I.INFORMATION ABOUT THE ADMINISTRATOR OF PERSONAL DATA
In accordance with the requirements of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as the “Regulation”, we inform you that:
- personal data controller
The controller of the personal data hereinafter referred to as the “Administrator” is:
49 Graniczna Street
05-825 Grodzisk Mazowiecki
The personal data administrator shall be responsible for using the personal data in a safe manner, in line with the purposes for which they have been collected and in compliance with the binding provisions of law.
- 2. Contact with the Administrator
Should you have any questions concerning data processing at the Administrator’s premises, please contact the Administrator at the following contact details:
– phone: +48 22 724 04 05
– e-mail: email@example.com
– postal address: the same as above
II.GENERAL DATA PROTECTION PROVISIONS
We use the obtained personal data only for the specific, legitimate purposes for which they were collected. The scope of the personal data, the purpose of their processing, the legal basis for such processing, the period of processing and the categories of recipients of the data result from the legal requirements incumbent on the Controller and from the nature and scope of the activities undertaken by the data subject.
(1) Purpose of data processing by the Controller and legal basis of processing:
The Administrator collects and processes personal data for the following purposes:
- a) To take action at the request of the data subject before entering into a contract (e.g. preparation of an offer) on the basis of Article 6(1)(b) of the Regulation;
- b) To conclude and perform a contract (including ensuring adequate quality of service) on the basis of Article 6(1)(b) of the Regulation;
- c) Conducting direct marketing (targeting communications to carefully selected, individual customers, on a one-to-one basis, with a view to obtaining a direct response) on the basis of Article 6(1)(f) of the Regulation;
- d) Conducting marketing on the basis of Article 6(1)(a) of the Regulation (“consent of the data subject”);
- e) Issuing, collecting and storing invoices and accounting documents and keeping accounting books pursuant to Article 6(1)(c) of the Ordinance in connection with Article 74(2) of the Accounting Act of 29 September 1994 and in connection with Article 86(1) of the Act of 29 August 1997. – Tax Ordinance;
- f) Carrying out maintenance activities pursuant to Article 6(1)(b) or Article 6(1)(c) of the Regulation;
- g) Responding to complaints within the time and form prescribed by law pursuant to Article 6(1)(c) of the Regulation;
- h) The expression of opinions by the Customer on the basis of Article 6(1)(a) of the Regulation (“consent of the data subject”);
- i) Detection and prevention of fraud on the basis of Article 6(1)(c) of the Regulation;
- j) Establishing, defending and pursuing claims raised by or against the Controller (including the sale of claims to another entity) on the basis of Article 6(1)(f) of the Regulation in conjunction with Article 74(2) of the Accounting Act of 29 September 1994.
The processing of personal data does not require consent if, inter alia: the processing is necessary for the performance of a contract or taking steps prior to the conclusion of a contract (Article 6(1)(b) of the Regulation), results from a legal obligation incumbent on the Administrator (Article 6(1)(c)), or is necessary for the fulfilment of the Administrator’s legitimate interest (Article 6(1)(f)). Where consent is necessary in order to process personal data for a specific purpose, the Administrator asks for such consent. The consent given may be withdrawn at any time.
(2) Storage period
Data shall be stored for the period necessary due to the purposes described above, including:
- a) for the period necessary for the performance, termination or expiry of the contract and the performance of settlements thereunder, until the statute of limitations for claims arising from the contract;
- b) in the case of marketing activities, for the duration of the legitimate interest pursued by the Administrator, until the effective withdrawal of consent or objection by the data subject, and for the period after which any claims will become time-barred.
- c) for the performance by the Administrator of legal obligations, including the Civil Code, the Tax Ordinance, the Accounting Act
(3 ) Obligation or lack of obligation to provide personal data
The use of the Administrator’s services and the provision of personal data to the Administrator is voluntary. However, providing personal data is necessary in connection with:
– concluding a contract with the Administrator – each time the scope of data required to conclude a contract is communicated to the data subject. The consequence of failing to provide the data is the impossibility to conclude a contract.
– fulfilling the obligations imposed on the Administrator by the law – in this case providing personal data is a statutory condition resulting from the provisions imposing on the Administrator obligations which require the processing of personal data (e.g. in connection with the obligation to issue, collect and store invoices and accounting documents and to keep accounting records). Failure to provide such data will make it impossible for the Administrator to fulfil the indicated duties, which will result in the impossibility to conclude a contract.
(4) Rights of the person whose data are processed by the Administrator
Pursuant to the provisions of the Regulation, the data subject shall have the right to:
(a) demand access from the Administrator to the personal data concerning him/her, i.e. to obtain information as to whether the data are being processed, what is the scope and purpose of the processing of the personal data, as well as what rights he/she has against the Administrator,
- b) require the immediate rectification of the processed data and their completion,
- c) request the erasure of the processed data,
- d) request the restriction of the processed data,
- e) the right to data portability the right to object to the processing;
(f) to object to the processing of that data for marketing purposes, including profiling, to the extent that the processing is related to direct marketing;
(g) to lodge a complaint with a supervisory authority, i.e. the President of the Office for the Protection of Personal Data;
- h) withdraw the consent given for data processing at any time (withdrawal of consent shall not affect the lawfulness of the processing performed on the basis of consent before its withdrawal)
In order to exercise the above rights, a request must be made to the Administrator by email, letter or by submitting the request in person at the Administrator’s premises. In order to be sure that the person submitting the request is entitled to submit it, the Administrator may ask for additional information confirming the identity of the submitter.
It is clear from the provisions of the Regulation to what extent each of these rights can be exercised. This will depend in particular on the legal basis and purpose of the processing of personal data by the Administrator. The above rights may be exercised free of charge. however, in accordance with Article 12(5) of the Regulation, if the requests of the data subject are manifestly unreasonable or excessive, in particular due to their continuing nature, the controller may either charge a reasonable fee in accordance with Article 12(5)(a) or refuse to act on the request in accordance with Article 12(5)(b).
(5) Automated decision-making and profiling
Personal data will not be used for automated decision-making producing legal effects on the data subject, including profiling.
(6) Data recipients
In order to perform the contract and to ensure the proper functioning of the Administrator’s websites, the Administrator uses the services of external entities cooperating with it (e.g.: mail, couriers, payment processors). Personal data are transferred to external entities only if and to the extent that this is necessary to fulfil the purpose of the processing. The transferred personal data may only be used by external entities for the purpose of carrying out a task commissioned by the Administrator.
Personal data may be transferred to the following external entities (recipients) who cooperate with the Administrator::
- a) entities carrying out postal, courier and similar activities – to the extent necessary to carry out delivery and correspondence,
- b) providers of technical assistance to the Administrator and providers of IT solutions enabling the Administrator to perform his/her activity (for example, software providers, e-mail providers and hosting providers) – the Administrator shall make personal data available to a trusted provider acting on his/her behalf only to the extent and to the extent necessary to perform the specific purpose of processing,
- c) providers of customer feedback/publication solutions – to the extent necessary for the expression of opinions.
(7) Transfers of data outside the European Economic Area
( 1) Cookies
The Administrator may process the data contained in the cookies to anonymously analyse the actions of visitors, study their behaviour (e.g. opening certain pages) in order to provide them with advertisements tailored to their anticipated interests, also when they visit other websites which are partners in the advertising network of Google Inc. and Facebook Ireland Ltd. and to improve the administration of the Administrator’s websites.
By making the appropriate settings on your browser, you can block the installation of cookies – this may restrict the functionality of the website.
(2) Onsite Targeting
The Administrator uses cookie technology to analyse the actions of visitors (e.g. opening specific pages) and may present the User with advertisements and/or special offers.
(3) Retargeting, third-party cookies and data collection by third parties for the purposes of banner advertising.
The Administrator’s websites use retargeting (remarketing) technology.
– Google Analytics, Universal Analytics and Google Remarketing provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Detailed information on the operation of these services is available at www.google.com/intl/pl/policies/privacy/partners/ see also https://policies.google.com/privacy/update?hl=pl&gl=pl and from the service
– Facebook Pixel provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Detailed information available at https://www.facebook.com/about/privacy.
(4) Web analytics
The website is analysed by Google Analytics in such a way that IP addresses are only processed in an abbreviated form, which makes it impossible to directly associate an address with a User.
By using the website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You may withdraw your consent to the collection and storage of personal data at any time with effect for the future.
The user can opt out of cookies by making the appropriate browser settings. This may result in a limitation of the website’s functionality and the use of all its functions may not be possible.
(5) Server log files
The Internet browser provides data about the user’s activities on the Administrator’s websites, which are saved in server log files. The data records stored in this way contain the following data: date and time of the download, name of the page accessed, amount of data downloaded, as well as information on the product version of the web browser used, IP address, URL of the reference page (address of the page from which the user was redirected),.
The data records of the server log file are analysed for the purpose of debugging, server performance management, protection against DDoS attacks and adaptation of the offer.
(6) Final provisions
The Administrator’s websites may contain links (references) to other websites. Such websites operate independently of the Administrator and are not supervised by the Administrator in any way. The Administrator recommends that when you go to other websites, you should familiarise yourself with their own privacy policies. The Administrator is not responsible for the data handling policies of these websites.