The purpose of the Policy is to define the principles, processing and use of data and information from users of the website, and includes information on the rights of individuals with respect to the personal data they provide.
2. Data protection rules
The Administrator shall take special care to ensure that all personal data are processed in accordance with the purpose for which they were collected and used in accordance with the scope of the authorizations (consents) granted and the areas of processing permitted by law.
3. Purpose of personal data processing
Any person providing personal data to the Administrator through the forms on the website is informed of the specific purpose for which the data are processed and the legal basis for the processing.
The administrator uses personal data only for the following purposes:
- in the case of consent to be contacted via a contact form for the purpose of contacting a representative of the Administrator (Article 6(1)(a) of the DPA);
- in the case of the conclusion of a contract, for its proper execution (Article 6(1)(b) of the RODO);
- For the purpose of establishing, investigating or defending claims (Article 6(1)(f) of the GDPR).
- Your personal data processed on the basis of your consent will be processed until you revoke it or the purpose for which the data was collected ceases.
Data processed in connection with the conclusion and performance of the contract, will be processed in accordance with applicable regulations, but no longer than until the expiration of the period in which the Administrator can assert claims related to the concluded contract.
4. Data safety and storage
The Administrator shall ensure the security of personal data by means of appropriate technical and organizational measures to prevent unlawful processing of data and their accidental loss, destruction and damage.
The Administrator shall exercise due diligence to ensure that personal data:
- lawful, up-to-date, reliable and transparent,
- collected for specific and legitimate purposes and not further processed in a manner incompatible with those purposes;
- adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- correct and updated as necessary;
- kept in a form that allows identification of the data subject for no longer than necessary for the purposes for which the data are processed;
- processed in a manner that ensures appropriate security of personal data;
- while ensuring the realization of the rights of data subjects;
- nie transferowane bez odpowiedniej ochrony do krajów poza Europejski Obszar Gospodarczy lub organizacji międzynarodowych.
We store user data on specially protected servers. They are secured by technical and organizational measures against loss, destruction, access, modification or distribution of data by unauthorized persons. Only authorized responsible persons with appropriate qualifications and knowledge of the importance of personal data and its protection have access to the data. Those responsible for technical, commercial or editorial support of servers present the same qualifications and responsibility. We conduct regular inspections of the data protection system against all threats striving for maximum data protection. Personal data is transferred on the Internet in encrypted form. However, data transfer is at the data owner's own risk. Having any doubts about transferring one's own data, everyone should consider the safest way to transfer it.
5. Data acquisition
When collecting any personal data, the Administrator shall note from where it was first obtained.
Personal data is obtained through:
- forms filled out online - information is collected through various forms available on the website for contact purposes, to submit questions, to express comments;
- non-network contact ̶ on the Administrator's websites there are various telephone and fax numbers and email addresses where you can contact us ;
- traffic data and statistics on the frequency of visits to the Administrator's sites - a record is kept of information on traffic data that is automatically recorded by our server, such as the user's IP address, URLs visited before visiting our site, URLs visited after visiting our site, and visited pages. Statistics on the number of visits to the site and page views are also collected. The administrator is not able to directly determine the identity of a user based on traffic data and statistics on the use of the site.
- When using the resources of the websites managed by the Administrator - information about users is collected through files such as "cookies". Cookies - small text files transferred from the website and stored on the hard drive of the user's computer used for customization of content and services to the individual needs and interests of users of the Administrator's website. They allow the site to "remember" who you are. The user may disable the option to accept cookies in his/her browser at any time, however, the effect of such a change may be the loss of use of the Administrator's website.
- During each visit to our site or online service, we collect the following information about your computer: your computer's IP address, the query sent from your browser and the time of such query. In addition, as part of such a query, information about the status and amount of data transferred is collected.
We collect information about the type and version of the Internet browser you use and the operating system of your computer. We also collect information about which website you came to our online service from. In doing so, the computer's IP address is stored only during the time you use our online service, and is then deleted or given anonymity status by truncation. Other data is stored for a limited period. We use this data to operate the online offering, in particular to identify and rectify errors, to determine the load of the online offering, as well as to adjust or improve it. We ensure data security according to the most modern data protection standards.
6. User rights
The Administrator shall respect each person's rights related to the processing of his/her personal data. In particular, each person whose data is processed is entitled to:
- The right to access your personal data and the right to request their rectification, deletion or restriction of their processing;
- The right to portability of personal data, i.e. to receive your personal data from the Administrator, in a structured, commonly used machine-readable format, if technically possible. You may send this data to another controller;;
- to the extent that the processing of your personal data is based on the premise of the controllers' legitimate interest, you have the right to object to the processing of your personal data;
- withdraw it. You can revoke your consent at any time by sending a request to the Administrator's address listed in Section 1. However, withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal;
- to exercise the above rights, please contact the Administrator;
- the right to file a complaint with the President of the Office for Personal Data Protection.
- The controller stipulates that in the event that it is not possible to identify a person absolutely, for example, due to the extent of the data provided by him/her, he/she may refuse to take action at the request of the data subject by informing the data subject, unless the data subject provides additional information that allows him/her to be identified.
The Administrator informs that he is not obliged to delete data ("right to be forgotten") in case the processing is necessary to:
- exercise of rights and freedom of expression and information,
- to comply with a legal processing obligation under European or Polish law, or to perform a task carried out in the public interest, archival purposes in the public interest, scientific or historical research purposes, or statistical purposes,
- to establish, assert or defend claims.
- If the User objects to further processing for marketing purposes or to the transfer of personal data to another data controller, the objection shall be upheld. However, the data controller may leave the data identifying the individual in the file only to avoid reuse of the individual's data for the purposes covered by the objection.
The user may exercise the right to information and access to data. At the request of the data subject, the Data Controller shall, within 30 days, provide the necessary information.
7. Scope of sharing user data
The Administrator declares that he does not sell and does not lend the personal data collected for processing to other entities, except at the request of state authorities authorized by law for the purposes of their investigations or activities related to security or defense, for legally defined tasks carried out for the public good, when it is necessary to fulfill the legally justified purposes of the Administrator.
The administrator may share personal data with the company's employees and associates.
In addition, the recipients of the personal data processed by the Administrator will only be entities that provide and support ICT systems.
9. Right to make a complain
13. Protection of minors
Children and young people under the age of 16 are not allowed to provide us with any personal information without the consent of their parents or guardians. We do not request any personal information from children or young people, we do not collect it and we do not provide it to third parties.