I. PERSONAL DATA PROCESSING
“Personal Data” is any information that identifies the User directly, for example, name, first name, email address and telephone number; and indirectly, for example, IP address, cookie IDs or other data.
Personal data will be processed by the Controller in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).
The providing of data is voluntary and is in principle not a requirement for use of the Service. Only in some of the cases indicated below will it be necessary to provide certain data in order to use the Website. If you have any questions regarding the processing of your personal data by the Controller, you may contact us at [firstname.lastname@example.org].
II. CATEGORIES OF PERSONAL DATA
While using some of the services of the Website you may be asked to provide your personal data.
The scope of mandatory and non-mandatory data is each time determined according to the needs of a given service, which the User intends to use:
- Data provided to us: The Controller obtains personal data when the User provides such data (e.g. when the User contacts the Controller via e-mail or telephone, or in any other way);
- Relationship data: Controller collects or obtains certain personal data in the normal course of the relationship with the User, including making services available to the User within the Website (e.g. providing services to the User);
- Data that you make public: Controller collects or obtains personal information that you explicitly choose to make public, including through social media (e.g., Controller may collect profile information in social media if you post about Controller);
- Data coming from the Website: Controller collects or obtains personal information when you visit any of our sites or use any features or resources available on or through the site (including through cookies).
- Content and advertising information: If you interact with third party content or advertisements on the Website (including plug-ins and third-party cookies), we receive personal information from the relevant third-party provider of such content or advertisements.
The data processed by the Controller include, among others.:
- Personal data: name(s), surname, contact details;
- Contact details: mailing address; telephone number; e-mail address; details of online messaging; and details of social media;
- Information about our Websites: type of device; operating system; browser type; search engine settings; IP address; language settings; dates and times of connection to the website; user name; password; login security data; usage data; aggregated statistical information;
- Content and advertising data: records of how User interacts with our advertisements and online content, the records of advertisements and content appearing on displayed pages, and any interactions with such content or advertisements (e.g., mouse-over, mouse-click, any forms filled out in whole or in part) and any interactions with the touch screen;
- Beliefs and opinions: any beliefs and opinions you choose to send to us or make publicly available about us on social media platforms.
Personal data will not be used for automated decision-making purposes; however, the controller may use personal data for profiling in order to conduct marketing.
III. PURPOSE OF DATA COLLECTION
- Provide customer service and contact with the User, including to inform about any changes to the products and services offered by the Controller within the Service;
- Processing of personal data in order to perform obligations under the law;
- To perform all contractual obligations towards the Controller’s business partners, which constitutes our legitimate interest in data processing;
- For the purposes of analysis, development, improvement (including improving user experience), administration, maintenance, technical support and security of the Service, which constitutes our legitimate interest in data processing;
IV. PERSONAL DATA RECIPIENTS
Users’ personal data may be transferred to companies cooperating with the Controller, provided that the provision of such data is necessary in connection with the Controller’s interests. Users’ personal data may be transferred to our partners and external entities providing services to the Controller and processed by them in order to enable them to perform services ordered by the Controller. The offices of such external entities will be located both within the territory of countries which are both members of the EU and outside the EU. All external entities are obliged to comply with the Controller’s guidelines and to implement appropriate technical and organizational measures to protect Users’ personal data.
The Controller may provide Users’ personal data to the competent authorities in accordance with the mandatory provisions of law and in order to perform such legal obligations in the area of each jurisdiction in which the Service Users are located. In case of data violation, certain personal data may be subject to disclosure to authorities competent for their protection.
When we transfer personal information to other countries that may have different laws and data protection requirements from those in force in the country where you are located, we apply all the requirements of GDPR.
V. RIGHTS OF WEBSITE USERS
Website User has the following rights with respect to personal data processed by the Controller:
- The right to access your personal data;
- The right to correct User’s personal data if the data is inaccurate or incomplete;
- The right to delete personal data – at User’s request, Controller removes the collected personal data of the User, e.g. (i) when the personal data is no longer needed for the purpose for which it was collected or (ii) there is no legitimate reason for further processing or the processing has become unlawful, or the personal data had to be deleted in order to fulfill the legal obligation to which Controller is subject;
- The right to object to the processing of User’s personal data for marketing purposes. If the Controller gives his consent to the processing of personal data, e.g. in case of sending commercial information, the User may at any time withdraw his consent to further processing of data, on which such consent is dependent;
- The right to transfer the User’s personal data – the User has the right to receive personal data concerning him/her, which he/she has made available to the Controller in a customary, structured and machine-readable format. The User may also ask the Controller to transfer the User’s personal data directly to another data Controller, as far as it is technically possible.
- The right to limit the processing of the User’s personal data – the Controller may be forced to limit the processing of the User’s personal data in situations specified in Article 18 of the GDPR.
- The right to lodge a complaint with a supervisory authority – the User may lodge a complaint concerning the data processing by the Controller with a data protection authority in his/her jurisdiction. The Controller will provide assistance in case of any difficulties with contacting the data protection authority.
In such a case, the Controller shall remove or make an encryption, pseudonymization or anonymization of personal data as soon as it is practically possible or necessary to be able to use them without unnecessary identification, protecting the privacy and increasing the security of the User.
The Controller applies appropriate technical and organizational measures to ensure an appropriate level of security and integrity of Users’ personal data, using proven technological standards to prevent unauthorized access to Users’ personal data.
We have implemented appropriate technical and organizational security measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access and other unlawful or unauthorized forms of processing in accordance with applicable law.
Since the Internet is an open system, the transmission of information over the Internet is not completely secure. Although we will implement all reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted to us over the Internet – any such transmission is at your own risk and you are responsible for ensuring that any personal information you send to us is sent securely.
Data Minimization – We take all reasonable steps to ensure that the personal data we process is limited to that which is necessary for the purposes set out in this notice.
Data Accuracy – we take all reasonable steps to ensure that the personal data we process is accurate and, where necessary, kept up to date; and any personal data we process which is inaccurate (including the purposes for which it is processed) is promptly deleted or corrected.
From time to time we may ask you to confirm the accuracy of your personal data.
If the time limits for the assertion of possible claims are shorter than the periods for storing settlement documents for tax purposes, we will keep these documents for the time necessary for tax and settlement purposes, i.e. for 5 years from the end of the year in which the tax obligation has been updated.
If we process data using electronic means of communication for marketing purposes, the specific legal basis of the processing is:
- 10 of the Act of 18 July 2002 on the provision of electronic services (i.e. Journal of Laws of 2020, item 344.) if you agree to receive information using e-mail;
- 172 of the Act of 16 July 2004 on Telecommunications Law (Journal of Laws of 2020, item 374 as amended) if you agree to receive information using a telephone number.