GORAN
EN
PL FR DE
Architect's Zone

Privacy Policy

Privacy Policy

INTRODUCTION

Goran sp. z o.o., based in Grybów, makes every effort to protect the privacy of its current and future customers and users of the website www.goran.pl.

This Privacy Policy contains information about what personal data we collect, for what purposes and how we use it, how we secure it, and what rights and obligations individuals have when entrusting us with their data.

This Privacy Policy contains information required by Regulation (EC) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) and by the Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2019, item 1781, consolidated text).

GLOSSARY

  1. Administrator – Goran sp. z o.o. with its registered office in Grybów, Biała Niżna 441, 33-330 Grybów.
  2. Personal Data – all information about a natural person identified or identifiable by one or more specific factors determining their physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, online identifier, and information collected through cookies and other similar technologies.
  3. Policy – this Privacy Policy.
  4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC and the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2018, 2019, item 1781, consolidated text).
  5. Website – the website operated by the Administrator at www.goran.pl
  6. Company – Goran sp. z o.o. with its registered office in Grybów, Biała Niżna 441, 33-330 Grybów
  7. User – any natural person visiting the Website or being a party to a sales or delivery agreement, or using one or more services or functionalities described in the Policy.
  8. Cookies are IT data, in particular text files, that are stored on the Website User’s end device and are intended for using the Website’s web pages. Cookies typically contain the name of the website they originate from, their storage time on the end device, and a unique number. The entity that places cookies on the Website User’s end device and accesses them is the Administrator, Goran sp. z o. o.

    PERSONAL DATA PROCESSING

    1. In connection with its business activities, the Administrator collects and processes personal data in accordance with applicable regulations, including in particular the GDPR, and the data processing principles provided therein.
    2. The Administrator ensures transparency and security of data processing, in particular, always informs about data processing at the time of collection, including the purpose and legal basis of processing – for example, when concluding a contract for the sale of goods or services. The Administrator ensures that data is collected only to the extent necessary for the specified purpose and processed only for the period necessary.
    3. In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide the individual services offered, as well as information about the User’s activity on the Website. Detailed principles and purposes of processing personal data collected during the User’s use of the Website are described below.
    4. The data administrator is Goran sp. z o.o. Contact details: Biała Niżna 441, 33-330 Grybów, rodo@goran.pl
     

    TYPE OF DATA PROCESSED

    1. In connection with the User’s use of our Website, IT data regarding the visit is automatically collected, in particular:
      1. IP address,
      2. type of operating system,
      3. browser type/type,
      4. cookies.
    1. The visit to our Website itself does not require the User to provide any personal data. no other information or personal data.
     

    PURPOSES AND LEGAL BASIS FOR DATA PROCESSING ON THE SERVICE

    1. In connection with the User’s use of the Service, the Administrator collects data to the extent necessary to provide the individual services offered, as well as information about the User’s activity on the Service. The detailed purposes of processing personal data collected during the User’s use of the Website are presented below.
    2. Purpose of data processing:
      1. enabling convenient use of the Website,
      2. monitoring abuse,
      3. informing about the content and services of Goran sp. z o.o.,
      4. conducting marketing, tailoring content and advertising to user interests,
      5. maintaining statistics, analyses, quality and effectiveness measurements,
      6. handling complaints and securing or defending against claims, and for the purpose of fulfilling the warranty on the Company’s products,
      7. concluding and performing a sales contract for the Company’s products (and therefore also for accounting purposes),
      8. response to pre-contractual inquiries (in the case of telephone or written contact with a question about an offer and/or a request to prepare an offer for a specific apartment/house),
      9. recruitment – ​​in the case of an application to participate in the ongoing recruitment process.
    3. The legal basis for data processing is the Controller’s legitimate interest (Article 6, paragraph 1, letters a, b, and f of the GDPR) in analyzing User activity and preferences in order to improve the functionalities and services provided, as well as the necessity of this data to achieve the aforementioned purposes.
     

    LOCATION OF PERSONAL DATA REGISTER

    1. User activity on the Website, including their personal data, is recorded in system logs (a dedicated computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services by the Controller).
    2. The information collected in logs is processed primarily for purposes related to the provision of services. The Administrator also processes it for technical and administrative purposes, to ensure the security of the IT system and to manage this system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the Administrator’s legitimate interest (Article 6, paragraph 1, letter f of the GDPR).
     

    CONTACT FORMS

    1. The Administrator provides the ability to contact the Administrator using an electronic contact form. Using the form requires providing personal data necessary to contact the User and respond to the inquiry. The User may also provide other data to facilitate contact or processing the inquiry. Providing data marked as mandatory is required to accept and process the inquiry, and failure to provide such data will result in the inability to process the inquiry. Providing other data is voluntary.
    2. Personal data provided in the contact form is processed:
      1. to identify the sender and process their inquiry submitted via the form, including preparing an offer/quote – the legal basis for processing is the necessity of processing for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract (Article 6, paragraph 1, letter b of the GDPR Regulation),
      2. to conduct service quality surveys – the legal basis for processing is the legitimate interest pursued by the Controller (Article 6, paragraph 1, letter f of the GDPR Regulation) consisting in obtaining information on the level of User satisfaction with the services provided,
      3. for analytical and statistical purposes – the legal basis for processing is the legitimate interest pursued by the Controller (Article 6, paragraph 1, letter f of the GDPR Regulation). consisting in maintaining statistics on inquiries submitted by Users via the Website in order to improve its functionality, as well as to research Users’ shopping preferences,
      4. to send marketing content from the Administrator to Users – the legal basis for processing is the legitimate interest pursued by the Administrator (Article 6, paragraph 1, letter f of the GDPR Regulation),
      5. to send marketing content from partners and entities affiliated with the Administrator by capital, organization, and person to Users – the legal basis for processing is consent to data processing (Article 6, paragraph 1, letter a of the GDPR Regulation),
      6. for the purpose of establishing and pursuing claims or defending against them – the legal basis for processing is the legitimate interest pursued by the Controller (Article 6, Section 1, Letter f of the GDPR) consisting in the protection of their rights.
    1. If the User posts any personal data of other people on the Website (including their name, address, telephone number, or email address), they may do so only provided that they do not violate applicable law or the personal rights of these people.
     

    MARKETING ACTIVITIES

    1. The Controller processes Users’ personal data for the purpose of carrying out marketing activities, which may consist of:
    1. displaying marketing content tailored to the User’s preferences (contextual advertising),
    2. displaying marketing content relevant to the User’s interests (behavioral advertising),
    3. conducting other types of activities related to the direct marketing of goods and services (sending commercial information electronically and telemarketing activities).
    1. To implement marketing activities, the Controller uses profiling in some cases. This means that through automatic data processing, the Controller evaluates selected factors relating to natural persons in order to analyze their behavior or create future forecasts.
    2. The Controller may also use the User’s personal data to send marketing content to the User via various channels, i.e., via email, MMS/SMS, or telephone. The Controller undertakes such activities only if the User has given consent, which the User may withdraw at any time.
     

    COOKIES AND SIMILAR TECHNOLOGY

    1. The Administrator uses cookies that collect information that facilitates the use of the website – for example, by remembering the User’s visits to the Website and their actions.
    2. The Administrator uses so-called service cookies primarily to provide the User with electronic services and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to the Administrator use cookies to store information or access information already stored on the User’s telecommunications terminal device (computer, telephone, tablet, etc.). Cookies used for this purpose include:
    3. cookies containing data entered by the User (session identifier) ​​for the duration of the session (user input cookies),
    4. authentication cookies used for services requiring authentication for the duration of the session (authentication cookies),
    5. cookies used to ensure security, e.g., used to detect authentication abuse (user-centric security cookies),
    6. session cookies for multimedia players (e.g., Flash player cookies), for the duration of the session (multimedia player session cookies),
    7. persistent cookies used to personalize the User interface for the duration of the session or slightly longer (user interface customization cookies),
    8. cookies used to monitor website traffic, i.e., data analytics, including Google Analytics cookies (these are cookies used by Google to analyze how the User uses the Website and to create statistics and reports on the operation of the Website). Google does not use the collected data to identify the User, nor does it combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners.
    1. The Administrator and its trusted partners also use cookies for marketing purposes, including in connection with targeting behavioral advertising to Users. For this purpose, the Administrator and trusted partners store information or access information already stored on the User’s telecommunications terminal device (computer, telephone, tablet, etc.). The use of cookies and personal data collected through them for marketing purposes, in particular to promote third-party services and goods, requires the User’s consent. This consent may be withdrawn at any time.
    2. Cookies do not make any modifications or changes to the settings of the User’s device or software installed on it.
    3. The User has the right to refuse consent to the Administrator’s use of cookies (they can be blocked).
    4. Detailed information on blocking cookies can be found at http://wszystkoociasteczkach.pl

     

    PERIOD OF PERSONAL DATA PROCESSING

    1. The period of data processing by the Controller depends on the type of sales contract, delivery agreement, or service provided and the purpose of processing. Generally, data is processed for the duration of the sales contract, delivery agreement, service provision agreement, order fulfillment, and warranty for the Company’s products, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the Controller’s legitimate interest.
    2. The data processing period may be extended if processing is necessary to establish, pursue, or defend against potential legal claims, and after that period only if and to the extent required by law. After the processing period expires, the data is irreversibly deleted or anonymized.

     

    USER RIGHTS

    1. The User has the right to:
    2. access the content of the data and request its rectification, erasure, or restriction of processing,
    3. port data and the right to object to data processing,
    4. not be subject to automated decision-making, including profiling,
    5. file a complaint with the supervisory authority responsible for personal data protection – the President of the Personal Data Protection Office,
    6. To the extent that the User’s data is processed based on consent, it may be withdrawn at any time by contacting the Controller. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.

     

    DATA RECIPIENTS

    1. In connection with the provision of services, personal data will be disclosed to external entities, including, in particular, suppliers responsible for maintaining IT systems, marketing agencies (in the scope of marketing services), entities providing legal and analytical services, and entities associated with the Controller, including companies from its capital group.
    2. Furthermore, the personal data you provide to us is used for:
    3. concluding and performing a sales or delivery agreement for the provision of services, as well as the warranty provided by the Company;
    4. performing a sales or delivery agreement for the provision of services and shipping goods;
    5. keeping accounts, within the scope of applicable law;
    6. undertaking marketing activities;
    7. receiving any objections and inquiries,
    8. accepting and securing payments,
    9. conducting recruitment, if information has been provided to us for this purpose.
    10. If necessary to perform the above activities, User data may be transferred to other entities. Such transfer may only take place with our consent, based on a concluded contract, and only to those who ensure that the data provided will be adequately protected and processed in accordance with the law. This means that the personal data provided is transferred to:
    11. couriers, assemblers, service technicians,
    12. business partners belonging to the Controller’s distribution network for contact purposes and for processing inquiries submitted using the electronic contact form service. A list of commercial partners belonging to the Administrator’s distribution network can be found in the “List of stores” tab on the website goran.pl,
    13. banks and other financial institutions in connection with payments made by the User,
    14. hosting providers that maintain the Administrator’s website and email,
    15. HR agencies, if the Administrator commissions them to conduct a given recruitment process,
    16. If the User consents, their data may also be made available to other entities for their own purposes, including marketing purposes.
    17. The Administrator reserves the right to disclose selected information about the User to competent authorities that submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.

     

    TRANSFER OF DATA OUTSIDE THE EEA

    1. If the User is a resident of the European Union, the Administrator does not transfer any of their personal data outside the European Economic Area.
    2. The level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller will transfer personal data outside the EEA only when necessary, upon express request and with the User’s consent, and ensuring an adequate level of protection, primarily through:
    3. cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued,
    4. use of standard contractual clauses issued by the European Commission,
    5. use of binding corporate rules approved by the relevant supervisory authority,
    6. in the case of data transfer to the USA – cooperation with entities participating in the Privacy Shield program, approved by the European Commission.
    7. The Controller always informs about the intention to transfer personal data outside the EEA at the stage of data collection.
     

    PERSONAL DATA SECURITY

    1. The Controller conducts ongoing risk analysis to ensure that personal data is processed by him in a secure manner – ensuring, above all, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform. The Controller ensures that all operations on personal data are recorded and performed only by authorized employees and associates.
    2. The Controller takes all necessary measures to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Controller.

     

    CONTACT DETAILS

    1. Contact with the Controller regarding personal data protection is possible via email: rodo@goran.pl or mailing address: Goran sp. z o.o., Biała Niżna 441, 33-330 Grybów.
     

    FINAL PROVISIONS

    1. We reserve the right to The right to unilaterally amend the Privacy Policy if it becomes necessary to adapt it to the updated Company offer and terms, for example, in situations such as:
    2. changes in the regulations regarding the provision of services by electronic means,
    3. force majeure,
    4. changes in the Company’s offer or terms of cooperation.
    5. In matters not regulated by this Privacy Policy, the provisions of generally applicable law, in particular the GDPR, shall apply.
    6. The Policy is reviewed on an ongoing basis and updated as necessary.
    7. The current version of the Policy is effective from December 2025.
Jesteśmy jednym z wiodących producentów drewnianych okien i drzwi w Europie.

Menu

Obserwuj nas

Facebook-f Instagram
We are one of the leading manufacturers of wooden windows and doors in Europe.

Menu

Follow us

Facebook-f Instagram