1. Controller – P.U. Poż-Pliszka Sp. z o.o. ul. Miałki Szlak 52 Hala C, 80-717 Gdańsk, NIP: 584-249-74-98, REGON: 192 944 315, KRS: 0000173544
2. Personal data – all information regarding an individual person or which could be used to identify an individual by means of one or several particular aspects defining physical, physiological, genetic, psychological, economic, cultural or social identity, as well as information collected via cookies and other similar technologies.
4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
5. Website – the website operated by the Controller at the address www.pliszka.pl
6. User – every physical person who visits the website or uses one or more of the services or functionalities described in the Policy.
2. PERSONAL DATA PROCESSING RELATEDTO YOUR USE OF THE SITE
3. PURPOSES AND LEGAL BASIS FOR PROCESSING OF PRSONAL DATA ON THE WEBSITE
USING THE WEBSITE
1. Personal data of persons using the website (including IP address or other identifier and information collected via cookies or other similar technologies) who are not registered users (i.e. those who do not have a profile in the website) are processed by the Controller.
1. in order to provide Users services via electronic means of contents collected on the website, provision of contact forms, in the latter case the legal basis of processing is the need to process such data for the purpose of executing an agreement (Art. 6 para. 1b of the GDPR)
2. for the marketing purposes of the Controller and associated entities, in particular those associated with the presentation of behavioural advertising; the principles of processing of personal data for marketing purposes are described in the section MARKETING.
3. User activity on the website, including personal data, is recorded in system logs (specialised computer programmes which serve to store a chronological record containing information on events and actions concerning the IT system which supports the provision of services by the Controller. The Controller also processes such data for technical purposes, in particular such data may be temporarily stored and processed in order to ensure the secure and correct operation of IT systems, for example those associated with the generation of security copies, change tests in IT systems, or the discovery of inconsistencies or protection from abuses and attacks.
1. The Controller ensures the possibility of contact via electronic contact forms. The use of such forms requires the provision of personal data essential to contact the User ad to provide a response to the User’s inquiry. The User may also provide other data to facilitate contact or a response to the inquiry. Provision of data marked as required is necessary to accept and process the inquiry, and failure to provide such data may make it impossible to service the inquiry. Provision of other kinds of data is voluntary.
2. Personal data are processed:
1. in order to identify the sender of the inquiry and to process the inquiry sent via the electronic form provided. The legal basis for such processing is the need for such data for the purpose of executing the provisions of an agreement on services (Art. 6 para. 1b of the GDPR)
1. The Controller processes the User’s personal data for the purpose of implementing marketing operations which may include:
• sending the User email notifications regarding offers which may be of interest or content which in some cases may include commercial information
• conducting other operations associated with direct marketing of products and services (sending commercial information via electronic means and telemarketing).
2. The implement marketing operations, the Controller may in some instances make use of profiling. This means that thanks to the automated processing of data, the Controller is able to assess selected factors concerning individual persons in order to analyse their behaviour or to generate a forecast of future behaviour.
5. DIRECT MARKETING
1. If the User has given consent for receiving marketing information via email, text messaging or other electronic means, the User’s personal data are processed in order to send such information. The legal basis for such processing is the Controller’s legitimate business interest involving the sending of marketing information within the scope of consent provided by the User (direct marketing). The User has the right to lodge a complaint against the processing of personal data for direct marketing, including for profiling. Such data will be stored for this purpose for the period covered by the legitimate business interest of the Controller, unless the User declines to receive such marketing information.
6. SOCIAL MEDIA SITES
1. The Controller processes the personal data of the User who visit the Controller’s profile in social media (Facebook, YouTube, Instagram). These data are processed strictly in conjunction with the operation of the profile, in order to inform Users of the Controller’s actions and to promote various types of events, products and services, and also to communicate with the User via functionalities available in social media platforms. The legal basis for processing of personal data by the Controller in this case is the Controller’s legitimate business interest (Art. 6 para. 1f of the GDPR) involving the promotion of its own brand and the establishment and strengthening of communities associated with this brand.
7. COOKIES AND OTHER SIMILAR TECHNOLOGIES
1. Cookies are small text files placed on the device of a User who is viewing the website. Cookies collect information which facilitate use of the website, for example by remembering the User’s visits to the website and the actions taken on it.
1. cookies with data entered by the User (user input cookies) for the duration of the session
2. authentication cookies used for services which require authentication for the duration of the session
3. user centric security cookies which serve to provide security, for example by discovering abuses in authentication ]
4. multimedia player session cookies (for example cookies serving the Flash player) for the duration of the session
5. persistent cookies (user interface customization cookies) which serve to personalise the interface for the duration of the session or slightly longer
6. shopping cart cookies which serve to remember the contents of the shopping cart for the duration of the session
7. cookies which serve to monitor traffic on the website, i.e. analytical data, including Google Analytics cookies (files which are used by the Google company for analysis of the way in which the website is used by the User, to create statistics and reports concerning the operation of the website). Google does not use the collected data for identification of the User nor does it link such information in a way which would allow for the identification of the User. Detailed information on the scope and principles of data collection in conjunction with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners.
8. PERSONAL DATA PROCESSING PERIOD
1. The period for processing of data by the Controller depends on the type of service provided and the purpose of processing. In principle, data are processed for the duration of the execution of the agreement or provision of services until consent is withdrawn or until a complaint lodged is deemed justified in the case of data processed based on the legitimate business interest of the Controller.
2. The processing period for data may be extended if such processing is essential to establish and/or pursue any claims or for defence from such claims, after which such data shall be processed only when and to the extent that the law requires. After this period expires, such data will be permanently deleted or subjected to anonymisation.
9. USER’S RIGHTS
Data subjects are entitled to the following rights:
1. The right to information on the processing of personal data; the Controller shall share information on processing of personal data with persons who make such a request, in particular information on the purposes and legal basis of processing, the scope of data possessed, and the entities with which this information is shared as well as the planned date of deletion of this information.
2. The right to receive a copy of these data; the Controller shall share a copy of the data processed with the data subject on demand;
3. The right to rectify such data; the Controller shall rectify any inconsistencies or errors in data processed, as well as complete or update such data if they are incomplete or have changed.
4. The right to delete data; the Data Subject may demand the deletion of data which are processed if such processing is no longer essential for the execution of any of the purposes for which such data has been collected.
5. The right to restrict processing of personal data; the Controller shall cease operations on and storage of personal data with the exception of processing for which consent has been given by the Data Subject in compliance with accepted norms of retention, or until such reasons for the restriction of data processing cease to apply (for example, when a decision of a supervisory body is issued which permits further processing of the data).
6. The right to transfer data; the Controller shall hand over data provided by the Data Subject to the extent to which the data is processed in conjunction with an agreement which has been made or consent which has been provided in a format which allows for machine reading. It is also possible for the Data Subject to demand transfer of applicable data to another Data Controller, providing that such a technical possibility exists both on the side of the Controller and the other party.
7. The right to lodge a complaint against the processing of data for marketing purposes; the Data Subject may at any time lodge a complaint against the processing of personal data for marketing purposes without the need to provide a justification for such a complaint.
8. The right to lodge a complaint against data processing for other purposes; the Data Subject may at any time lodge a complaint against the processing of personal data based on the legitimate business interest of the Controller (for example for analytical or statistical purposes or for purposes of the protection of property). The complaint in this case should contain a justification and is subject to assessment by the Controller.
9. The right to withdraw consent; if data is processed on the basis of the consent of the Data Subject, this consent may be withdrawn at any time – this withdrawal of consent, however, does not affect the legality of processing conducted before the withdrawal of consent.
10. The right to lodge a complaint; if the Data Subject feels that the processing of his or her personal data violates the provisions of the GDPR or other legislation regarding the protection of personal data, the Data Subject may lodge a complaint with the President of the Personal Data Protection Office.
11. Correspondence regarding the exercise of the rights of the Data Subject may be submitted:
1. in written form to: ul. Miałki Szlak 52 Hala C, 80-717 Gdańsk
2. via email to: email@example.com
3. and should contain information on what right the applicant wishes to exercise )for example, the right to receive a copy of the relevant data or the right to delete data, etc)
4. and should contain information on the process concerned (for example, the use of a specific service or activity on a specific website, receipt of a newsletter containing commercial information to a particular email address, etc)
5. and should contain information on which data processing purposes are concerned (for example, marketing purposes, analytical purposes, etc)
12. If the Controller is unable to verify the contents of the request or identify the individual submitting the request based on the submitted correspondence, the Controller shall contact the submitting individual with a request for further information
13. A response to such a request shall be provided within one month of receipt. If it is necessary to extend this period, the Controller shall inform the individual who has submitted the request of the causes of such a necessity
14. Such a response shall be sent to the email address from which the request was sent, and in the case of traditional mail, to the address indicated by the individual submitting the request provided that the contents of the request do not indicate that a response should be sent to an email address (in this case, the Data Subject should provide an email address)
10. DATA RECIPIENTS
1. Personal data may be shared with external entities, in particular with service providers responsible for service of IT systems, for provision of legal services, and other entities associated with the Controller.
2. The Controller reserves the right to share information regarding the User with relevant authorities or third parties which demand access to such information based on a legal basis which is in compliance with applicable legislation.
11. TRANSFER OF DATA BEYOND THE EEA
1. The Controller does not share collected data beyond the borders of the EEA.
12. SECURITY OF PERSONAL DATA
1. The Data Controller continuously conducts risk analysis in order to ensure that the processing of personal data is done in a manner which is secure – ensuring primarily that access to these data is possible only for authorised persons and only to the extent essential for execution of the task with which they are entrusted. The Controller makes every effort to ensure that all operations involving personal data are recorded and conducted only by authorised employees and persons.
2. The Controller takes all necessary steps to ensure that its subcontractors and other collaborating entities guarantee the application of appropriate security measures in every case in which data is processed at the request of the Data Controller.
13. CONTACT DATA
1. It is possible to contact the Data Controller by email at mail firstname.lastname@example.org