This Policy is of informational nature and serves to fulfil the informative obligations imposed on the data controller by the GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
CONTROLLER OF PERSONAL DATA
- The controller of Users' personal data shall be the Service Provider - the limited liability company AIT Sp. z o.o. with its registered office at ul. Promykowa 8, 11-036 Unieszewo, Poland, entered into the register of entrepreneurs kept by the District Court in Olsztyn, 8th Commercial Division under the KRS number 0000822997, holding Tax Identification Number (NIP) 7393936149, National Business Identification Number (REGON) 385313278, with a share capital of 5,000 PLN.
- "The controller of personal data may be contacted mainly via the following e-mail address: firstname.lastname@example.org"
THE WAY YOUR DATA ARE PROCESSED
- The purpose and scope of personal data processed is determined by the scope of data provided by the User in the contact form. Processing of the Users' personal data involves their first and last name, telephone number, e-mail address, IP number, delivery address, billing address. The nature of the services provided by the Service Provider makes it impossible to provide such services in an anonymous manner.
- Users' personal data shall be processed for the following purposes: (a) complying with the provisions of the law (Article 6.1.c of the GDPR), (b) provision of online services to data subjects (Article 6.1.b of the GDPR), (c) promotional and commercial activities by the Service Provider (if the User has agreed to Article 6.1.a of the GDPR, and in other cases to Article 6.1.f of the GDPR, i.e. the Controller's legitimate interest in providing information on the services rendered).
- The provision of personal data is voluntary, yet the lack of consent to the processing of obligatory personal data, i.e. first name, last name, telephone number and e-mail address, shall render the provision of services and the performance of agreements by the Service Provider impossible, and the remaining data is necessary to use the services via the Website.
- The legal basis for the processing of personal data in the case referred to in paragraph 2.2(a) above is the authorisation to process data necessary to act lawfully, whereas in the case referred to in paragraph 2.2(b) the legal basis is the performance of an agreement to which the data subject is a party or to take action at the request of the data subject before the conclusion of the agreement, as well as the authorisation to process the data when it is necessary for the purposes resulting from the legitimate interests pursued by the Service Provider or by a third party, and in the case of letter (c) - the User's consent or the Administrator's legitimate interest to be informed about the services provided.
- If the Service Provider is informed about the User's use of the services contrary to the Terms of Service or the applicable regulations (prohibited use), the Service Provider may process the User's personal data to the extent necessary to determine his accountability.
- The User's personal data shall be processed for the period of 30 days from the moment of Account closure, and after that time the data shall be deleted unless their processing is necessary pursuant to another legal basis, e.g. in connection with the period of limitation of claims or legal and tax reasons.
- The Service Provider shall not transfer personal data to third countries.
RECIPIENTS OF THE DATA
- The Service Provider may entrust the processing of personal data to third parties in order to perform the activities indicated in the Terms of Service and to provide services to the User. Then, the recipients of User's data may include: the Website's hosting provider, the company providing technical support for the Website, the Service Provider's accounting office, courier companies delivering Orders, Suppliers.
- Personal data collected by the Service Provider may also be made available to: competent state authorities at their request on the grounds of the relevant legislation or to other persons and entities - under circumstances provided for by the law.
- Each entity entrusted by the Service Provider with the processing of the User's personal data guarantees an appropriate level of security and confidentiality of personal data processing in accordance with the Personal data processing agreement (hereinafter referred to as "DPA"). The entity processing User's personal data under DPA may process User's personal data through another entity solely on the grounds of Service Provider's prior consent.
DATA SUBJECT'S RIGHTS
- Each User has the right to: (a) delete the personal data collected about him/her both from the system owned by the Service Provider and from the databases of entities with whom the Service Provider cooperates or has cooperated, (b) limit the processing of data, (c) transfer the User's personal data collected by the Service Provider, including to receive them in a structured form, (d) to require the Service Provider to access and rectify User's personal data, (e) to object to the processing of data, (f) to withdraw the consent granted to the Service Provider at any time without affecting the lawfulness of processing carried out on the basis of consent prior to withdrawal; (g) lodge a complaint against the Service Provider with a supervisory authority.
- The User's data may be subject to profiling in order to tailor the relevant service offer or other services to his/her needs and interests. In each case of such a necessity resulting from the provisions of the law, the User shall be asked to express his or her consent to the processing of personal data for the purpose of profiling or to consent to the processing of specific categories of personal data for this purpose.
- Profiling is an automatic analysis of some personal factors concerning a given person. The Controller carries it out in order to analyse the User's needs in the context of the Controller's offer and to present the User with materials appropriate to his/her preferences.
- The User shall not bear any negative consequences in connection with the performed profiling and automated decision making, and the User's personal data shall not be profiled and shall not be used for automated decision making in the scope other than the purpose indicated in paragraph 2.2.c. above.
- As far as the User's personal data are subject to profiling and automated decision making, he/she shall be entitled to object to such actions, and in the scope in which the processing is based on his/her consent, to withdraw such consent.
- The Website may store http enquiries, therefore certain information may be stored in the server log files, including the IP address of the computer from which the enquiry originated, User's station name - identification carried out via the http protocol, if possible, the date and system time of registration on the Website and the arrival of the enquiry, the number of bytes sent by the server, the URL of the page previously visited by the User if entered via the link, information about the User's browser, information about errors that occurred during the execution of http transactions. The logs may be collected as material for proper administration of the Website. Only persons authorised as administrators of the IT system have access to the information. Log files may be analysed in order to compile statistics on the traffic and errors occurring on the Website. The User is not identified in any summary of such information.
- The Service Provider shall use all available technical and organisational measures to ensure the protection of the processed personal data appropriate to the risks and categories of data covered by the protection, and in particular it shall technically and organisationally protect the data from being disclosed to unauthorised persons, taken away by an unauthorised person, processed in breach of the Act, and modified, lost, damaged or destroyed. SSL certificates shall be used, among others. The collected personal data of the Users are stored on a secure server and the data is also protected using the Service Provider's internal procedures designed for personal data processing and information security policy.
- The Service Provider has also implemented appropriate technical and organisational measures, such as pseudonymisation, designed to effectively comply with data protection rules, such as data minimisation, and to affix the necessary safeguards to the processing in order to comply with the requirements of the GDPR and protect the rights of data subjects. The Service Provider implements all the necessary technical measures as defined in Articles 25, 30, 32-34, 35-39 of the GDPR which ensure increased protection and security of the processing of the User's personal data.
- Furthermore, the Service Provider informs that the use of the Internet and services provided by electronic means may be threatened by malware entering the ICT system and the User's device, as well as third party's unauthorized access to the User's data, including personal data. In order to minimize such risks, the User should implement appropriate technical security measures, e.g. by using up-to-date antivirus software or protecting the User's identification online. In order to obtain detailed and professional information on maintaining on-line protection, the Service Provider recommends obtaining it from entities specialising in this type of IT services.
- In order to ensure proper operation of the Website, the Service Provider uses cookie files technology. Cookies are packets of information connected to the Website that are stored on the User's device, usually containing information consistent with the purpose of a given file, by means of which the User can use the Website. Cookies usually contain the address of the Website, date of placement, expiry date, unique number and additional information relevant to the purpose of a given file.
- The Provider uses two types of Cookies: session Cookies, which are permanently deleted at the end of the User's browser session, and persistent ones, which remain on the User's device after the end of the browser session until they are deleted.
- It is not possible to establish the User's identity based on the Cookies, neither session nor permanent. The Cookies mechanism does not allow to download any personal data.
- The Service Provider's Cookies are safe for the User's device, specifically they do not allow viruses or other software to penetrate the device. External Cookies (i.e. Cookies placed by Service Provider's partners) can be read by an external server.
- The User may disable the storing of Cookies on his device, according to the instructions of the manufacturer of the browser, but this may cause unavailability of some or all functions of the Website.
- The following types of Cookies are used by the Website:
- "strictly necessary" Cookies, enabling the use of services available on the Website, e.g. authentication Cookies used for services requiring authentication within the Website;
- Cookies used for security purposes, such as those used for detecting authentication abuses on the Website;
- "performance" Cookies, which enable the collection of information about the use of the Website's pages;
- "functional" Cookies, which enable saving of the User's selected settings and personalisation of the User's interface, e.g., in terms of the language or region from which the User comes from, font size, appearance of the website, etc;
- "targeting" Cookies, enabling the provision of advertising content to Users that is more relevant to their interests.
- In many cases, the software used to browse Internet pages (web browser) allows for storing Cookies in the User's device by default. The User may change the settings concerning the Cookies at any time. These settings may be adjusted, in particular, in such a way as to block the automatic handling of cookies in the settings of the web browser or inform about their placement in the User's device whenever the files are stored. Detailed information about the possibilities and methods of handling cookies are available in the settings of the software (web browser).
- Cookies placed in the User's device and may also be used by advertisers and partners cooperating with the administrator of the Website. The User may independently change the settings for cookies at any time, specifying the conditions of their storage through the settings of the web browser or by configuring the service. The User may also remove Cookies stored on his/her device at any time, following the instructions of the browser maker.