PRIVACY AND COOKIES POLICY

This Privacy and Cookies Policy (hereinafter: Privacy Policy) contains information on the processing of your personal data and the use of cookies in connection with your use of the website operating at: https://breeze-energies.com/ (hereinafter: website).

  1. Information about the Administrator of your personal data

The administrator of your personal data is Breeze Energies Sp. z o.o. with its registered office in Ełk at 6/39 Wielkanocna Street, 19-300 Ełk, entered into the register of entrepreneurs of the National Court Register kept by the District Court in Olsztyn, VIII Commercial Division of the National Court Register, under the KRS number: 0000757255, using the NIP number: 8481873644, hereinafter referred to as the “Personal Data Administrator”

  1. Contact with the Personal Data Controller

In all matters related to the protection of personal data and this Privacy Policy, you can contact the Personal Data Administrator using:

  • e-mail to the following address: office@breeze-energies.com;
  • traditional mail to the following address: Kolejowa 44, 09-092 Łomianki;
  • phone number: (+48) 726-322-572;
  1. Purposes and grounds for data processing
Purpose of processing Personal data Legal basis
Inquiry
  • name and surname/company name;
  • query description.
 Article 6(1)(b) of the GDPR – processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
Purpose of processing Personal data Podstawa prawna
Conclusion and performance of the contract
  • data provided when using electronic services.
 Article 6(1)(b) of the GDPR – processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
Purpose of processing Personal data Legal basis
Contact and correspondence (including via forms available on the website)
  • name;
  • surname;
  • e-mail address;
  • telephone;
  • information about
  • having a photovoltaic installation.
 Article 6(1)(f) of the GDPR – processing is necessary for the purpose of pursuing the legitimate interest of the Personal Data Administrator, which in this case is a response to your message addressed to us using the contact form indicated on our website.
Purpose of processing Personal data Legal basis
Rozpatrzenie reklamacji
  • name and surname;
  • An email address or telephone number.
  • subject of the complaint;
  • settlement of complaints;
  • other data related to complaint handling.
 Article 6(1)(b) of the GDPR – processing is necessary for the performance of a contract to which the data subject is a party;

Article 6(1)(c) of the GDPR – processing is a legal obligation to which the Personal Data Controller is subject.
Purpose of processing Personal data Legal basis
Use of cookies – other than cookies necessary for the provision of electronic services.
  • Personal data contained in cookies in accordance with the user’s choice.
 Article 6(1)(a) of the GDPR – the processing of personal data in relation to the installation and reading of data from the device takes place on the basis of the consent granted (when the website is accessed for the first time, a request for consent to the use of cookies appears).
Purpose of processing Personal data Legal basis
Enabling the functioning of media players and social plugins.
  • Personal data collected by the tools.
 Article 6(1)(f) of the GDPR – processing is necessary for the purposes of the legitimate interest of the Personal Data Controller, which in this case is to ensure the proper operation of social functions (Facebook, Instagram, etc.).
Purpose of processing Personal data Legal basis
Analysis of your activity on the website.
  • age;
  • sex;
  • Approximate location (e.g., city, country)
  • Your language;
  • data about behaviour and interaction with the website (e.g. dwell time, engagement rate, engagement sessions, ratio of new to returning users, views and impressions per user, average engagement time);
  • user ID;
  • data about the technologies used by users.
 Article 6(1)(f) of the GDPR – processing is necessary for the purposes of the legitimate interest of the Personal Data Administrator, which in this case is to learn about your activity on the website.
Purpose of processing Personal data Legal basis
Marketing Goals
  • Your device (e.g., phone, computer)
  • Websites you visit and cookie data, such as through social plugins, Meta pixel or Google.
  • Interests determined based on activity, e.g. regarding our services.
 Article 6(1)(a) of the GDPR – the processing of personal data in the field of targeting using, for example, the Facebook Pixel is based on your voluntary consent.
Purpose of processing Personal data Legal basis
sending the Newsletter.
  • name;
  • email address.
 Article 6(1)(f) of the GDPR – processing is necessary for the purpose of pursuing the legitimate interest of the Personal Data Controller, which in this case is sending commercial information on the basis of the consent received within the meaning of Article 398 of the Electronic Communications Law;

Article 6(1)(b) of the GDPR – processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract.
Purpose of processing Personal data Legal basis
Archival and evidential purposes.
  • data listed for other purposes.
 Article 6(1)(f) of the GDPR – processing is necessary for the purpose of pursuing the legitimate interest of the Personal Data Controller, which in this case is the protection of information that may be used to demonstrate facts of legal importance.
Purpose of processing Personal data Legal basis
Establishing, exercising or defending against claims.
  • name and surname/company;
  • e-mail address;
  • telephone number;
  • NIP/PESEL.
 Article 6(1)(f) of the GDPR – processing is necessary for the purpose of pursuing the legitimate interest of the Personal Data Controller, which in this case is the protection of the financial interest of the Personal Data Controller.
Purpose of processing Personal data Legal basis
Compliance with obligations under the GDPR.
  • name;
  • surname;
  • e-mail address;
  • telephone number;
  • other necessary data.
 Article 6(1)(c) of the GDPR – processing is a legal obligation to which the Personal Data Controller is subject;

Article 6(1)(f) of the GDPR – processing is necessary for the purposes of the legitimate interest of the Personal Data Controller, which in this case is, for example, keeping registers and records, as well as having information on persons who have exercised the rights provided for in the GDPR.
Purpose of processing Personal data Legal basis
Handling the profiles of the Personal Data Administrator in social media: Facebook and Instagram
  • Your profile name,
  • data that you have placed on your profile as “public”;
  • image;
  • data that you have placed in the comments under the content published on the Personal Data Administrator’s profile or sent in a private message to the Personal Data Administrator’s profile.
 Article 6(1)(f) of the GDPR – processing is necessary for the purposes of the legitimate interest of the Personal Data Controller, which in this case is to maintain profiles in social media: Facebook and Instagram.
The Personal Data Administrator informs that personal data processed through profiles maintained in social media is jointly controlled by the provider of social networking sites (“Provider”). The Personal Data Controller and the Supplier are joint controllers of your personal data also in relation to the personal data processed as part of targeting. Targeting is based on personal data provided by you to the Provider (entered into the social network), such as age, gender, etc. Joint control of personal data refers to the processing of personal data resulting from the selection of appropriate targeting criteria and displaying an advertisement to you, as well as the processing of personal data by the Provider in order to inform the Personal Data Controller about the results of the targeting campaign.

Details regarding the processing of personal data by the Service Provider can be found in its privacy policy, e.g.
  1. Obligation to provide us with your personal data
  • You are obliged to provide your personal data if they are processed by the Personal Data Administrator in order to fulfill its obligations under the law, i.e.:
  • In order to comply with obligations under tax law;
  • To comply with obligations under the GDPR.
  • Providing personal data in other cases is voluntary and depends on your decision, but it may be necessary to achieve individual purposes, e.g. concluding a contract and completing an order, conducting correspondence with you.
  1. Data source

The Personal Data Controller has obtained your personal data directly from you, and in the case of data processing in social media – from the social media provider.

  1. Right to withdraw consent 
  • If the processing of your personal data is based on consent, you can revoke this consent at any time – at your own discretion.
  • If you would like to withdraw your consent to the processing of personal data, it is enough to send an e-mail directly to the Personal Data Administrator to the following address: e-mail: office@breeze-energies.com or in the case of cookies, including those using personal data for remarketing, by changing the cookie settings.
  • If the processing of your personal data was based on consent, its withdrawal does not make the processing of personal data illegal up to that point. In other words, until you withdraw your consent, we have the right to process your personal data and its withdrawal does not affect the lawfulness of the previous processing.
  1. Data profiling and automated decision-making

If you are a user of the website or social media on which the Personal Data Administrator maintains a profile, we inform you that your data will be used by us for profiling in connection with the use of remarketing tools by the Personal Data Administrator.

This allows the Personal Data Controller to target you with personalised advertising based on your previous actions on the website, which is known as “behavioural advertising”. Detailed information about behavioural advertising, including how to manage your settings, can be found here: https://www.youronlinechoices.com/.

In other cases, personal data will not be used for profiling.

  1. Recipients of personal data

Like most entrepreneurs, we use the help of other entities in our business, which often involves the need to provide personal data. Therefore, if necessary, we may transfer your data to external service providers.

External service providers who are involved in the processing of your personal data are:

  • hosting companies that store data on the server;
  • entities providing technical services, if the technical works are covered by the areas where personal data is located, e.g. IT service provider, installers;
  • cloud computing provider where files containing your personal data are stored;
  • providers of tools or plug-ins used by the Personal Data Administrator, e.g. to analyze activity on the website;
  • entities related to legal services who are covered by professional secrecy and gain access to personal data as a result of the need to use legal assistance;
  • social media providers on which the Personal Data Controller has its profiles and on which it targets;
  • distributors who distribute the products of the Personal Data Controller;
  • installers who install the products of the Personal Data Controller;
  • Other subcontractors who will be granted access to the data if necessary.

In addition, it may happen that, for example, on the basis of a relevant legal provision or a decision of a competent authority, we will also have to transfer your personal data to other entities, whether public or private. For our part, we assure you that we analyze each case of a request for personal data very carefully and very thoroughly, so as not to inadvertently provide information to an unauthorized person.

  1. Transfer of data to third countries

Yes. In connection with the Personal Data Administrator’s use of services and tools provided by Meta Platforms Inc. and Google LLC, your personal data may be transferred to, for example, the USA. The legal basis for the transfer of personal data to the USA is the European Commission’s decision of 10 July 2023 stating the adequacy of the level of personal data protection provided by the so-called “EU-US Data Privacy Framework”. The data transfer is carried out by the tool provider.

In addition, if you belong to a different category than website users, we inform you that we may transfer your data outside the European Economic Area or an international organization, which is related to our cooperation with various entities. For our part, we ensure that the data will be transferred to countries for which the European Commission has issued a decision on their compliance with an adequate level of personal data protection or in compliance with all legal requirements, including on the basis of an appropriate agreement containing data protection clauses adopted by the European Commission, ensuring an appropriate way to protect the transferred personal data. You have the right to a copy of these protections at any time

  1. Period of storage of personal data

Please note that in accordance with applicable law, we do not process your personal data “indefinitely”, but for the time that is needed to achieve the stated purpose. After this period, your personal data will be irreversibly deleted or destroyed.

A description of the processing periods can be found below:

  • conclusion and performance of the Agreement – the data necessary for the conclusion and performance of the Agreement will be stored until the Agreement is performed;
  • handling correspondence – data related to the handling of correspondence will be processed for the duration of the correspondence between us;
  • social media services, data related to the operation of social media will be processed until an effective objection is raised or the purpose of the processing is achieved;
  • marketing purposes – data processed for marketing purposes will be processed until an effective objection is raised or the purpose of processing is achieved – in the case of data processed on the basis of legitimate interest, until consent is withdrawn or the purpose of processing is achieved – in the case of data used for profiling;
  • the use of cookies (other than essential cookies) in relation to the activity of saving and reading data from the device – data related to cookies will be processed until the consent is withdrawn or the purpose of processing is achieved;
  • analysis of activity on the website – data related to the analysis of activity on the website will be processed until it becomes outdated or loses its usefulness;
  • archival and evidentiary purposes – data related to archival and evidential purposes will be processed until you effectively object or the purposes of processing are achieved;
  • establishing, pursuing and defending claims – data related to claims will be processed until the statute of limitations for claims expires, while the period of limitation of claims may differ in the light of applicable law;
  • fulfillment of obligations resulting from the GDPR – data related to the protection of personal data will be processed until it becomes useless, you effectively object or the expiry of the limitation period for our liability as the Personal Data Administrator;
  1. Rights in connection with the processing of your personal data

Please be advised that under the GDPR you have the right to:

  • access to your personal data;
  • rectify your personal data;
  • Delete your personal data;
  • restrict the processing of your personal data;
  • object to the processing of personal data;
  • transfer personal data,
  • lodge a complaint with the supervisory authority (if you find that we process your data unlawfully, you can lodge a complaint with the President of the Office for Personal Data Protection or another competent supervisory authority).

As the Personal Data Administrator, we respect your rights under the provisions on the protection of personal data and try to facilitate their implementation to the greatest extent possible. We would like to point out that the above-mentioned rights are not absolute, so in some situations we may lawfully refuse to exercise them. However, if we refuse to accept the request, it is only after a thorough analysis and only if the refusal to accept the request is necessary.

  1. Cookies

On its website, the Personal Data Administrator, like other entities, uses the so-called cookies, i.e. short text information saved on the computer, phone, tablet or other device of the website user. They can be read by our system, as well as by systems belonging to other entities whose services we use. We use cookies on the basis of your consent, except when cookies are necessary to provide services by electronic means.

Cookies that are not necessary for the provision of services by electronic means remain blocked until you consent to the use of cookies. During your first visit to the website, we display a message asking for your consent along with the possibility of managing cookies, i.e. deciding which cookies you agree to and which you want to block.

Cookies perform many functions on the website, most often useful, which we will try to describe below:

  • service – used to provide services by electronic means, are necessary for the operation of the website and cannot be switched off;
  • functional – they are used to remember your preferences and adapt the website to your needs;
  • analytical – used to analyze how users use the website (how many open the website, how long they stay on it, which content arouses the most interest, etc.). This allows us to constantly improve the website and adapt its operation to the preferences of users. In order to track activity and create statistics, we use Google tools, such as Google Analytics;
  • marketing – used to target behavioural advertising to you;
  • social – used for the proper operation of social plugins or media players
  • session – stored in the browser’s memory until it is closed;
  • persistent – they remain in the browser’s memory for the period of their validity or until they are deleted by the user. They make it easy to navigate the website.

The Personal Data Administrator uses its own cookies for the efficient operation of the website and third-party cookies described in detail in the “Tools” section.

You have the option to modify cookies from our website. For the purpose of modifying cookies, you can use this link

In addition, you can manage your privacy using the following solutions, among others:

  • blocking cookies within the web browser used. The blocking may apply to all or selected cookies, including those related to specific websites. In addition, you can delete already stored cookies and other data from plugins and websites,
  • using incognito mode, cookies are deleted when the window is closed,
  • using plugins that provide control over cookies such as https://www.ghostery.com/
  1. Tools

The Personal Data Administrator uses the following tools:

  • Google Analytics;
  • Google Tag Manager
  • Meta Pixel
  • Google Search Console
  • reCAPTCHA
  • Google maps

Google Analitycs

The provider of the tool for the Personal Data Controller is Google Ireland Limited, a company registered and operating under the laws of Ireland (Registration number: 368047 / VAT number: IE6388047V) Gordon House, Barrow Street, Dublin 4, Ireland. The use of the tool by the Personal Data Administrator is carried out by attaching a tracking code to the website.

You can block the tool from working using the solution provided by Google https://tools.google.com/dlpage/gaoptout. For details about Google’s use of information collected from websites and apps, see https://policies.google.com/technologies/partner-sites .

Google Tag Manager

The provider of the tool for the Personal Data Controller is Google Ireland Limited, a company registered with and existing under the laws of Ireland (Registration number: 368047 / VAT number: IE6388047V) Gordon House, Barrow Street, Dublin 4 Ireland. The tool allows the Personal Data Controller to manage scripts and tracking tags on the website without having to interfere with the source code. Google Tag Manager itself does not collect personal data of users. However, it can manage the tags that process such data, such as Google Analytics, Google Ads or Meta Pixel. The provider declares that the data stored in standard HTTP logs is deleted within 14 days of their collection. The tool is ISO 27001 certified, confirming that it meets high standards of information security. Detailed information on the privacy and data security policy of Google Tag Manager is available at: https://support.google.com/tagmanager/?hl=en&sjid=11978452114242437491-EU#topic=13548179.

Meta Pixel

In accordance with the EDPB (European Data Protection Board) Guidelines No. 8/2020 of 13 April 2021 on the targeting of social media users, the tool provider and the Personal Data Controller are joint controllers of users’ personal data with regard to the collection of personal data and their transfer using the tool, as well as with regard to the matching and subsequent display of advertising to users on the social media platform. Detailed information on the principles of personal data processing by the Facebook.com website can be found here: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

The tool is used for behavioural advertising, about which you can find more information in the section “Data profiling and automated decision-making.”

Google Search Console

Google Search Console is a tool that allows the Personal Data Administrator to monitor the presence of a website in Google search results, optimize the visibility of the website, monitor website traffic, monitor errors in the website code, i.e. monitor its general operation. The tool allows you to analyze data such as how often the page appears in search results, clicks, ranking positions, and potential indexing problems.

Google Search Console does not allow direct tracking of specific users, does not collect personal data of users visiting the website or does not allow for their profiling. The data provided is aggregated and statistical. The provider of the tool for the Personal Data Controller is Google Ireland Limited, a company registered and operating under the laws of Ireland (Registration number: 368047 / VAT number: IE6388047V) Gordon House, Barrow Street, Dublin 4, Ireland. Detailed information on how the tool works can be found here: https://support.google.com/webmasters/answer/9128668?hl=pl

reCAPTCHA

In order to protect against spam and to prevent misuse and misuse of our web forms (e.g. by malicious bots), the Google reCAPTCHA tool has been integrated into our website, which primarily serves to distinguish whether data has been entered by a natural person or by machine and automatic processing. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics (time spent browsing the website or the user’s mouse movements). Further information on the processing of personal data (such as e.g. IP address) by the provider of this tool, which is Google Ireland Limited, a company registered and existing under the laws of Ireland (Registration number: 368047 / VAT number: IE6388047V) Gordon House, Barrow Street, Dublin 4 Ireland, is available here: https://developers.google.com/recaptcha?hl=pl and https://policies.google.com/privacy?hl=en#infocollect.

Google Maps

We use Google Maps on our website. Thanks to this tool, the Personal Data Controller can display interactive maps directly on the website, which allows the user to familiarize themselves with the location indicated by the Personal Data Administrator. When using Google Maps, information about your use of the website (including your IP address) may be transmitted to and stored by Google LLC, which provides the tool. Further information about the tool and the processing of data by its provider, i.e. Google Ireland Limited, a company registered and existing under the laws of Ireland (Registration number: 368047 / VAT number: IE6388047V) Gordon House, Barrow Street, Dublin 4 Ireland, is available here: https://maps.google.com/help/terms_maps/ and www.google.com/privacypolicy.html.

  1. Placed file types

 

Name
 Supplier
 Expiration Function
test_cookie google 1 day Required
_wpfuuid https://breeze-energies.com/ 11 years Required
CookieConsent https://breeze-energies.com/ 1 year Required
_ga Google 2 years Marketing
_ga_# Google 2 years Marketing
_gcl_au Google 2 years Marketing
#-# Youtube session Marketing
__Secure-ROLLOUT_TOKEN Youtube 180 days Marketing
iU5q-!O9@$ Youtube session Marketing
LAST_RESULT_ENTRY_KEY Youtube session Marketing
LogsDatabaseV2:V#||LogsRequestsStore Youtube Fixed Marketing
remote_sid Youtube session Marketing
ServiceWorkerLogsDatabase#SWHealthLog Youtube Fixed Marketing
TESTCOOKIESENABLED Youtube 1 day Marketing
VISITOR_INFO1_LIVE Youtube 180 days Marketing
YSC Youtube session Marketing
ytidb::LAST_RESULT_ENTRY_KEY Youtube Fixed Marketing
YtIdbMeta#databases Youtube Fixed Marketing
yt-player-user-settings Youtube Fixed Marketing
yt-remote-cast-available Youtube session Marketing
yt-remote-cast-installed Youtube session Marketing
yt-remote-connected-devices Youtube Fixed Marketing
yt-remote-device-id Youtube Fixed Marketing
yt-remote-fast-check-period Youtube session Marketing
yt-remote-session-app Youtube session Marketing
yt-remote-session-name Youtube session Marketing
  1. Server logs

In connection with the use of the website, every request addressed to the website is recorded in the logs of the server on which the website is hosted. The following information is recorded in the logs, among others: IP address, server date and time, information about the operating system and the browser you are using. The Personal Data Administrator does not use this information to identify you. Server logs are a tool for administering the website, and access to them is granted only to persons who need this knowledge to perform their duties for the Personal Data Administrator.

  1. Policy Update

We may modify the Privacy Policy, in particular due to technological changes and changes in the provisions of applicable law. You will be notified of any changes made to this Privacy Policy in a manner adequate to the way your data is processed. This Privacy Policy is effective from 05/05/2025, moreover, any archived versions of the Privacy Policy will be linked below.