Privacy Policy
PERSONAL DATA PROCESSING POLICY ON THE WEBSITE
This policy is for informational purposes and primarily contains rules regarding the Administrator’s processing of personal data on the website, including the basis, purposes and scope of personal data processing and the rights of data subjects, as well as information regarding the use of cookies and analytical tools.
§1 DEFINITIONS
- Administrator – NIEAMPUTUJ.PL limited liability company based in Lublin, 26 Gospodarcza Street; 20-213 Lublin, REGON: 520526053, NIP: 946271123
- Personal data – all information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including image, voice recording, contact data, location data, information contained in correspondence, information collected through recording equipment or other similar technology.
- Policy – this Policy for the processing of personal data.
- RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
- Data subject – any natural person whose personal data is processed by the Controller.
§2 DATA PROCESSING
- In connection with its business activities, the Administrator collects and processes personal data in accordance with the relevant regulations, in particular the RODO and the data processing rules provided for therein.
- The Administrator ensures transparency of data processing, in particular, always informs about data processing at the time of collection, including the purpose and legal basis of processing – e.g. when concluding a contract for the sale of goods or services. The Administrator shall ensure that data are collected only to the extent necessary for the indicated purpose and processed only for the period of time necessary.
- When processing data, the Administrator shall ensure its security and confidentiality, as well as access to information about the processing to data subjects. Should a breach of personal data protection (e.g., data “leakage” or data loss) occur despite the security measures in place, the Administrator will inform data subjects of such an event in a manner consistent with the regulations.
§3 CONTACT WITH THE ADMINISTRATOR
- Contact with the Administrator is possible via e-mail: application @ nieamputuj.pl or in writing to the address: NIEAMPUTUJ.PL spółka z ograniczoną odpowiedzialnością, 26 Gospodarcza St.; 20-213 Lublin
- The Administrator has not appointed a Data Protection Officer.
§4 SECURITY OF PERSONAL DATA
- In order to ensure data integrity and confidentiality, the Administrator has implemented procedures that allow access to personal data only to authorized persons and only to the extent that it is necessary due to the tasks they perform. The Administrator uses organizational and technical solutions to ensure that all operations on personal data are recorded and performed only by authorized persons.
- In addition, the Administrator shall take all necessary measures to ensure that its subcontractors and other cooperating entities also provide a guarantee of the application of appropriate security measures whenever they process personal data on behalf of the Administrator.
- The Administrator conducts a risk analysis on an ongoing basis and monitors the adequacy of the data security measures applied to the identified risks. If necessary, the Administrator implements additional measures to enhance data security.
§5 PURPOSES AND LEGAL BASIS FOR PROCESSING
- Personal data of all persons using the Administrator’s websites, including IP addresses or other identifiers and information collected through cookies or other similar technologies, are processed:
a). in order to provide services electronically in terms of providing users with access to content collected on the site – then the legal basis for processing is the necessity of processing to perform the contract (Article 6.1.b RODO);
b). for analytical and statistical purposes, in which case the legal basis of the processing is the Administrator’s legitimate interest (Article 6.1.f RODO) consisting in conducting analyses of users’ activities, as well as their preferences in order to improve the applied functionalities and provided services;
c). for the purpose of possible establishment and investigation of claims or defense against them – the legal basis of the processing is the legitimate interest of the Administrator (Article 6.1.f RODO) consisting in the protection of your rights;
d). for marketing purposes of the Administrator and other entities- the principles of processing personal data for marketing purposes are described in the “Marketing” section below.
- User activity on the Administrator’s website, including his or her personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities concerning the computer system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The Administrator also processes them for technical and administrative purposes, to ensure the security of the IT system and the management of this system, as well as for analytical and statistical purposes – in this regard the legal basis for processing is the Administrator’s legitimate interest (Article 6.1.f RODO).
§6 MARKETING
- The Administrator processes users’ personal data in order to carry out marketing activities, which may consist of:
a). displaying marketing content to you that is not tailored to your preferences (contextual advertising);
b). displaying marketing content to you that matches your interests (behavioral advertising);
c). carrying out other activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
- In order to carry out marketing activities, the Administrator in some cases may use profiling. This means that through automated data processing, the Administrator evaluates selected factors concerning individuals in order to analyze their behavior or create a forecast for the future. The legal basis for data processing in this case is the legitimate interest of the Administrator (Art.6.1.f RODO).
§7 COOKIES AND SIMILAR TECHNOLOGY
- Cookies are small text files installed on the device of a user browsing the website. Cookies collect information to facilitate the use of the website, e.g. by remembering the user’s visits to the site and the actions he/she performs. The legal basis for the processing of such data is the legitimate interest of the Administrator (art.6.1.f RODO).
- The Administrator uses cookies primarily to provide the user with services provided electronically and to improve the quality of these services. In this regard, the Administrator and other entities providing analytical and statistical services to the Administrator use cookies, storing information or accessing information already stored in the user’s telecommunications end device (computer, phone, tablet, etc.). Cookies used for this purpose include:
a). cookies with user input data (session ID) for the duration of the session (userinputcookies);
b). authentication cookies used for services that require authentication for the duration of the session (authenticationcookies);
c). security cookies, such as those used to detect authentication abuse (usercentricsecuritycookies);
d). session cookies of multimedia players (e.g. flash player cookies), for the duration of the session (multimedia playersessioncookies);
e). persistent cookies used to personalize the user interface for the duration of the session or slightly longer (userinterfacecustomizationcookies);
f). cookies used to monitor website traffic, i.e. data analytics, including Google Analytics cookies (these are cookies used by Google to analyze how a user uses the site, to create statistics and reports on the operation of the site). The Google Analytics tool is also used to target users with behavioral advertising. Google does not use the collected data to identify the user, nor does it combine this information to enable identification. Detailed information about the scope and principles of data collection in connection with this service can be found by typing in any search engine: Google- Privacy and Terms.
§8 E-MAIL AND TRADITIONAL CORRESPONDENCE
- If you address the Administrator via e-mail or traditional correspondence, the personal data contained in this correspondence is processed solely for the purpose of communication and resolution of the matter to which the correspondence relates.
- The legal basis for the processing is the legitimate interest of the Administrator (Art.6.1.f RODO) in carrying out correspondence addressed to it in connection with its business activities.
- The administrator processes only personal data relevant to the matter to which the correspondence relates. All correspondence is stored in a manner that ensures the security of the personal data contained therein (and other information) and is disclosed only to authorized persons.
§9 PHONE CONTACT
- When contacting the Administrator by telephone, the Administrator may request personal data only if it is necessary to handle the matter to which the contact relates. The legal basis in such a case is the legitimate interest of the Administrator (art.6.1.f RODO) consisting of enabling the handling of requests and answering questions asked by persons interested in the Administrator’s services.
- Telephone conversations can also be recorded-in which case appropriate information is provided at the beginning of the conversation. The calls are recorded in order to monitor the quality of the service and verify the work of consultants. The recordings are available only to the Administrator’s employees and the Administrator’s hotline operators. The legal basis for the processing is the legitimate interest of the Administrator (Article 6.1.f RODO) consisting in enabling the improvement of the quality of services provided by the Administrator.
§10 SOCIAL NETWORKS
The Administrator processes personal data of users visiting the Administrator’s profiles maintained on social media (Facebook, YouTube, Instagram, Twitter). This data is processed exclusively in connection with the running of the profile, including for the purpose of informing Users about the Administrator’s activities and promoting various events, services and products. The legal basis for the Administrator’s processing of personal data for this purpose is its legitimate interest (art.6.1.f RODO) in promoting its own brand.
§11 DATA COLLECTION IN OTHER CASES
- In connection with its operations, the Administrator also collects personal data in other cases for the purposes of initiating and maintaining business contacts. The legal basis for the processing in this case is the legitimate interest of the Administrator (Art.6.1.f RODO) consisting in the creation of a network of contacts in connection with the activity.
- Personal data collected in such cases shall be processed only for the purpose for which it was collected, and the Administrator shall ensure its adequate protection.
§12 DATA RECIPIENTS
- In connection with the conduct of activities requiring processing, personal data are disclosed to external entities, including in particular suppliers responsible for the operation of IT systems and equipment, entities providing legal or accounting services, couriers, marketing or recruitment agencies. Data may also be disclosed to selected partners of the Controller, e.g. as part of the implementation of promotional campaigns joined by the data subject.
- The Administrator reserves the right to disclose selected information concerning the data subject to the competent authorities, services or third parties who make a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
§13 TRANSFER OF DATA OUTSIDE THE EEA
- The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary and with an adequate level of protection, primarily by:
a). cooperation with processors of personal data in countries for which a relevant decision of the European Commission has been issued;
b). use of standard contractual clauses issued by the European Commission;
c). application of binding corporate rules approved by the relevant supervisory authority;
d). in the case of data transfers to the U.S. – cooperation with entities participating in the Privacy Shield program (PrivacyShield) approved by a decision of the European Commission.
e). The administrator always informs about the intention to transfer personal data outside the EEA at the stage of collection.
§14 PERIOD OF PROCESSING OF PERSONAL DATA
- The period of data processing by the Administrator depends on the type of service provided and the purpose of the processing. The period of data processing may also result from regulations when they provide the basis for processing. If the data is processed on the basis of the legitimate interest of the Administrator, e.g. for security reasons, the data is processed for a period of time that allows the fulfillment of this interest or until an effective objection to the processing is made. If processing is based on consent, data are processed until the consent is withdrawn. When the basis for processing is the necessity to conclude and perform a contract, data are processed until the contract is terminated.
- The period of data processing may be extended in case the processing is necessary for the establishment or assertion of claims or defense against claims, and after this period – only if and to the extent required by law. After the expiration of the processing period, the data are irreversibly deleted or anonymized.
§15 RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
- Data subjects have the following rights:
a). the right to information about the processing of personal data – on this basis, the requesting person is provided by the Administrator with information about the processing of data, including, in particular, the purposes and legal grounds for processing, the scope of data held, the entities to which they are disclosed, and the planned date of deletion;
b). the right to obtain a copy of the data- on this basis, the Administrator provides an electronic copy of the processed data concerning the person making the request;
c). the right to rectification-The Administrator is obliged to remove any inconsistencies or errors in the processed personal data and complete them if they are incomplete;
d). the right to erasure – on this basis, you can request the erasure of data, the processing of which is no longer necessary to carry out any of the purposes for which they were collected;
e). the right to restrict processing-if such a request is made, the Controller shall cease performing operations on personal data-except for operations consented to by the data subject-and storing them, in accordance with established retention rules, or until the reasons for restricting processing cease to exist (e.g., a decision is issued by a supervisory authority authorizing further processing);
f). the right to data portability – on this basis, to the extent that the data are processed in connection with a contract concluded or consent given, the Administrator shall issue the data provided by the data subject in a computer-readable format. It is also possible to request that the data be sent to another entity, provided, however, that there are technical capabilities in this regard both on the part of the Administrator and that other entity;
g). the right to object to processing for marketing purposes-The data subject may object at any time to the processing of personal data for marketing purposes, without having to justify such objection;
h). the right to object to other purposes of processing-the data subject may at any time object to the processing of personal data that is carried out on the basis of a legitimate interest of the Controller (e.g., for analytical or statistical purposes or for reasons related to the protection of property); an objection in this regard should contain a justification;
i). the right to withdraw consent-if the data are processed on the basis of expressed consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal of consent;
j). the right to complain-if the processing of personal data is deemed to violate the provisions of the RODO or other data protection laws, the data subject may file a complaint with the President of the Office for Personal Data Protection.
§16 MAKING DEMANDS RELATED TO THE EXERCISE OF RIGHTS
- A request for the exercise of the rights of data subjects can be made:
a). In writing to the address: NIEAMPUTUJ.PL spółka z ograniczoną odpowiedzialnością, based in Lublin, 26 Gospodarcza Street; 20-213 Lublin, REGON: 520526053, NIP: 9462711823
b). by email to: aplikacja-pl @ nieamputuj.pl
- If the Administrator is unable to identify the applicant on the basis of the application made, he will ask the applicant for additional information.
- The application may be submitted in person or through a proxy (e.g., a family member). For reasons of data security, the Administrator encourages the use of a power of attorney in a form certified by a notary public or authorized legal counsel or attorney, which will significantly speed up the verification of the authenticity of the application.
- The application should be answered within one month of receipt. If it is necessary to extend this deadline, the Administrator shall inform the applicant of the reasons for the delay.
- The response is provided by snail mail, unless the request is made by e-mail or an electronic response is requested.
§17 CHARGING PRINCIPLES
- The processing of submitted applications is free of charge. Fees may be charged only in the case of:
a). make a request for the issuance of the second and each subsequent copy of the data (the first copy of the data is free of charge); in this case, the Administrator may require payment of a fee of PLN 50. The above fee includes the administrative costs of processing the request.
b). submission by the same person of excessive (e.g., extremely frequent) or manifestly unreasonable requests; in such a case, the Administrator may require payment of a fee of PLN 150.
- The above fee includes the costs of conducting communications and the costs associated with taking the requested action.
- If the decision to impose the fee is disputed, the data subject may file a complaint with the President of the Data Protection Authority.
§18 CHANGES TO THE PERSONAL DATA PROCESSING POLICY
This policy is subject to ongoing updating and revision.