1. The controller of personal data collected via website sda.bydgoszcz.pl is company CETOR Sp. z o.o. with registered address ul. Fordońska 246, 85-766 Bydgoszcz, entered in the Register of Entrepreneurs with number: KRS 0000209453, VAT identification number (NIP): 5542587180, REGON number: 093195008, holding share capital of PLN 50, 000.00, e-mail address: email@example.com, hereinafter the “Administrator”, also the Service Provider, place of business: ul. Fordonska 246, 85-766 Bydgoszcz, address for service: ul. Fordonska 246, 85-766 Bydgoszcz, VAT identification number (NIP): 5542587180, REGON number: 093195008, e-mail address: firstname.lastname@example.org, hereinafter the “Administrator”.
2. Personal data collected by the Admnistrator via website are processed in accordance with the Regulation 2016/679 of 29 April 2016 of the European Parliament and the Council of the European Union on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as GDPR and in accordance with the Personal Data Protection Act of 10 May 2018.
TYPE OF PERSONAL DATA PROCESSED, PURPOSE, AND SCOPE OF PROCESSING
1. TYPE OF PROCESSED PERSONAL DATA, LEGAL BASIS FOR COLLECTION. The Administrator processes personal data via website sda.bydgoszcz.pl in the following cases:
a. a user fills out a contact form. Personal data is processed in accordance with Article 6(1)(f) GDPR as a legally justified interest of the Administrator.
2. TYPE OF PERSONAL DATA PROCESSED. The Administrator processed the following categories of a user’s personal data:
a. Name and last name,
b. E-mail address,
c. Phone number,
3. ARCHIVING PERIOD OF PERSONAL DATA. Personal data of users are archived by the Administrator:
a. if the basis for data processing is the performance of an agreement, for as long as it is necessary to perform the agreement, and after this period for the period corresponding to the period of limitation. Unless a specific regulation provides otherwise, the limitations period is six years and for claims concerning periodical performances and claims connected with conducting business activity – three years.
b. if the basis for data processing is consent, for as long until consent is withdrawn after consent is withdraw for a period of time corresponding to the period of limitation. Unless a specific regulation provides otherwise, the limitations period is six years and for claims concerning periodical performances and claims connected with conducting business activity – three years.
4. When a user is using the website additional information may be collected, especially: IP address assigned to the user’s computer or external IP address of the Internet provider, domain name, type of browser, access time, type of operational system.
5. Positioning data may also be collected from users, including information about links they decide to click or other activities on the website. The legal basis for this type of activity is legally justified interest of the Administrator (Article 6(1)(f) GDPR) to facilitate the use of electronically supplied services and to improve the functionality of these services.
6. Providing personal data by the user is voluntary.
7. Personal data will also be processed in an automated way in the form of profiling, providing a user gives their consent according to Article 6(1)(f) GDPR. The result of profiling is applying a profile to an individual in order to take decisions concerning that individual or for analyzing or predicting their preferences, behaviors, and attitudes.
8. The Administrator takes the utmost care to protect the interest of individuals the data concerns, in particular, ensures that the data collected is:
a. processed in accordance with the law,
b. collected for specified and legitimate purposes and not further processed in a way incompatible with the intended purposes,
c. substantively correct and relevant in relation to the purpose they are processed and kept in a form which permits identification of individuals it concerns for no longer than it is necessary to achieve the purpose of processing.
3. THE PROVISION OF INFORMATION TO DATA SUBJECTS
1. The data subject has the right to access their data used by the Administrator to run the website. The Service Provider the personal data is forwarded to, depending on contractual obligations and conditions, is either subject to the instructions of the Administrator regarding purposes and types of data processing (processor) or determine the purposes and types of data processing on their own (administrators).
2. Personal data of users is kept exclusively within the European Economic Area (EEA).
4. THE RIGHT OF CONTROL, ACCESS, AND RECTIFICATION OF PERSONAL DATA
1. The data subject has the right to access relating to them and to correct and delete data or block data processing, the right to transfer data, the right to object, the right to withdraw consent at any moment that shall not affect the lawfulness of processing based on consent before its withdrawal.
2. Legal basis for a user’s request:
a. Right of access – Article 15 GDPR
b. Right to rectification – Article 16 GDPR
c. Right to erasure (the right to be forgotten) – Article 17 GDPR
d. Right to restriction of processing – Article 18 GDPR
e. Right to data portability – Article 20 GDPR
f. Right to object – Article 21 GDPR
g. Right to withdraw consent – Article 7(3) GDPR
3. For the purpose of exercising rights referred to in Point 2 a user can send an appropriate message to the e-mail address: email@example.com.
4. In case a user request to exercise any of the above-mentioned rights, the Administrator shall fulfill the request or reject the request forthwith, however, not later than within a month since the request was made. If due to the complexity of the request or the number of requests, the Administrator is unable to meet the request within the period of one month, the Administrator shall meet the request within consecutive two months and shall inform the user in advance, within the period of one month since the request was made, about the intended extension of the deadline and the reasons for it.
5. In case it is found that the processing of data breaches the regulations of GDPR, the data subject has the right to file a complaint with the president of the Office of Competition and Consumer Protection (UOKiK).
2. The installation of cookies is necessary for the correct provision of the services on the website. Cookies include information necessary for the correct functioning of the website. Cookies also provide the possibility to develop general statistics concerning visits to the website.
3. There are two types of cookies used within the website: session and persistent.
a. Session cookies are temporary files that are stored on the user-side machine until log out (exiting the website).
b. Persistent cookies are stored on the user-side machine for a period of time determined in the cookie parameters or until they are deleted by the user.
4. The Administrator uses their own cookies for better knowledge of the way a user interacts within the content of the website. The files collect data that concerns the way the website is used by the user, the type of the website the user was directed from, and the number of visits and duration of the user’s visit to the website. This information does not register the particular personal data of the user but is used to develop statistics concerning the use of the website.
5. The user has the right to determine the range of access of cookies to their computer by selecting the cookies in the window of their browser. Detailed information on the possibility and the ways of using cookies is available in your software’s settings section (the browser).
Examples of editing options in popular browsers:
a. Mozilla Firefox: www.support.mozilla.org/pl/kb/ciasteczka
b. Internet Explorer: www.support.microsoft.com/kb/278835/pl
c. Google Chrome: www.support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
d. Safari: www.safari.helpmax.net/pl/oszczedzanie-czasu/blokowanie-zawartosci/
e. Opera: https://help.opera.com/pl/latest/web-preferences/#cookies
6. ESSENTIAL MARKETING TECHNIQUES
7. FINAL PROVISIONS
1. The Administrator shall apply technical and organisational measures that guarantee the protection of processed respectively to the dangers and categories of data under protection, and, in particular, secures the data from unauthorized access to third parties, protects from unauthorized takeover, processing in breach of the provisions as well as against any change, removal, damage or destruction.
2. The Administrator shall make available appropriate technical measures preventing unauthorized access to and modification of personal data sent electronically.