PRIVACY POLICY 

The owner and operator of the service is EOU Spółka z ograniczoną odpowiedzialnością (hereinafter occasionally referred to as: Service Provider). The Service Provider is responsible for the content of the service and for processing the information collected within it.

PERSONAL DATA CONTROLLER 

The personal data controller is EOU Spółka z ograniczoną odpowiedzialnością (Młynarska 42 / 115, 01-171Warsaw, Poland).

Information collection policy 

The online service processes personal data in accordance with the applicable regulations, in particular with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). All queries submitted to us will be processed with respect to confidentiality and trade secrets. Personal data and e-mail addresses will not be used for any purpose other than giving answers to submitted queries or concluding and fulfilling contracts with the Data Controller.

In particular, personal data will not be used to disclose commercial information in the future on services other than the ones directly related to the submitted query and will not be provided to third parties, unless the user gives consent to receiving commercial information and/or other forms of contact.

The goal and legal basis of processing data 

The processing of personal data will take place:

> to fulfill contractual obligations (art. 6 par. 1 point b of the GDPR)

The data is processed in order to run the Data Controller’s operation within the framework of performing the contracts concluded with customers or in order to perform activities before concluding a contract that are done on the customer’s request.;

> to make it possible for consumers to withdraw from a contract (art. 6 par. 1 point b and c of the GDPR)

The legal basis for processing is fulfilling the contractual obligations as well as legal obligations arising from the consumer’s right to withdraw from a distance contract. The consumer’s data is used for the purpose of analyzing the right to withdraw from a contract and of refunding their payment, alternatively, to inform the consumer that their withdrawal cannot be considered;

> to handle complaints (art. 6 par. 1 point b, c and f of the GDPR) The legal basis for processing is implementation of legitimate interest of the Data Controller, ensuring high level of the services provided and proper relations with customers. Personal data is used for the purpose of analyzing validity of complaints, communicating in order to solve the problem or to inform the customer that a complaint cannot be handled or considered;

> to conduct correspondence or other forms of communication (art. 6 par. 1 point a and f of the GDPR)

Your personal data may be processed by us for the purpose of written, phone or electronic contact, of conducting correspondence or communication. The basis for processing in such situation is legitimate interest of the Data Controller consisting of ensuring good relations with and satisfaction of customers, business partners and all the other people communicating with us. If it is the user who initiated the communication, their personal data will be processed based on the consent arising from initiating the communication;

> to fulfill legal obligations (art. 6 par. 1 point c of the GDPR) or perform tasks carried out in public interest (art. 6 par. 1 point e of the GDPR)

Personal data may be used in particular for the purpose of fulfilling the obligations arising from the regulations on accounting and tax law;

> for the purposes arising from legitimate interest carried out by the Business or by a third party (art. 6 par. 1 point f of the GDPR)

If necessary, we process data for the purpose of protecting legitimate interest of our own or of third parties. The examples of that include:

•handling user queries and contacting potential customers;

•researching customer satisfaction;

•pursuing claims and defense against claims;

•direct marketing of products and services;

•ensuring IT security, including functionality of the online service.

> to analyze data collected automatically during the use of the online service (art. 6 par. 1 point f of the GDPR)

We process personal data for the purpose of implementing our legitimate interest, which also manifests itself in ensuring proper functioning of the online service and running statistics on its views. As part of the analysis, we process personal data related to the IP of the devices the users access the online service on as well as data on the activity within the service. However, the personal data processed this way is not stored or archived anywhere.

The Data Controller utilizes Google Analytics tools within the online service (online company analytic tools). Google Analytics uses methods that make it possible to analyze the use of the website by the users – such as cookies for example. More details on the service are available at:

https://analytics.google.com/analytics/web/provision/?hl=pl#/provision According to Google’s claims, Google users from the European Economic Area and Switzerland are serviced by Google Ireland Limited based in Dublin, Ireland (Gordon House Barrow Street Dublin 4 Ireland).

Automatically collected information on the use of the online service may be transferred to a Google server and stored there. Google assures that they utilize data protection mechanisms required by the European regulations. More details on data protection by Google are available at:

https://policies.google.com/privacy?hl=pl 

Users may prevent recording of data collected by cookies on their use of the online service (including the IP address) for Google, as well as processing of that data by Google, if they download and install a browser plugin available at:https://tools.google.com/dlpage/gaoptout?hl=pl 

> to administrate the profiles of the Data Controller on web portals and social media (art. 6 par. 1 point a and f of the GDPR)

Personal data of the users can be processed by us in case of any user activity on the profiles of the Data Controller on web portals and social media (including liking a profile, leaving a comment, sharing etc.). The legal basis for processing is our legitimate interest consisting of collecting data through web portals on the activity on the Data Controller’s profiles, interests, data allowing to conduct anonymous analysis of user groups and interactions as well as presenting marketing offers related to our products and services. Grounds for processing also include the consent of a user arising from their activity on our profiles.

The activity of a user on the Data Controller’s profiles on web portals and social media is completely voluntary, but performing it is synonymous with processing of personal data.

Necessity of providing personal data 

Providing data is voluntary, but it might be necessary to conclude and perform a contract, withdraw from a contract, file a complaint, or contact the Data Controller.

In case of processing data for marketing purposes, providing data might be necessary in order to receive marketing information.

Sources of personal data 

Above all else, the personal data collected by the Data Controller comes directly from the customers. The data processed for marketing purposes might also be obtained

through marketing campaigns run on commission of the Data Controller by third parties.

Data processing period 

Personal data of customers and users will be stored for an adequate time, depending on the goal the personal data was collected for:

> data processed for the purpose of concluding and performing a contract, exercising the right to withdraw from a contract, filing a complaint–for the limitation period of the claims arising or potentially arising from the contract or for the period of mandatory storage of contract-related accounting documents as required by law – depending on whichever of these events is longer;

> data processed for the purpose of contact–for the period of conducting correspondence and after it ceases, for the period of the Data Controller’s legitimate interest existing, but no longer than the limitation period for potential claims related to the correspondence;

> data processed for marketing purposes–until cessation of conducting a particular type of marketing activities or until the user lodges an objection against processing data for marketing purposes – depending on whichever event occurs first;

> data processed for the purpose of administering the Data Controller’s profiles on web portals and social media – until (i) the user withdraws the like on the Data Controller’s profile and (ii) the user removes all activities on that profile. Cessation of data processing will also take place in the event of the user deleting their account on the web portals or the Data Controller’s profile being deleted on said web portals. Performing the above described activities is not synonymous with deleting archived data related to activity on the profile;

> data processed for the purpose of fulfilling obligations imposed by law – for the storage period of evidence confirming fulfillment of said obligations, but no longer than the limitation period for said obligations;

> data processed for the purpose of pursuing claims–for the limitation period of potential claims or the documents archiving period required by law – depending on whichever event is longer.

Personal data recipients 

The Data Controller does not make your data available to any third parties, unless it is necessary to ensure proper personal data processing and operation running by the Data Controller. Data is or can be made available or entrusted to the following recipients of personal data:

> entities providing postal and courier services to the Data Controller, > banks (for the purpose of money settlements),

> entities that the Data Controller is obligated to provide personal data to based on generally applicable legal provisions;

On top of that, data can be made available to processing entities (based on concluded contracts for entrusting of personal data processing), including:

> entities that may gain access to personal data while providing the Data Controller with services of hosting, e-mail and other electronic means of communication, handling the databases and information systems used by the Data Controller, > entities providing accounting services to the Data Controller,

> Google – due to Google tools being used on the Website.

The Data Controller may transfer the personal data of customers to third countries only in case of using information systems supplied by entities based outside of the European Union and the European Economic Area or when it arises from generally applicable regulations of the EU or national legislation.

The rights related to data processing by the Data Controller 

The GDPR grants the following rights related to processing of personal data: > the right to demand access to own personal data,

> the right to demand rectification of personal data,

> the right to demand deletion of personal data (the right to be forgotten) > the right to demand limitation on processing,

> the right to transfer data,

> the right to lodge an objection to processing of personal data,

If processing takes place based on consent, the user may also at any moment, without giving a reason, withdraw the consent given, at any form, and in particular by sending an e-mail to the Data Controller. Withdrawal of consent does not impact the legality of processing that took place based on consent before withdrawing it.

The user also has the right to file a complaint to the Chairman of the Personal Data Protection Office, if they believe that their data being processed by the Data Controller violates the law.

On cookies 

The service only uses automatic collection for the information contained in cookies. Cookie files (or simply “cookies”) constitute digital data, in particular text files, stored on the user’s end device (computer, telephone, tablet etc.) and intended for using the service’s websites. Cookies usually contain the name of the website they come from, time of being stored on the end device and a unique number.

Cookies may be used for the following purposes:

(i) tailoring the content of websites to the user preferences and optimizing the use of websites; in particular these files allow to recognize the user’s device and display thewebsite adequately for that device, in a way tailored to its individual needs,

(ii) creating statistics that help understand the way in which users use websites, thus making it possible to improve their structure and content,

(iii) maintaining user sessions on WWW pages (after logging in), so that the user doesn’t have to reenter login and password on each page of a particular website.

There are two main types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the user’s end device until logging out, leaving the website or closing the software (the web browser). Persistent cookies are stored on the user’s end device for a period specified in the cookies parameters or until being deleted by the user.

The following types of cookies are used: (a) essential cookies, which make it possible to use the services available on a website, like authentication cookies used for services that require being authenticated on the website; (b) security cookies, like the ones used to detect authentication abuses within a service; (c) performance cookies, which make it possible to collect information on how the service’s websites are used; (d) functional cookies, which make it possible to remember settings selected by the user and to personalize the user interface, like in terms of the selected language or the region the user is from, font size, appearance of the website etc.; (e) advertising cookies, which make it possible to deliver advertising content to the users that is more tailored to their interests.

Blocking or limiting of cookies by the user 

In many cases, the software used to browse websites (the web browser) by default allows to store cookies on the user’s end device. Users can at any time change the settings related to cookies, there is in particular an option to block storing cookies in the settings of the web browser on the user’s device or to force to inform the user about recording them on the device every time. Detailed information about the possibilities and methods of handling cookies is available in the settings of the software (the web browser). 

One has to remember, however, that disabling cookies may impact the correctness and/or quality of functioning as well as the convenience of using certain online services, including this service. In particular, some online services may stop functioning, which is why we advise against disabling cookies.

Third party cookies 

The website utilizes in particular statistics and cookies from Google to evaluate the effectiveness of own advertising campaigns and actions as well as analysis of user traffic on the website. Google cookies may in particular be stored on the user’s computer upon clicking or viewing an ad. They do not contain any personal data or contact data. The purpose of storing these files is measuring the effectiveness of an ad and identifying whether a particular ad has led the user to take the desired action on the page. Detailed information on how the information collected thanks to cookies

from Google is used can be found on the Data Controller Business page of the privacy protection by Google. We also recommend the ad preference manager page.

Third parties (third party providers), including Google, may display ads published by the Data Controller on websites that provide their advertising spaces. These providers, including Google, may use cookies or utilize web beacon type images to collect information on websites and then to display ads based on the user’s previous visits on the service’s pages or other pages related to the Data Controller, as well as on other websites. It is possible to opt out of this option and block these Google cookies on the page: Business privacy protection by Google.

The Data Controller may run advertising campaigns based on the user’s previous visits, as well as statistic-based information on the user’s preferences specified based on the websites previously visited by them in order to present the offer to them or to attract the user to visit the website again. These ads will not contain the user’s personal data and they will not unambiguously suggest that the user has performed a specific action on the website.

In particular, the Data Controller may use the dynamic ad display feature in their campaigns, which utilizes the Teracent cookie, the allowing of which can be opted out of on the Teracent website, as well as DoubleC1ick remarketing pixels, which can be opted out of on the Doub1eC1ick website or on the Network Advertising Initiative website. Those who are particularly interested in the issues of privacy protection and the option of limiting the collection of information on websites users by advertisers are recommended to visit the Network Advertising Initiative website.