. |
DEFRO may disclose your data to:
Personal data may also be transferred to state authorities and other entities authorized under relevant legal provisions, to the extent indicated in such provisions.
DEFRO processes data exclusively within the territory of the European Union and the European Economic Area. It does not transfer it to third countries. However, due to the data processing technology used by Microsoft Ireland Operations Limited with its registered office in Dublin, acting as a processor for Defro, your personal data may be processed outside the EEA, whereby such operations are based on Standard Contractual Clauses developed on the basis of the European Commission decision of 4 June 2021 (2021/914).
Personal data will not be processed in an automated manner, including it will not be subject to profiling as referred to in the GDPR.
In connection with the processing of your personal data, you have the following rights:
The scope of each of these rights and the situations in which you may exercise them result from legal provisions. Which right you may exercise depends on the legal basis and purpose for which we process your personal data.
In addition, a person whose data is processed by DEFRO has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office. More information about the Personal Data Protection Office and how to lodge a complaint can be found on the website: www.uodo.gov.pl
Our service is not intended for children under 16 years of age.
We do not. Therefore, we ask our Users to exercise caution when sharing their personal data and, in particular, never to provide special categories of data, e.g. concerning health, racial or ethnic origin, political opinions and other data listed in Art. 9 GDPR.
The Internet will never be a completely secure place. However, we make efforts to ensure that your personal data is properly protected in our systems. We have implemented a number of solutions to ensure the security of your data.
Here are examples:
We will inform you about any event related to the processing of your data if we determine that it causes a high risk of violating your rights and freedoms.
If you decide to visit us at our premises, please note that it is covered by a video surveillance system (both the external area and the interior of buildings). Surveillance is used on the basis of generally applicable law in order to protect property and ensure safety. The source of the data is recordings from the surveillance system cameras installed inside and outside the building. Surveillance data will be processed for the period and to the extent required by generally applicable law.
The recipients of the recorded personal data will be only entities authorized to obtain personal data under legal provisions.
Your right to access the content of your data is limited due to the risk of infringing the rights and freedoms of other persons recorded by the surveillance system cameras.
Some areas and functions of the Service may use cookies, i.e. text files stored on the computer of a person visiting the Website, identifying them as needed to enable certain operations. Cookies are used, among other things, to remember data necessary to log the user in. Cookies will function only if they are accepted and not deleted from the disk.
Detailed information about cookies can be found in the Cookie Policy.
This version was last updated on 05.01.2026. From time to time, we may change this Policy, which we will communicate by updating this section.
The Service Administrator reserves the right to change the above privacy policy at any time and place, while undertaking to immediately publish the new privacy policy on the Service pages. We also keep previous versions of this Privacy Policy in an archive so that users can review them.
