In accordance with the requirements of the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on
the protection of individuals with regard to the processing of personal data and on the free movement of such data
and repealing Directive 95/46 / EC (General Data Protection Regulation), hereinafter referred to as the "Regulation"
we would like to inform you that:
1. Personal data administrator
The administrator of personal data, hereinafter referred to as the "Administrator", is the company: Alfa-Net Sp. z o.o. Spółka Komandytowa based: 53-025 Wrocław, ul. Skarbowców 23a. The personal data administrator is responsible for the use of personal data in a safe manner, consistent with the purposes for which it was collected and in accordance with applicable law. Kontakt z Administratorem Administrator's contact details: e-mail: firstname.lastname@example.org correspondence address: 53-025 Wrocław, ul. Skarbowców 23a
2. General provisions
We use the obtained personal data only for specific, legitimate purposes for which the data was collected. The scope of personal data, the purpose of their processing, the legal basis for such processing, the period of processing and categories of data recipients result from the legal requirements incumbent on the Administrator and the nature and scope of activities undertaken by the data subject.
3. The purpose of data processing by the Administrator, the legal basis for processing and the period for which personal data will be stored
- Purpose of data processing: Taking action at the request of the data subject before concluding the contract (e.g. preparing an offer). legal basis for processing: Art. 6 sec. 1 lit. b) Regulations ("performance of the contract") Retention period: The data is stored for the period necessary to perform, terminate or expire the contract and for the period after which any claims are time-barred.
- Purpose of data processing: Conclusion and performance of the contract (including ensuring adequate quality of services) legal basis for processing: Art. 6 sec. 1 lit. b) Regulations ("performance of the contract") Retention period: The data is stored for the period necessary to perform, terminate or expire the contract and settlements and for the period after which any claims expire.
- Purpose of data processing: Conducting direct marketing (directing messages to carefully selected, individual customers, in individual contact, in order to obtain a direct response (response))
legal basis for processing: Article 6 para. 1 lit. f) Regulations ("legitimate interests of the Administrator") Retention period: The data is stored for the duration of the legitimate interest pursued by the Administrator and for the period after which any claims expire. In the event of an effective objection to the use of his personal data by the data subject, the Administrator will no longer process this data for direct marketing purposes.
- Purpose of data processing: Marketing
legal basis for processing: Art. 6 sec. 1 lit. a) of the Regulation ("consent of the data subject"). Retention period: The data is stored until the data subject withdraws his consent for further processing of his data for marketing purposes.
- Purpose of data processing: Issuing, collecting and storing invoices and accounting documents as well as keeping accounting books
legal basis for processing: Art. 6 sec. 1 lit. c) of the Regulation ("compliance with a legal obligation") in connection with art. 74 sec. 2 of the Accounting Act and in connection with Art. 86 § 1 of the Tax Ordinance Act. Storage period: The data is stored for the period in which the regulations require the storage of accounting books and accounting documents (i.e. for 5 years, counting from the beginning of the year following the financial year to which the data relate) and for the period after which possible tax liabilities expire.
- Purpose of data processing: Responding to complaints in the time and form provided for by law
legal basis for processing: Art. 6 sec. 1 lit. c) of the Regulation ("fulfillment of the legal obligation") Retention period: The data is stored for a period of 1 year after the expiry of the warranty or settlement of the complaint, and then for the period after which any claims expire.
- Purpose of data processing: Expressing an opinion by the Customer
legal basis for processing: Article 6 para. 1 lit. a) of the Regulation ("consent of the data subject"). Retention period: The data is stored until the data subject withdraws his consent for further processing of his data for this purpose.
- Purpose of data processing: Detection and prevention of abuse
legal basis for processing: Art. 6 sec. 1 lit. c) Regulations ("fulfillment of the legal obligation") Retention period: The data is stored for the duration of the contract, and then for the period after which the claims under the contract are time-barred. If the Administrator pursues claims or notifies competent authorities - for the duration of such proceedings and "for 5 years from the beginning of the year following the financial year in which operations, transactions and proceedings were finally completed, paid off, settled or expired"
- Purpose of data processing: Determining, defending and pursuing claims raised by or against the Administrator (including sale of receivables to another entity)
legal basis for processing: Art. 6 sec. 1 lit. f) Regulations ("legitimate interest of the administrator") in connection with art. 74 sec. 2 of the Accounting Act. Storage period: The data is stored for the period of:
- after which the claims under the contract are time-barred,
- in the event of the Administrator pursuing claims in civil proceedings or under criminal or tax proceedings, accounting documents (which may contain personal data) must be kept "for 5 years from the beginning of the year following the financial year in which the operations, transactions and proceedings were finally completed, paid, settled or expired ",
- for the period in which the Administrator may incur the legal consequences of non-performance, e.g. receive an administrative penalty
4. Data recipients
In order to perform the contract and to ensure the proper functioning of the Administrator's websites, he uses the services of external entities cooperating with him (for example: post office, couriers, payment service entities). Personal data is transferred to external entities only if and to the extent that it is necessary to achieve the purpose of processing. The provided personal data may be used by external entities only for the purpose of performing the task ordered by the Administrator.
Personal data may be transferred to the following recipients cooperating with the Administrator:
- selected entities acting on behalf of the Administrator in handling accounting, tax, advisory, legal and debt collection matters (including entities purchasing receivables) - to the extent necessary to achieve a specific processing purpose,
- entities conducting postal, courier and similar activities (e.g. courier brokers) - to the extent necessary to complete the delivery and correspondence,
- entities providing technical support services provided to the Administrator and suppliers of IT solutions enabling the Administrator to conduct business (for example, software suppliers, e-mail and hosting providers) - the Administrator provides personal data to a trusted supplier acting on his behalf only in the case and to the extent necessary to achieve a specific processing purpose.
5. Transfer of data outside the European Economic Area
Due to the use of cloud solutions by the Administrator, personal data may be transferred outside the European Economic Area (including the European Union, Iceland, Liechtenstein and Norway) to Google LLC, to Slack Technologies Inc. and to Microsoft Corporation based on appropriate legal safeguards, which are standard contractual clauses for the protection of personal data, approved by the European Commission. These entities guarantee that personal data transferred to the United States of America is safe, because it is protected under the EU-US agreement - see also Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield
Our website is equipped with plugins for the social networking site facebook.com, of which the administrator is Facebook Inc., 1601 Willow Road Menlo Park, California 94025 ("Facebook"). By visiting a website that is equipped with such a plug-in, the user will make his browser connect directly to the Facebook server. The plugin will send information to the Facebook server which page has been visited. If the user is logged in to Facebook while browsing our website, when he clicks the "Like!" ("Like this page") or leave a comment, Facebook will save this information on the user's Facebook account. In order to avoid Facebook registering your visit to our website, the user should log out of Facebook before visiting our websites.
6. The rights of the person whose data is processed by the Administrator
The processing of personal data does not require consent if, among others: processing is necessary for the performance of the contract or taking action before concluding the contract, results from the legal obligation incumbent on the Administrator, or it is necessary for the implementation of the Administrator's legitimate interest. If consent is necessary to be able to process personal data for a specific purpose, the Administrator asks for such consent. You can withdraw your consent at any time.
In the event of withdrawal of consent, the data will no longer be processed to the extent that the consent was granted, but the withdrawal of consent will not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
Under the terms of the Regulation, the data subject also has the right to request the Administrator to access, rectify, delete ("be forgotten") or limit their processing, the right to object to processing, as well as the right to for data portability. If personal data is processed for direct marketing purposes, you can object to the processing of such data for marketing purposes, including profiling, at any time, to the extent that the processing is related to direct marketing.
In order to exercise the above rights, the villages must be submitted to the Administrator by e-mail, by letter or by submitting an application in person at the Administrator's seat, The Administrator's contact details are provided at the beginning. To ensure that the person submitting the villages is entitled to submit it, the Administrator may ask for additional information confirming the applicant's identity.
The provisions of the Regulation show to what extent each of these rights can be exercised. This will depend in particular on the legal basis and the purpose of processing personal data by the Administrator. The above rights can be exercised free of charge no more than once every 6 months. Pursuant to Article 12 of the Regulation, if the data subject's requests are manifestly unjustified or excessive, in particular due to their repetitive nature, the controller may charge a fee.
The data subject has the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection.
7. Obligation or no obligation to provide personal data
Using the Administrator's services and providing him with personal data is voluntary. The data subject is, however, obliged to provide them in connection with: concluding a contract with the Administrator - in this case, providing personal data is a contractual condition and the data subject is obliged to provide the required data if he wants to conclude a contract with the Administrator. Each time, the scope of data required to conclude a contract is communicated to the data subject. The consequence of not providing data is the inability to conclude a contract. implementation of the obligations imposed on the Administrator under the law - in this case, providing personal data is a statutory condition resulting from the provisions imposing on the Administrator obligations to process personal data (e.g. in connection with the obligation to issue, collect and store invoices and accounting documents and keep accounting books) . Failure to provide this data will prevent the Administrator from performing the indicated obligations, which will result in the inability to conclude a contract.
8. Use of data for advertising purposes
The newsletter is sent only to those Users who gave their consent and provided their e-mail address. The consent to receive the newsletter may be withdrawn at any time by contacting the Administrator at the address given above.
8.2 Banner advertising
Banner advertising is an advertisement which, after clicking on it, takes the User to another page. As part of the banner advertising, for example, the User is presented with the products he has viewed or similar products. We may also present advertisements from our partners.
The administrator may process the data contained in cookies for anonymous analysis of the activities of visitors, research on their behavior (e.g. opening specific pages) in order to provide them with advertisements tailored to their expected interests, also when they visit other websites that are partners in the company's advertising network Google Inc. and Facebook Ireland Ltd. and to improve the administration of Administratoa websites.
8.4 Onsite Targeting
The administrator uses cookie technology to analyze the activities of visitors (e.g. opening specific subpages) and may present the User with advertisements and / or special offers. The purpose of these activities is to present the User with content that best suits the area of his search.
8.5 Retargeting, third party cookies and third party data collection for banner advertising purposes
8.6 How can you block the saving of cookies?
8.7 Competitions, market research and opinion polls
Each competition and promotional campaign has separate Regulations. In order to take part in them, the User is asked to provide the personal data listed in the given Regulations and by consenting to the use by the organizer of the competition, market research or opinion surveys of telecommunications devices (telephone number, e-mail address) for the purpose of the Administrator to conduct direct marketing. The provided personal data will be processed for the purpose of conducting the competition, notification of the win and for the needs of market research or User opinion polls. Responses provided as part of market research or opinion polls are not shared with third parties or published.
9. Internet analysis
The administrator uses the Google Analytics website traffic analysis service provided by Google. Google Analytics analyzes the user behavior on the website by using cookies. The information generated by cookies regarding the use of the website by the user (including his IP address) is transferred to Google and stored by it on servers in the United States. Google will use this information to analyze the use of the website by the user, to compile reports for websites using Google Analytics and to provide other services. Google may also transfer this information to third parties, if required by law or if third parties process this information on behalf of Google. By using the website, the User consents to the processing of data about him by Google in the manner and for the purposes set out above. The website is analyzed by Google Analytics with the extension "_anonymizeIp ()" and therefore IP addresses are processed only in abbreviated form, which prevents the address from being directly associated with the user. The user may opt out of cookies by entering the appropriate browser settings. This may limit the functionality of the website and you may not be able to use all its functions. You can withdraw your consent to the collection and collection of personal data at any time with effect for the future. In order to prevent the transmission of data generated by the cookie relating to the User's use of the website (including the IP address) to Google and the processing of this data by Google, it is sufficient to download and install the blocking plugins available in the browser at the following address: https://tools.google.com/dlpage/gaoptout?hl=en
10. Server log files
The web browser provides data on the user's activities on the Administrator's websites, which are saved in the server log files. Data records saved in this way contain the following data: date and time of download, name of the page opened, amount of data downloaded, as well as information about the product version of the web browser used, IP address, reference page URL (address of the page from which the user was redirected). The server log file data records are analyzed for debugging, server performance management, DDoS protection and offer customization.
11. Automated decision making and profiling
Personal data will not be used for automated decision-making that will result in legal effects for the data subject, including profiling.
12. Final provisions
The Administrator's websites may contain links to other websites. Such websites operate independently of the Administrator and are not supervised by the Administrator in any way. The administrator recommends that after switching to other websites, read their own privacy policies. The administrator is not responsible for the rules of handling data on these pages.