- The controller of data collected through the ict24.com.pl website is Tora sp. z o.o. operating under the business name Tora sp. z o.o., entered into the Central Business Activity Register and Information Record System [CEIDG] of the Republic of Poland, kept by the minister in charge of economy, place of business and correspondence address: ul. Katowicka 127, 43-346 Bielsko Biała, Taxpayer ID No.: 5482659911, e-mail address: email@example.com, hereinafter referred to as “the Controller”.
- Data collected by the Controller through the website are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) , hereinafter referred to as the GDPR.
TYPE OF PROCESSED PERSONAL DATA, PURPOSE AND SCOPE OF DATA COLLECTION
- PURPOSE OF PROCESSING AND LEGAL BASIS
- The Controller processes personal data of the users of the [ADRES STRONY WWW] website if the contact form is used. Personal data shall be processed on the basis of points (a), (f) of Article 6(1) of the GDPR.
- TYPE OF PROCESSED PERSONAL DATA:
- first and last name
- telephone number
- e-mail address
- PERIOD OF PERSONAL DATA ARCHIVING Personal data shall be stored by the Controller:
- where data processing is based on the performance of a contract, as long as this is necessary for the performance of the contract and thereafter for a period corresponding to the statue of limitations for claims. Unless a specific regulation provides otherwise, the limitations period is ten years and for claims concerning periodical performances and claims connected with conducting business activity – three years.
- where data processing is based on the consent, until the consent is withdrawn, and after its withdrawal for a period corresponding to the statue of limitations for claims which may be raised by the Controller and which may be raised against him. Unless a specific regulation provides otherwise, the limitations period is ten years and for claims concerning periodical performances and claims connected with conducting business activity – three years.
- When the user uses the website, additional information may be collected, in particular: the IP address assigned to the user’s computer or the Internet service provider’s external IP address, domain name, browser type, access time, operating system type.
- Navigational data may also be collected, including information about links the users choose to click on or other actions taken on the website. The legal basis for this type of activity is the legitimate interest of the Controller (point (f) of Article 6(1) of the GDPR), consisting in facilitating the use of services provided by electronic means and improving the functionality of these services.
- Providing personal data by the user is voluntary.
- Personal data shall also be processed automatically, in the form of profiling, provided that the user consents thereto, pursuant to point (f) of Article 6(1) of the GDPR. The consequence of profiling shall be the attribution of a profile to a given person in order to make decisions about them or to analyse or predict their preferences, behaviours and attitudes.
- The Controller shall exercise due diligence in order to protect the interests of the data subjects and, in particular, shall ensure that the data collected by the Controller are:
- processed lawfully
- collected for specified, legitimate purposes and not further processed in a manner that is incompatible with those purposes
- correct in substance and adequate in relation to the purposes for which they are processed, and kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed
MAKING PERSONAL DATA AVAILABLE
- Users’ personal data is transferred to the providers of services which are used by the Controller while running the website. The service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, are either subject to instructions from the Administrator as to the purposes and methods of processing such data (processors) or determine purposes and methods of the processing of personal data themselves (controllers).
- Users’ personal data shall only be stored within the European Economic Area (EEA).
RIGHT TO CONTROL, RIGHT OF ACCESS TO AND RIGHT TO RECTIFICATION OF THE CONTENT OF ONE’S OWN DATA
- Data subject has the right of access to the contents of their personal data as well as the right to rectification, erasure, restriction of processing, data portability, right to object, right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Legal basis for user’s demands:
- Right of access to data – Article 15 of the GDPR
- Right to rectification – Article 16 of the GDPR
- Right to erasure (‘right to be forgotten’) – Article 17 of the GDPR
- Right to restriction of processing – Article 18 of the GDPR
- Right to data portability – Article 20 of the GDPR
- Right to object – Article 21 of the GDPR
- Right to withdraw the consent – Article 7(3) of the GDPR
- In order to exercise the powers referred to in item 2, an appropriate e-mail may be sent to: firstname.lastname@example.org
- In the event of the user’s request to exercise the above-mentioned rights, the Controller shall either fulfil the request or refuse to fulfil it without undue delay, but no later than within a month after its receipt. However, if – due to the complexity and number of requests – the Controller is not able to fulfil the request within one month, they shall do so within the next two months, informing the user in advance, within one month of receipt of the request, about the intended extension of the deadline and the reasons for the delay.
- Where it is found that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.
- The Controller’s website uses cookie files.
- The installation of cookies is necessary for the proper provision of services on the website. Cookies include information necessary for the proper functioning of the website; they also allow the Controller to compile general statistics on website visits.
- On the website two types of cookies are used: “session” and “persistent” ones.
- “Session” cookies are temporary files, which are stored in the user terminal device until the user’s logout (leaving the website).
- “Persistent” cookie files are stored in the user terminal device for a period specified in the parameters of cookies or until they are deleted by the user.
- The Controller uses its own cookies in order to better understand how the user interacts with the content of the website. The files collect information concerning how the user uses the website, the type of a website from which the user was redirected, as well as the number and the duration of the user’s visits to the website. The files do not register user’s specific personal data but are used to compile statistics on the use of the website.
- The user has the right to decide on the access of cookies to his computer by selecting them in his web browser. Detailed information about the possibilities and ways of handling cookies is available in the software (web browser) settings.
- The Controller shall take technical and organisational measures necessary to ensure the protection of processed personal data, appropriate to the risks and categories of data covered by the protection, and in particular shall protect the data against its disclosure to unauthorised persons, acquiring the data by an unauthorised person, its processing in non-compliance with the applicable regulations, as well as its change, loss, damage or destruction.
- The Controller shall make available appropriate technical means to prevent unauthorized persons from acquiring and modifying personal data sent electronically.
- To all matters not settled herein, the provisions of the GDPR and other applicable provisions of Polish law shall apply accordingly.