The Administrator of personal data
1.1. The administrator of the personal data of the WWW Users is: Ars Thanea S.A. with headquarters at Wiertnicza 39A Street, 02-952 Warsaw registered in the Register of Entrepreneurs of the National Court Register maintained in the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under the number KRS 000065391332, Tax Identification Number: 5252391391, REGON 140938516, with share capital of 9 000 000,00 PLN 00 paid in full (hereinafter also referred to as the “Administrator” or “the Company”).
1.2. In any matter regarding the processing of your personal data, please contact us at the following e-mail address: firstname.lastname@example.org.
Processing of personal data – the basic information
2.1. Personal data is all information about an identified or identifiable natural person. All personal data is collected, stored and processed on the Website in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR).
2.2. The User of WWW provides an e-mail address on the WWW in order to make contact with the Company and maintain business relations with the User of WWW.
2.3. Personal data is protected from access by third parties. The company uses data only for contacts with Users of the WWW.
2.4. The Administrator does not process special categories of data.
2.5. The Company does not process personal data for purposes in which unambiguous consent is required, and such consent has not previously been granted.
The purposes of personal data processing
3.1. Personal data is collected, stored and used by the WWW with the consent of the persons to whom they relate, in accordance with the law and with due process and in a manner that ensures their safety.
3.2. The Administrator may use personal data only to provide proper service to the Users of the WWW and as part of communication with Users who have given their consent.
3.3. Personal data is used to conclude, execute and change, if any, the contract concluded with you, including service delivery, complaint handling, abuse prevention and detection, and claim management.
3.4. The Administrator declares that he does not apply profiling for the purposes of direct marketing.
3.5. The Administrator provides the following legal grounds for data processing, including personal data:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes – the legal basis for the processing is art. 6 par. 1 lit. a) of the GDPR);
b) processing is necessary for the performance of the contract to which the data subject is a party – the legal basis for processing is art. 6 par. 1 lit. b) of the GDPR);
c) for analytical and statistical purposes, for the analysis of Users’ activity on the Website, in order to improve the functionalities used – the legal basis of the processing is the justified interest of the Administrator (Article 6 paragraph 1 point f) of the GDPR);
d) for the purpose of potential determination, investigation or defense against claims – the legal basis of the processing is the legitimate interest of the Administrator (Article 6 paragraph 1 point f) of the GDPR).
Other purposes of processing personal data
4.1. The Company processes data for internal analyzes to manage the services provided and to plan their development. In addition, personal data are processed by us in order to fulfill the obligations imposed on the Company by law.
4.2. The Administrator does not process personal data in automatic decision-making processes.
Protection of personal data being processed
5.1. The set of collected personal data is treated as a database with a high degree of security. The collection is stored on a secure server against both remote (IT) and physical access. In addition, all persons who process User’s personal data for the purposes of the WWW, appropriate authorizations issued by the Administrator. The basis for entrusting the processing of personal data is an appropriate agreement.
5.2. The Administrator does not transfer personal data of the WWW Users outside the European Economic Area.
Disclosure of personal data
6.1. The Company ensures special diligence in caring for the personal data protection. Personal data may be provided to entities that provide services to the Company. These entities are separate administrators of personal data that process data on their own behalf. These include courier and postal companies, banks, payment institutions or authorized public administration bodies, including the Chairman of Electronic Communications Office.
Duration of processing personal data
7.1. The data will be processed and stored by the Administrator for the time necessary due to the purpose of their processing. If personal data are processed in order to conclude or perform the contract and fulfill the legal obligation of the Administrator, they will be kept for the duration of the contract, and after its expiry for the time necessary for after-sales customer service (e.g. complaint handling), security or investigation of possible claims related to the contract and fulfillment of the Administrator’s legal obligation.
7.2. In the case of processing personal data on the basis of an expressed consent to the processing of personal data, the processing time will depend on the duration of the consent, i.e. until its revocation.
7.3. Personal data processed for the purpose of marketing and promotion of the Administrator’s own services, on the basis of a justified legal interest, will be processed until the opponent complains.
Processing of other data of the WWW Users
8.1. Information contained in system logs (eg IP address) can also be collected on the WWW and its subpages. They are used for technical purposes related to server administration. IP Addresses are also used to collect general statistical information about Users visiting the WWW.
9.1. Data of particular importance – in particular all kinds of passwords – are sent via SSL encrypted protocol.
Users’ rights in relation to personal data
10.1. The Company indicates the catalog of rights in relation to personal data:
a) rectification (correction of data);
b) deletion of data processed unreasonably in situations where this right is not excluded;
c) limitation of data processing;
d) access to information about the data and the data itself;
e) transferring data to another administrator;
f) the right to object to the data being processed to the competent authority: https://uodo.gov.pl/.
Request to delete personal data from the database and other applications
11.1. At any time, the User withdraws consent to the processing of personal data for the purposes of sending newsletter messages or processing data for marketing purposes, if such consent was previously expressed by the User. The appropriate message should be sent to the e-mail address: email@example.com or traditional mail to the above-mentioned address of the Administrator’s office. Withdrawal of consent will result in the User not being receiving information about promotions, new products and other attractive offers dedicated to our clients from the time the User submits a statement of withdrawal.
11.2. Further processing of the User’s data may take place due to the following reasons:
a) meeting the required period of data storage in relation to commercial and tax law;
b) storage of evidence in the area of legal restrictions.
11.3. Individual applications regarding User’s rights related to the processing of personal data, please direct:
a) in writing to the address of the Administrator’s office;
b) by e-mail to the following address: firstname.lastname@example.org.
11.4. Any additional information about the rules for the processing of personal data, including their use and protection, as well as the User’s rights and conditions of use, will be available at the registered office of service providers by email at email@example.com.
11.5. The administrator does not declare a formal obligation to appoint an Inspector of Personal Data Protection.
11.6. In the event that the User finds that the processing of his personal data is illegal, he has the right to lodge a complaint with the President of the Office for the Protection of Personal Data.
12.1. WWW uses “cookies”. Cookies are text files saved on the user’s computer when using websites. Cookies store information such as the language setting, the length of time a given user spends on the website or the information on it. And therefore, the Company avoids re-entering all the necessary data the next time visit on WWW.
The Company uses the so-called “Session files” or “session cookies”, which, depending on the User’s browser settings, will be deleted when the browser is closed. The Company also uses files that are used immediately after the session (“trans-session cookies”). These files are used, in particular, to make services of Company more user-friendly and more effective. And therefore, it is possible that the Company may provide information tailored exactly to the interests of the User on the page which the User is currently browsing.
12.2. Tools designed for Website Optimization
The Company uses products and functions provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”):
a) Google Tag Manager
This tool does not collect personal data in itself. It supports and manages WWW tags. Tags are small elements of code that measure the traffic and behavior of Users on the WWW, as well as check the impact of online advertising, they can also test and optimize WWW. For more information about Google Tag Manager, please visit: https://www.google.com/intl/de/ tagmanager / use-policy.html.
b) Google Analytics
The WWW includes the “Universal Analytics” operating mode. This allows you to assign data, sessions and interactions on several devices thanks to a pseudo-anonymous ID, and thus analyze the User’s activity on different devices.
However, if IP anonymisation is enabled on the website, Google will first reduce / reduce the User’s IP address within all EU Member States or other states or countries covered by the European Economic Area Agreement.
12.3. Integration of third party services and content
The Company has integrated the content of third party websites on the Website (eg YouTube video, Vimeo video, Google Maps, mailchimp.com, leadfeeder.com). It is assumed that the suppliers of this content (as a result they are called third parties) use the User’s IP address. They can not send content to the User’s browser without receiving an IP address. Therefore, the IP address is required to present the content. The company uses only content from suppliers who use the IP address only to provide content. However, the Company does not control whether the third party stores IP addresses for statistical purposes. The Company will inform Users to what extent, if only the Company will know about it.
13. Date of application
The Policy is accurate as at 16th January 2019