PhotonRoof — Ceramic Photovoltaic Roof Tiles

Privacy Policy for Photonroof.eu

(valid from 8 August 2025)

1. Introduction

1.1 This policy explains how we process personal data and use cookies on the Photonroof.eu website (“Site”).

1.2 We follow:

• GDPR — Regulation (EU) 2016/679;

• Polish Act on Electronic Services (18 July 2002);

• Polish Telecommunications Act (for cookies);

• Guidance from the European Data Protection Board and the Polish DPA.

2. Key Words

User: any natural person visiting the Site or using its tools (for example, the contact form).
Controller / 'we' – PHOTONROOF PSA: Zaczernie 190 G, 36-062 Zaczernie, REGON 526979867, NIP 5170441473, KRS 0001070029, share capital PLN 5 000.
ML System Group: ML SYSTEM S.A. and ML SYSTEM + Sp. z o.o.; we share IT systems and after-sales support within the group.
GDPR: General Data Protection Regulation.

3. Controller and Data Protection Officer

3.1 The Controller is PHOTONROOF PSA.

3.2 The Group has appointed a Data Protection Officer (DPO). Contact: info@photonroof.eu or the Controller’s address with “DPO” on the envelope.

3.3 For some processes (for example, handling sales requests) we and ML SYSTEM S.A. act as joint controllers (Article 26 GDPR). Main rules are available on request.

4. Why and How We Use Data

Purpose	Data We Use	Legal Basis (Art. 6 GDPR)	Storage Time
Answering your message from the contact form	name, surname, e-mail, phone, message	b) steps before a contract	up to 12 months after last reply
Preparing an offer and performing a contract	as above + installation address, company data	b) contract	5 years from end of tax year
Direct marketing (newsletter, phone)	name, e-mail, phone	a) consent or f) our legitimate interest	until consent is withdrawn / objection
Statistics and IT security	IP address, device info, server logs	f) legitimate interest	24 months
Personalised ads (Google / Meta)	marketing cookies data	a) consent	until consent is withdrawn or max 13 months

*After the period ends, data are deleted or anonymised.

5. Who Gets the Data

• ML System Group companies (sales and service);

• hosting, cloud, CRM, analytics providers (Google Analytics 4, Microsoft Azure);

• installation and service subcontractors;

• law firms and auditors when necessary.

6. Transfers Outside the EEA

If a provider (for example, Google LLC) is outside the EEA, we use Standard Contractual Clauses plus extra safeguards (Art. 46 GDPR). You can get a copy from the DPO.

7. Your Rights

7.1 You can ask us to:

• access your data and get a copy;

• correct the data;

• delete the data ('right to be forgotten');

• limit processing;

• move the data to another controller;

• object to processing;

• withdraw consent at any time (this does not affect earlier processing).

Write to info@photonroof.eu. You may also complain to the Polish DPA (ul. Stawki 2, 00-193 Warsaw).

8. Cookies and Similar Tech

8.1 The Site uses:

Necessary cookies: make the Site work (Art. 6 (1)(f) GDPR).
Analytics cookies: (GA4) – only with your consent (Art. 6 (1)(a)); IP is masked.
Marketing cookies: (Google Ads, Meta Pixel) – placed only if you accept them in the cookie banner.

8.2 You can change cookie settings anytime in your browser or the banner.

9. Security Measures

We use SSL/TLS encryption, pseudonymisation, 'need-to-know' access control, regular penetration tests, and backups.

10. Automated Decisions

We do not make decisions or profiles that produce legal effects on you (Art. 22 GDPR).

11. Changes to This Policy

We may update the policy when laws or Site functions change. Major changes will appear on the Site 7 days before they start.

12. Contact

• PHOTONROOF PSA – Zaczernie 190 G, 36-062 Zaczernie, Poland

• e-mail: info@photonroof.eu (general)

• phone: +48 17 778 82 66 (ML System head office)

13. If you have any questions about privacy or want to use your rights, please contact our DPO.