1) GENERAL PROVISIONS
2. Data collected via the Website is administered by PATRYK RUMIŃSKI, doing business as WEB ROOM STUDIO PATRYK RUMIŃSKI in Gdańsk, registered in the Central Business Register and Inquiry of the Republic of Poland maintained by a minister in charge of economic affairs, with his principal place of business and address for service at ul. Jagiellońska 42 e/3, 80-366 Gdańsk, taxpayer identification number: NIP 7431817809, business identification number: REGON 220981298, e-mail address: [email protected], hereinafter referred to as the Administrator, who is also the Website Provider.
3. Personal data submitted on the Website is processed by the Administrator in accordance with applicable laws, in particular the Regulation (EC) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR or GDPR Regulation. The official wording of the GDPR Regulation is available from: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
4. Using the Website is voluntary. The provision of personal data by the Website user is also voluntary, save for two exceptions:
(2) Administrator’s statutory obligations: submission of personal data is statutorily required under generally applicable regulations whereby the Administrator is obligated to process personal data (e.g. as part of its tax or accounting obligations) and failure to submit the same makes it impossible for them to meet such obligations.
5. The Administrator takes utmost care to protect the interests of the persons whose personal data the Administrator processes, in particular the Administrator is responsible for making sure that data gathered by it:
(1) is processed in accordance with applicable laws;
(2) is gathered for specific legitimate purposes and is not further processed for any other purpose whatsoever;
(3) is substantially correct and adequate for the purposes such data is processed for;
(4) is stored in a form that enables to identify the persons it pertains to for no longer than it may be necessary for achieving the purpose of its processing; and
(5) is processed, using appropriate technical or organizational means, so as to properly ensure the safety of personal data, including protection of such data against any unallowable or illegitimate processing or inadvertent loss, destruction, or damage.
6. Considering the nature, scope, context, and purposes of data processing and the risk, however likely and imminent, of violating any right or freedom of natural persons, the Administrator implements appropriate technical and organizational measures to make data processing compliant with this regulation and be able to prove it. If needed, such measures are reviewed and updated. The Administrator takes technical measures to prevent unauthorized persons from intercepting or altering any personal data that is transmitted electronically.
2) DATA PROCESSING FRAMEWORK
1. The Administrator is entitled to process personal data if and insofar as at least one of the following conditions is fulfilled:
(1) the person such data pertains to has consented to his or her personal data being processed for one or more purposes;
(2) data processing is necessary to perform the contract which the person such data pertains to is party to or to take any measures at the request of the person such data pertains to prior to signing the contract;
(3) data processing is necessary to comply with the legal obligation imposed on the Administrator; or
(4) data processing is necessary for the purposes determined by the legitimate interests pursued by the Administrator or any third party, save where such interests are overshadowed by the interests or fundamental rights and freedoms of the person such protection eligible data pertains to, especially if such a person is a child.
2. Processing of personal data by the Administrator is, in each case, contingent on the existence of at least one of the prerequisites indicated in 2.1 hereof. A specific framework for the Administrator’s processing of Website Users’ personal data is laid down in the next clause hereof, namely with regard to a specific purpose of data processing by the Administrator.
3) PURPOSES, BASIS, DURATION, AND SCOPE OF DATA PROCESSING ON THE WEBSITE
1. The purpose, basis, duration, and scope of the processing of personal data by the Administrator, as well as recipients of such data, are, in each case, determined by what a User does on the Website.
2. The Administrator may process personal data on the Website for the following purposes, based on the following prerequisites, within the following durations, and to the following extent:
|Purpose of Data Processing||Legal Basis for Data Processing and Data Storage Duration||Scope of Processed Data|
|Performing the Electronics Services Contract or taking measures at the request of the person the data pertains to prior to signing such a contract||Article 6 clause 1 letter b) of the GDPR Regulation (contract performance). The data is stored for the time needed for the performance, termination, or expiration of an otherwise concluded contract.||Maximum scope; e-mail address|
|Direct marketing||Article 6 clause 1 letter f) of the GDPR Regulation (legitimate interests of the administrator). The data is stored for as long as the Administrator pursues a legitimate interest, but not longer than until the validity of any claims against the person the data pertains to in connection with the Administrator’s business activity expires under an applicable statute of limitations. The validity term is stipulated by applicable laws, in particular the Civil Code (the basic validity term for business related claims is three years, and for purchase contracts two years). The Administrator must not processed any data for direct marketing if the person the data pertains to has successfully opposed it.|
|Marketing||Article 6 clause 1 letter a) of the GDPR Regulation (consent). The data is stored until the person it pertains to withdraws his or her consent to the processing of his or her data for this purpose.||E-mail address|
|Determining, asserting, or defending any claims raised by or against the Administrator||Article 6 clause 1 letter f) of the GDPR Regulation. The data is stored for as long as the Administrator pursues a legitimate interest, but not longer than until the validity of any claims against the person the data pertains to in connection with the Administrator’s business activity expires under an applicable statute of limitations. The validity term is stipulated by applicable laws, in particular the Civil Code (the basic validity term for business related claims is three years, and for purchase contracts two years).||Name and surname; contact phone number; e-mail address. In addition, for Users who are not consumers, the Administrator may process the User’s corporate name and taxpayer identification number.|
4) DATA RECIPIENTS ON THE WEBSITE
1. To ensure the proper functioning of the Website, including the performance of its Contracts, the Administrator has to use external services (such as third-party software). The Administrator uses only services provided by such data processors who can properly guarantee that appropriate technical and organizational measures are implemented to ensure the compliance of data processing with the requirements of the GDPR Regulation and protect the rights of the persons the data pertains to.
3. Personal data of Website Users can be disclosed to the following recipients or recipient categories:
a. Service Providers who supply the Administrator with the technical, IT, and organizational solutions needed by the Administrator to carry on its business activity, including the Website and consequently Electronic Services (in particular suppliers of the software used to run the Website, e-mail providers). The Administrator discloses the User’s personal data to a selected supplier only if and insofar it is necessary to achieve a specific purpose of the data processing hereunder.
5) DATA PROFILING ON THE WEBSITE
2. On its Website, the Administrator may use data profiling for the purpose of direct marketing, but the Administrator’s decisions based thereon do not apply to the possibility of subscribing Electronic Services on the Website.
3. Data profiling on the Website involves automatic analysis or forecasting of a person’s behavior on the Website, e.g. when such a person visits a specific page of the Website or by analyzing the history of the actions taken by such a person on the Website so far. Such data profiling is possible if the Administrator is in possession of an individual’s personal data that can be used, e.g. to send him or her a newsletter informing about new products.
4. The person the data pertains to is entitled to object decisions based on automated data processing, including data profiling, and entail legal effects for such a person, or similarly have a substantial impact thereon.
6) RIGHTS OF THE PERSON THE DATA PERTAINS TO
1. Right to access, rectify, limit, delete, or move - the person the data pertains to has the right to request the Administrator to provide him or her with access to his or her personal data, to rectify or delete such data („the right to be forgotten”), to limit or object the processing thereof, as well as to have his or her data moved. Details of how such rights can be exercised are provided in articles 15-21 of the GDPR Regulation.
2. Right to withdraw the consent at any time – the person whose personal data is processed by the Administrator based on such a person’s consent (pursuant to article 6 clause 1 letter a) or article 9 clause 2 letter a) of the GDPR Regulation) is entitled at any time to withdraw his or her consent, this not affecting the right to process such data based on the consent before it was withdrawn.
3. Right to lodge a complaint with the supervisory authority - the person whose personal data is processed by the Administrator is entitled to lodge a complaint with the supervisory authority in the manner and mode prescribed in the GDPR Regulation and Polish laws, in particular the Personal Data Protection Act. In Poland, the supervisory authority is the Inspector General for Personal Data Protection.
4. Right to make an objection - the person whose personal data is processed is entitled to raise at any time an objection against his or her data being processed subject to article 6 clause 1 letter e) (public interests or tasks) or f) (legitimate interests of the Administrator) due to reasons associated with his or her special situation, including data profiling under such legislation. In such an event, the Administrator may no longer process such personal data unless the Administrator proves that there are significant, legitimate reasons for data processing which are superior to the interests, rights, and freedoms of the person the data pertains to or those for determining, asserting, or defending any claim whatsoever.
5. Right to object direct marketing - if personal data is processed for the purpose of direct marketing, the person the data pertains to is entitled to raise at any time an objection against his or her personal data being processed for the purpose of such marketing, including data profiling, insofar as the data processing is associated with such direct marketing.
7) COOKIES ON THE WEBSITE, PERFORMANCE DATA AND ANALYTICS
1. Cookie files (cookies) are short infos in the form of short text files sent by the server and saved on the Website visitor’s side (e.g. on the computer or laptop hard disk or the smartphone memory card, depending on what device the Website visitor uses). Details of the cookies and the history of how they were created can be found e.g. here: https://en.wikipedia.org/wiki/HTTP_cookie.
2. The Administrator may process the data contained in cookie files when users visit the Website for the following purposes:
a. To identify Users as logged into the Website and show that they are logged in;
b. To customize the Website content to reflect the User’s personal preferences (e.g. a preferred language) and streamline the use of the Website’s pages;
c. To maintain anonymous statistics of how the Website is used;
d. To use remarketing, i.e. to review the behavioral features of the Website’s users by anonymously analyzing what they do (np. recurrent visits to specific pages, keywords, etc.) to create their profiles and provide them with customized advertisements even if they visit other websites covered by Google Inc. display network.
3. As a rule, most commercially available web browsers accept saving cookies by default. Everyone can decide how he or she is going to use cookie files by making appropriate settings in his or her browser. This means that it is possible e.g. to partially limit (e.g. to certain times) or completely disable cookie saving; in the last event, this might affect some of the Website’s functionalities.
4. The cookie settings of the web browser are crucial to whether or not consent has been given for our Website to use cookie files; under the regulations, such consent can be given by making the relevant settings in the web browser. If such consent is refused, the cookie settings of the web browser have to be changed accordingly.
5. Details of how the cookie settings can be changed and how cookies can be removed from the most popular web browsers are available from the Help section of the relevant web browser and on the following pages (the only thing you need to do is to click the relevant link below):
a. for Chrome
b. for Firefox
d. for Opera
e. for Safari
6. On the Website, the Administrator may use Google Analytics or Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Administrator analyze the traffic on the Website. The so gathered data is processed as part of the said services on an anonymous basis (it is the so-called operational data, which is not enough to identify a person) to generate statistics that help administer the Website. Such data is collective and anonymous, i.e. it is free of any features (such as personal details) that could be used to identify Website visitors. When using the services described above for its Website, the Administrator gathers data such as the sources and media from and by which Website visitors have been attracted, as well as how such visitors behave on the Website, what equipment and which web browsers they use to visit the Website, what is their IP address and domain, their geographical and demographic data (age, gender), and hobbies.
7. It is possible to easily disable the disclosure of information on what you do on the Website to Google Analytics; for this purpose, you should install a browser add-on available from Google Inc. on: https://tools.google.com/dlpage/gaoptout?hl=en.
8. On its Website, the Administrator may use the Pixel services provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and Twitter Inc, with its registered office in the U.S.A. (San Francisco, California), respectively. The services help the Administrator measure the efficacy of advertisements and learn what visitors do on the Website, as well as display personalized advertisements. Details of how Facebook Pixel works like can be found on: https://www.facebook.com/business/help/742478679120153?helpref=page_content , and how Twitter Pixel works like here: https://twitter.com/piksel.
9. How Facebook and Twitter Pixel services work like can be adjusted by making the relevant advertisement settings on your Facebook.com and Twitter.com profiles.
8) FINAL PROVISIONS
Thank you for your reading carefully!
If you have any questions, please do not hesitate and contact us.
We look forward to cooperating with you