Applies as of 25th May 2018.
I. Personal data processing in connection with the use of the website
The Controller collects the Users’ data in connection with their using the website and only to the extent necessary for rendering the particular services offered on the website; the Controller also collects anonymized information about the Users’ activity on the website - by means of http cookies - according to the rules laid down in this Policy.
II. Legal basis for and purposes of personal data processing on the website
The personal data provided by the User to the Controller include in particular the forename, surname, address of residence, telephone number and e-mail address; these are processed for a variety of purposes:
The Controller would like to emphasise that the personal data provided by the User are not used for marketing purposes, i.e. the Controller does not send advertisements, newsletters, nor does the Controller use any other forms of direct marketing.
The administrator does not process data for automated decision making and profiling.
Personal data are provided by filling in the relevant fields of the form on the “CONTACT” subpage. Personal data are provided voluntarily, but a refusal to give consent to the processing of personal data or provision of incomplete personal data may prevent one from using the services offered by the Controller.
Therefore, the Controller processes the User’s personal data for the purposes necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, as provided for in Article 6(1)(b) of GDPR.
Upon completion of the performance of the contract, the User’s personal data provided to the Controller may also be stored for a further period of time for the following purposes and on the basis of the following criteria for determining the duration of personal data processing:
III. The User’s rights
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
b) the data subject withdraws consent on which the processing is based according to Article 6(1)(a) of GDPR or Article 9(2)(a) of GDPR, and where there is no other legal ground for the processing,
c) the data subject objects to the processing pursuant to Article 21(2) of GDPR,
d) the personal data have been unlawfully processed,
e) the personal data have to be erased for compliance with a legal obligation in Union or Polish law,
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of GDPR.
IV. Recipients of the data:
In relation to the provision of services, personal data will be disclosed to external entities, in particular to suppliers responsible for operating the IT systems used in the provision of the services, to entities such as banks and payment service providers, to entities rendering accounting services, to couriers (in relation to the fulfilment of an order).
The Controller reserves the right to disclose information concerning the User to competent authorities or to third parties which make a request for this information on the appropriate legal basis and in accordance with the law.
V. Transfer of personal data outside the European Economic Area
The Controller does not transfer any personal data outside the European Economic Area, unless it is required by appropriate legal regulations and the transfer of data takes place at the request of competent authorities.
VI. Security of personal data
The Controller performs a continuous risk analysis to ensure that the Users’ personal data are being processed in a secure manner and lawfully and that the data are only accessible to authorized individuals and to the extent necessary for the performance of their tasks. All operations on personal data are being registered. Prior to any transfer of personal data to the Controller’s subcontractors, contracting parties or other entities cooperating with the Controller, the Controller makes every effort to ensure that those recipients guarantee appropriate protection of the personal data.
Moreover, the Controller takes special care that personal information is:
VII. HTTP Cookies
The Controller does not automatically collect any personal data in relation to the use of the website. However, certain other data contained in http cookies are collected while the website is being used. For this purpose, the Controller uses Google Analytics tools.
Http cookies are small text files stored on the end user’s device, e.g. computer, smartphone, which enable the web page to be displayed correctly.
The Users may control the way in which http cookies operate by means of mechanisms embedded in the software for browsing www pages (web browsers). However, blocking certain http cookies may affect the website functionality.
Http cookies collect information about the Users for the following purposes:
Http cookies do not contain any data identifying the User. They cannot be used to establish anyone’s identity. Http cookies are not in any way harmful to the end device and do not modify its settings nor the settings of any software installed on it. The content of http cookies is only readable to the server which created them.
The Controller does not directly display any advertisements concerning the Controller’s online services. The responsibility for the choice of advertisements that match the User’s preferences lies with Google Inc.
VIII. Final provisions
If in doubt or to obtain additional information, please contact us at the e-mail address: firstname.lastname@example.org