PRIVACY POLICY AND COOKIE POLICY
Using the blog and website https://plecakidlafirm.pl/ and the online store under the name PROSPOT located at https://prospot.pl/ and https://b2b.prospot.pl/ signifies acceptance of the following Privacy Policy and Cookie Policy.
As a User, please familiarize yourself with its provisions. The table of contents below will assist you in this. In it, I inform you about how I care for user data, how I process it, to whom I entrust it, and many other important issues related to personal data.
TABLE OF CONTENTS
WHO IS THE CONTROLLER OF THE USER'S PERSONAL DATA?
IS PROVIDING DATA VOLUNTARY? WHAT ARE THE CONSEQUENCES OF NOT PROVIDING THEM?
CAN THE USER WITHDRAW THE CONSENT GIVEN?
DO WE TRANSFER THE USER'S DATA TO THIRD COUNTRIES?
HOW LONG DO WE STORE THE USER'S DATA?
ACTIVITY ON SOCIAL MEDIA - FACEBOOK/INSTAGRAM...
ACTIVITY ON SOCIAL MEDIA - TWITTER.
ACTIVITY ON SOCIAL MEDIA - LINKEDIN.
WHO MAY BE THE RECIPIENTS OF PERSONAL DATA?
HAVE WE APPOINTED A DATA PROTECTION OFFICER?
DO WE PROFILE THE USER'S DATA?
- 4 FORMS.
- 5 DISCLAIMER AND COPYRIGHT.
- 6 TECHNOLOGIES.
- 7 COOKIE POLICY.
- 8 CONSENT TO COOKIES.
- 9 SERVER LOGS.
§1 GENERAL PROVISIONS
This Privacy Policy and Cookie Policy define the rules for processing and protecting personal data provided by Users, as well as Cookies and other technologies appearing on the websites https://prospot.pl/, https://b2b.prospot.pl/, and https://plecakidlafirm.pl/.
The co-administrators of the website and the personal data transmitted within it are: Rafał Gralak, a partner in the civil partnership PRO SPOT RB, with NIP: 9521955338 and REGON: 141453614, according to the document generated from the Central Register and Information on Economic Activity system, and Bartosz Lachowicz, a partner in the civil partnership PRO SPOT RB, with NIP: 5242526990 and REGON: 146672404, according to the document contained in the Central Register and Information on Economic Activity system, jointly operating in the form of a civil partnership under the name PRO SPOT RB, at ul. Niska 13, 05-800 Pruszków, NIP: 952-212-51-36.
We care about the security of personal data and the privacy of the User of the Website. We are pleased that you have visited our Website.
In case of any doubts regarding the provisions of this Privacy Policy and Cookie Policy, please contact the Co-administrators via email: kontakt@prospot.pl
The Co-administrators reserve the right to make changes to the privacy policy, and each User of the website is bound by knowledge of the current privacy policy. The reasons for changes may include the development of internet technology, changes in applicable law, or the development of the Website through, for example, the use of new tools by the Co-administrators. The publication date of the current Privacy Policy is at the bottom of the page.
§2 DEFINITIONS
Co-administrators – Rafał Gralak, a partner in the civil partnership PRO SPOT RB, with NIP: 9521955338 and REGON: 141453614, according to the document generated from the Central Register and Information on Economic Activity system, and Bartosz Lachowicz, a partner in the civil partnership PRO SPOT RB, with NIP: 5242526990 and REGON: 146672404, according to the document contained in the Central Register and Information on Economic Activity system, jointly operating in the form of a civil partnership under the name PRO SPOT RB, at ul. Niska 13, 05-800 Pruszków, NIP: 952-212-51-36.
Due to the establishment of a civil partnership between the aforementioned partners, there is joint data administration.
The Co-administrators jointly administer personal data in accordance with the co-administration agreement.
Details of co-administration are included in the content of this Privacy Policy.
User – any entity present on the website and using it.
Website – the website, blog, and online store located at https://plecakidlafirm.pl/, https://prospot.pl/, and https://b2b.prospot.pl/.
Form or Forms – places on the Website that allow the User to enter personal data for specified purposes, e.g., for sending newsletters, placing orders, or contacting the User.
Newsletter – a free electronic service provided by the Co-administrators to the User by sending electronic letters through which the Co-administrators inform about events, services, products, and other elements relevant to the Co-administrators and/or for the legitimate purpose of the Co-administrators, which is direct marketing, including sending marketing and commercial content with the User's consent. Detailed information about the Newsletter is provided later in this privacy policy.
GDPR - General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Personal Data Protection Act – the Act of May 10, 2018, on the protection of personal data (Journal of Laws 2018, item 1000, as amended).
Act on the Provision of Electronic Services – the Act of July 18, 2002, on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
§3 PERSONAL DATA AND RULES OF PROCESSING
WHO IS THE CONTROLLER OF THE USER'S PERSONAL DATA?
The co-administrators of the User's personal data are: Rafał Gralak, a partner in the civil partnership PRO SPOT RB, with NIP:9521955338 and REGON:141453614, according to the document generated from the Central Register and Information on Economic Activity system, and Bartosz Lachowicz, a partner in the civil partnership PRO SPOT RB, with NIP: 5242526990 and REGON: 146672404, according to the document contained in the Central Register and Information on Economic Activity system, jointly operating in the form of a civil partnership under the name PRO SPOT RB, at ul. Niska 13, 05-800 Pruszków, NIP: 952-212-51-36.
The partners of the civil partnership PRO SPOT RB jointly administer personal data based on the concluded co-administration agreement.
IS PROVIDING DATA VOLUNTARY? WHAT ARE THE CONSEQUENCES OF NOT PROVIDING THEM?
Providing data is voluntary, but not providing certain information, generally marked on the Administrators' pages as mandatory, will result in the inability to perform a specific service and achieve a specific purpose or take specific actions.
Providing by the User of data that is not mandatory or an excess of data that the Co-administrators do not need to process is based on the User's decision, and in that case, the processing is based on the consent provision contained in art. 6 sec. 1 lit. a GDPR (consent). The User consents to the processing of this data and the anonymization of data that the Co-administrators do not require and do not want to process, and yet the User has provided them to the Co-administrators.
FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS THE USER'S PERSONAL DATA PROVIDED WHILE USING THE WEBSITE?
The User's personal data on the Administrators' Website may be processed for the following purposes and on the following legal bases:
- to perform the service or fulfill the concluded contract, send offers (e.g., advertising) at the User's request — based on art. 6 sec. 1 lit. b GDPR (necessary for the conclusion and/or performance of the contract or taking action at the request);
- to issue an invoice, bill, and fulfill other obligations arising from tax law in the case of ordering products and services — based on art. 6 sec. 1 lit. c GDPR (obligation arising from legal provisions);
- to grant a discount or inform about promotions and interesting offers of the Administrators or entities recommended by them — based on art. 6 sec. 1 lit. a GDPR (consent);
- to handle complaints or claims related to the contract — based on art. 6 sec. 1 lit. b GDPR (necessary for the conclusion and/or performance of the contract) and based on art. 6 sec. 1 lit. c GDPR (obligation arising from legal provisions);
- to establish, investigate, or defend against claims — based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators);
- for telephone contact regarding service performance — based on art. 6 sec. 1 lit. b GDPR (necessary for the conclusion and/or performance of the contract);
- for telephone contact to present offers and direct marketing – based on art. 6 sec. 1 lit. a GDPR (consent) and based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators) if you are already my customer;
- for archival and evidentiary purposes, to secure information that may serve to establish facts — based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators);
- for satisfaction surveys of the offered services — based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators),
- to create registers related to the GDPR and other regulations — based on art. 6 sec. 1 lit. c GDPR (obligation arising from legal provisions) and art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators);
- for analytical purposes, including the analysis of data collected automatically when using the website, including cookies such as Google Analytics cookies – based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators);
- using cookies on the Website and its subpages — based on art. 6 sec. 1 lit. a GDPR (consent);
- to manage the Website and the Administrators' pages on other platforms — based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators);
- for sending newsletters - based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators consisting of processing data for direct marketing purposes) and based on the Act on the provision of electronic services (consent),
- to tailor the content displayed on the Administrators' pages to individual needs and continuously improve the quality of the services offered - based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators),
- for direct marketing of own products or services or recommended products of third parties - based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators),
- to create their own databases of Users - based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators),
- to manage the fan page under the name "OGIO Poland" and interact with users – based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators),
- to manage the Instagram account under the name "OGIO_POLAND", "AMPHIBIOUS_POLAND", "PLECAKI_DLA_FIRM" and interact with users – based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators),
- to manage the Twitter account under the name "ogio_poland" and interact with users – based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators),
- to manage the LinkedIn account under the name "ProSpot RB" and interact with users – based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators),
- to advertise on social media and websites, such as Facebook Leads Ads or Facebook Custom Audience, and conduct remarketing - based on art. 6 sec. 1 lit. a GDPR (consent) and based on art. 6 sec. 1 lit. f GDPR (legitimate interest of the Co-administrators consisting of promoting and advertising the services of the Co-administrators through remarketing directed to people subscribed to the mailing list or visiting a specific website).
Providing by the User of data that is not mandatory or an excess of data that the Co-administrators do not need to process is based on the User's decision, and in that case, the processing is based on the consent provision contained in art. 6 sec. 1 lit. a GDPR (consent). The User consents to the processing of this data and the anonymization of data that the Co-administrators do not require and do not want to process, and yet the User has provided them to the Co-administrators.
HOW ARE THE DATA COLLECTED?
Only data provided by the user are collected and processed (except - in certain situations - data collected automatically using cookies.
During a visit to the website, data concerning the visit itself are automatically collected, e.g., user's IP address, domain name, browser type, operating system type, etc. (login data). Data collected automatically can be used to analyze user behavior on the website, collect demographic data about users, or personalize the content of the website to improve it. However, these data are processed solely for the purpose of administering the website, ensuring smooth hosting, directing marketing content, and are not associated with the data of individual users. More about cookies can be found in the further part of this privacy policy.
Data may also be collected to fill out forms on the Website, as mentioned in the subsequent privacy policy.
WHAT ARE THE USER'S RIGHTS?
The User has the right at any time to the rights specified in art. 15-21 GDPR, namely:
- the right of access to the content of his data,
- the right to data portability,
- the right to correct data,
- the right to rectify data,
- the right to erase data if there is no legal basis for their processing,
- the right to limit processing if it has occurred improperly or without a legal basis,
- the right to object to the processing of data based on the legitimate interest of the Co-administrators,
- the right to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection (in accordance with the principles set out in the Personal Data Protection Act), if he considers that the processing of his data is inconsistent with currently applicable legal provisions
HOW LONG DO WE STORE USER DATA?
User data will be stored by the Joint Data Controllers for the duration of the respective services' fulfillment/achievement of goals, and:
- During the service and collaboration period, as well as the statute of limitations period according to legal regulations – regarding data provided by contractors, clients, or users,
- During the period of conducting discussions and negotiations preceding the conclusion of a contract or service execution – regarding data provided in the inquiry for proposals,
- For the period required by legal regulations, including tax law – regarding personal data related to fulfilling obligations arising from applicable regulations,
- Until an effective objection is raised based on Article 21 of the GDPR – regarding personal data processed based on the legitimate interests of the Joint Data Controllers, including for direct marketing purposes,
- Until the withdrawal of consent or achievement of the processing purpose, business goal – regarding personal data processed based on consent. After withdrawing consent, data may still be processed for the purpose of defending against potential claims in accordance with the statute of limitations or a period (shorter) indicated to the user,
- Until becoming outdated or losing utility – regarding personal data processed mainly for analytical, statistical purposes, the use of cookies, and administration of the Joint Data Controllers' websites,
- For a maximum period of 2 years for individuals who have unsubscribed from the newsletter to defend against potential claims (e.g., information about the subscription date and the date of unsubscribing from the newsletter, the number of newsletters received, actions taken, and activities related to received messages), or after a period of 1 year of inactivity by a specific subscriber, such as not opening any messages from the Joint Data Controllers.
The data retention periods specified in years are counted at the end of each year in which data processing began. This is done to streamline the data processing and management process.
Detailed data processing periods for individual processing activities are found in the Joint Data Controllers' processing activities register.
LINKS TO OTHER WEBSITES
Links to other websites may appear on the site. They will open in a new browser window or in the same window. The Joint Data Controllers are not responsible for the content provided by these sites. Users are obligated to familiarize themselves with the privacy policy or terms of these sites.
SOCIAL MEDIA ACTIVITY – FACEBOOK/INSTAGRAM
The Joint Data Controllers of user personal data on the fan page named "OGIO Poland" on Facebook and on Instagram under the names "OGIO_POLAND," "AMPHIBIOUS_POLAND," and "PLECAKI_DLA_FIRM" (hereinafter collectively referred to as the Fan page) are the Joint Data Controllers.
User personal data provided on the Fan page will be processed for the purpose of administering and managing the Fan page, communicating with users, interacting, directing marketing content to users, and creating a Fan page community.
The legal basis for processing is the user's consent and the legitimate interest of the Joint Data Controllers in interacting with users and followers of the Fan page. Users voluntarily choose to like/follow the Fan page.
The rules on the Fan page are set by the Joint Data Controllers, but the rules for being on the Facebook and Instagram social media platforms are governed by Facebook and Instagram regulations.
At any time, users can stop following the Fan page. However, the Joint Data Controllers will not display any content related to the Fan page to the user at that time.
The Joint Data Controllers see user personal data, such as name, surname, or general information that the user places on their profiles as public. Processing of other personal data is done by the Facebook social media platform and is subject to its regulations.
User personal data will be processed for the duration of the existence of the Fan page based on the consent expressed by liking/clicking "Follow" on the Fan page or engaging in interactions such as leaving a comment, sending a message, and to fulfill the legitimate interests of the Joint Data Controllers, such as marketing their own products or services or defending against claims.
User personal data may be shared with other data recipients, such as Facebook Inc. and related companies, cooperating advertising agencies, or other subcontractors servicing the Joint Data Controllers' Fan page, if contact occurs outside the Facebook portal.
Other user rights are described in this privacy policy.
User data may be transferred to third countries in accordance with Facebook's regulations.
This data may also be profiled to better personalize the advertising offer directed to the user. It will not be profiled in an automated way under the GDPR (negatively impacting the user's rights and freedoms).
The above rules regarding data within the Facebook portal also apply to the Instagram portal.
SOCIAL MEDIA ACTIVITY – TWITTER
The Joint Data Controllers of user personal data on the Twitter portal on the account "Ogio_poland" (hereinafter referred to as the Twitter account) are the Joint Data Controllers.
User personal data provided on the Twitter account will be processed for the purpose of administering and managing the account, communicating with users, interacting, directing marketing content to users, and creating a community.
The legal basis for processing is the user's consent and the legitimate interest of the Joint Data Controllers in interacting with users and followers of the Twitter account. Users voluntarily choose to like content/follow the Twitter account.
The rules on the Twitter account are set by the Joint Data Controllers, but the rules for being on the Twitter social media platform are governed by Twitter regulations.
At any time, users can stop following the Twitter account belonging to the Joint Data Controllers. However, the Joint Data Controllers will not display any content related to the Twitter account "Ogio_poland" to the user at that time.
The Joint Data Controllers see user personal data, such as name, surname, or general information that the user places on their profiles as public. Processing of other personal data is done by the Twitter social media platform and is subject to its regulations.
User personal data will be processed for the duration of the existence of the Twitter account based on the consent expressed by liking content/clicking "Follow" or engaging in interactions such as leaving a comment, sending a message, and to fulfill the legitimate interests of the Joint Data Controllers, such as marketing their own products or services or defending against claims.
User personal data may be shared with other data recipients, such as Twitter, cooperating advertising agencies, or other subcontractors servicing the Joint Data Controllers' Twitter account, IT service, virtual assistants, if contact occurs outside the Twitter portal.
Other user rights are described in this privacy policy.
User data may be transferred to third countries in accordance with Twitter's regulations, in connection with their storage on servers located outside the European Economic Area. Twitter applies compliance mechanisms in the form of standard contractual clauses adopted by the European Commission numbers 2004/915/EC or 2010/87/EU.
When using Twitter, data will not be profiled and processed in an automated way under the GDPR (negatively impacting the user's rights and freedoms).
The Joint Data Controllers recommend familiarizing yourself with Twitter's privacy policy: https://twitter.com/en/privacy .
SOCIAL MEDIA ACTIVITY – LINKEDIN
The Joint Data Controllers of user personal data on the LinkedIn portal on the account "ProSpot RB" (hereinafter referred to as the LinkedIn account) are the Joint Data Controllers.
User personal data provided on the LinkedIn account will be processed for the purpose of administering and managing the account, communicating with users, interacting, directing marketing content to users, and creating a community.
The legal basis for processing is the user's consent and the legitimate interest of the Joint Data Controllers in interacting with users and followers of the LinkedIn account. Users voluntarily choose to like content/follow the LinkedIn account.
The rules on the LinkedIn account are set by the Joint Data Controllers, but the rules for being on the LinkedIn social media platform are governed by LinkedIn regulations.
At any time, users can stop following the LinkedIn account belonging to the Joint Data Controllers. However, the Joint Data Controllers will not display any content related to the LinkedIn account "ProSpot RB" to the user at that time.
The Joint Data Controllers see user personal data, such as name, surname, or general information that the user places on their profiles as public. Processing of other personal data is done by the LinkedIn social media platform and is subject to its regulations.
User personal data will be processed for the duration of the existence of the LinkedIn account based on the consent expressed by liking content/clicking "Follow" or engaging in interactions such as leaving a comment, sending a message, and to fulfill the legitimate interests of the Joint Data Controllers, such as marketing their own products or services or defending against claims.
User personal data may be shared with other data recipients, such as LinkedIn, cooperating advertising agencies, or other subcontractors servicing the Joint Data Controllers' LinkedIn account, IT service, virtual assistants, if contact occurs outside the LinkedIn portal.
Other user rights are described in this privacy policy.
User data may be transferred to third countries in accordance with LinkedIn's regulations, in connection with their storage on servers located outside the European Economic Area. LinkedIn applies compliance mechanisms in the form of standard contractual clauses adopted by the European Commission numbers 2004/915/EC or 2010/87/EU.
When using LinkedIn, data will not be profiled and processed in an automated way under the GDPR (negatively impacting the user's rights and freedoms).
The Joint Data Controllers recommend familiarizing yourself with LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL.
DATA SECURITY
User personal data is stored and protected with due diligence, following implemented internal procedures of the Joint Data Controllers. The Joint Data Controllers process user information using appropriate technical and organizational measures that meet the requirements of universally applicable legal regulations, especially data protection regulations. These measures are primarily aimed at securing user personal data from unauthorized access.
In particular, access to user personal data is only granted to authorized persons who are obligated to keep this data confidential or entities to whom the processing of personal data has been entrusted based on a separate data processing agreement.
Users should also exercise due care in securing their personal data transmitted over the Internet, particularly by not disclosing their login details to third parties, using antivirus protection, and keeping their software up to date.
WHO CAN BE RECIPIENTS OF PERSONAL DATA?
The Joint Data Controllers inform that they use the services of external entities. Entities to whom the processing of personal data is entrusted (such as courier companies, electronic payment intermediaries, accounting service providers, companies offering electronic invoicing systems, and e-commerce platforms) guarantee the use of appropriate protection and security measures for personal data required by legal regulations, especially the GDPR.
The Joint Data Controllers inform the user that they entrust the processing of personal data, among others, to the following entities:
- PayU S.A. with its registered office in Poznań (60-166), at ul. Grunwaldzka 186, and Przelewy24 owned by PayPro Spółka Akcyjna with its registered office in Poznań at ul. Kanclerska 15, 60-327 Poznań – for handling payment systems and electronic transactions,
- Asseco Business Solutions Spółka Akcyjna, ul. Konrada Wallenroda 4C, 20-607 Lublin – provider of invoicing and accounting system WF-Mag, and e-commerce platform WAPRO ERP,
- pl S.A. ul. Zbożowa 4, 70-653 Szczecin – for handling the domain and mail server,
- BaseLinker sp. z o.o. sp. k, Plac Solny 15, 50-062 Wrocław, KRS: 0000815762 – for integrating shopping platforms,
- other assignees or subcontractors engaged in technical, administrative, or legal support for the Joint Data Controllers and their clients, such as accounting, IT, graphic design, copywriting, courier companies, law firms, etc.
- authorities, e.g., the tax office – for the purpose of fulfilling legal and tax obligations related to settlements and accounting.
HAVE WE APPOINTED A DATA PROTECTION OFFICER?
The Joint Data Controllers hereby inform that they have not appointed a Data Protection Officer (DPO) and independently perform duties related to the processing of personal data.
The user is advised that their personal data may be disclosed to authorized state authorities in connection with proceedings conducted by them, at their request and upon meeting the criteria confirming the necessity of obtaining this data from the Joint Data Controllers.
DO WE PROFILE USER DATA?
User personal data will not be used for automated decision-making that affects the user's rights, obligations, or freedoms within the meaning of the GDPR.
As part of the website and tracking technologies, user data may be profiled to better personalize the company's offer directed to the user (mainly through so-called behavioral advertising). However, this should not have any impact on the user's legal situation, especially the terms of agreements made by the user or agreements they intend to enter into. It can only help better tailor content and advertisements to the user's interests. The information used is anonymous and not associated with personal data provided by the user, e.g., in the purchase process. They result from statistical data such as gender, age, interests, approximate location, and behavior on the website.
Every user has the right to object to profiling if it has a negative impact on their rights and obligations.
If you want to learn more about behavioral advertising, click here: https://www.youronlinechoices.com/pl/o-reklamie-behawioralnej
§4 FORMS
The Joint Data Controllers use the following types of forms on the Website:
- Newsletter subscription form – requires the user to provide their name and email address in the specified fields. These fields are mandatory. Subsequently, the user, to add their email address to the list of subscribers of the Joint Data Controllers, must confirm the intention to subscribe. The data obtained in this way is added to the mailing list for sending newsletters.
Subscription means that the user agrees to this Privacy Policy and consents to receive marketing and commercial information via electronic means, e.g., email, within the meaning of the Act of July 18, 2002, on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
By subscribing, the user also consents to the use of the user's telecommunications end devices (e.g., phone, tablet, computer) for direct marketing of the products and services of the Joint Data Controllers and presenting commercial information to the user in accordance with Art. 172(1) of the Telecommunications Law (Journal of Laws of 2014, item 243, as amended).
These consents are voluntary but necessary for sending newsletters, including informing about services, new blog entries, products, promotions, and discounts offered by the Joint Data Controllers or products recommended by them. Consents can be withdrawn at any time, resulting in the cessation of newsletter delivery following the principles outlined in this privacy policy.
The newsletter is sent indefinitely, from the moment of activation until the withdrawal of consent. After withdrawing consent, the user's data may be stored in the newsletter database for up to 2 years to demonstrate that the user has given consent for newsletter communication, user actions (email openings), the moment of withdrawal, and any related claims. This constitutes a legitimate interest of the Joint Data Controllers (Art. 6(1)(f) of the GDPR).
Newsletter delivery may be stopped if the user shows no activity for a minimum of 1 year from the start of the newsletter service or reads the last email message (sent newsletter). In such a case, the Joint Data Controllers will delete the user's data from the newsletter delivery system (provider). The user will not be entitled to receive any messages from the Joint Data Controllers unless they choose to subscribe again through the newsletter subscription form or contact the Joint Data Controllers in another chosen manner.
The mailing system used to send the newsletter records all user activity and actions related to the emails sent to them (date and time of opening messages, clicks on links, the moment of unsubscribing, etc.).
The Joint Data Controllers may also conduct remarketing based on Art. 6(1)(f) of the GDPR (legitimate interest of the Joint Data Controllers, consisting of promoting and advertising services directed to people subscribed to the newsletter). In this way, the email addresses of subscribers are uploaded to the marketing tool offered by Facebook Inc., called the ad manager. Subsequently, advertising created by the Joint Data Controllers or authorized persons is directed to them through the Joint Data Controllers' advertising account, provided that newsletter subscribers are also Facebook platform users (have an account there). This data is deleted after each advertising campaign. In the case of the next advertising campaign, an updated list of subscribers is uploaded to the tool. Detailed information about so-called custom audience groups, data hashing rules, and data processing can be found in the Facebook privacy policy under this link: https://www.facebook.com/legal/terms/customaudience# and https://www.facebook.com/legal/terms/dataprocessing. The Joint Data Controllers recommend that each user and subscriber familiarize themselves with these principles.
- Order form in the Store – When placing an order in the online store of the Joint Data Controllers, you must provide specific data in accordance with the rules set out in the sales regulations to fulfill the order, fulfill the legal obligations imposed on the Joint Data Controllers for settlements, handle claims, for statistical and archival purposes, and for direct marketing to customers, which is a legitimate interest of the Joint Data Controllers.
These mainly include: name, surname, telephone number, company name, VAT identification number, home address, or company headquarters address, email address. If you already have a user account in the store, it is sufficient to provide the login (or email address) and password, log in to your account, and then take further steps related to the order.
The Joint Data Controllers store data for the duration of order or service fulfillment and, after completion, for the period necessary to protect against claims. Additionally, for the period specified by legal regulations, e.g., tax law (including the storage period for invoices).
- Complaint and withdrawal from the contract form – In the case of using the services or products of the Joint Data Controllers, you can file a complaint or withdraw from the concluded contract. For this purpose, the Joint Data Controllers allow you to complete a complaint form and a contract withdrawal form attached to the sales regulations. You can also perform these actions without completing the form but by providing the necessary data.
The required data in this case are: name, surname, or possibly the username, home address, or company headquarters address (if the order was placed on behalf of the company), email address, telephone number (if applicable), bank account number (if a refund is necessary), VAT identification number, or other specified information.
Providing data is voluntary but necessary to consider complaints in accordance with legal regulations and the sales regulations. The data will be stored for the purpose of handling the complaint/contract withdrawal procedure and for archival and defense against claims.
- User account registration form in the online store – The user has the option to create an account in the online store and must register accordingly and provide data: name, surname, email address, home address, telephone number, and then a password.
Account creation is carried out in accordance with the rules set out in the sales regulations and is an electronically provided service. The rules for maintaining the account and its possible deletion are included in the regulations.
The mandatory fields are marked as such, and without providing them, it will not be possible to create a user account. Providing other data is voluntary.
- Offer-related contact form – allows sending a message to the Joint Data Controllers and contacting them electronically. Personal data in the form of name, email address, and data provided in the content of the message are processed by the Joint Data Controllers in accordance with this Privacy Policy for contacting the user and presenting an offer to them at their request.
After completing contact with you, data may be archived, which is a legitimate interest of the Joint Data Controllers. The Joint Data Controllers cannot determine the exact archiving period and therefore the deletion of messages. However, the maximum period will not exceed the limitation periods for claims arising from legal regulations.
The Joint Data Controllers may entrust the processing of personal data to third parties without the separate consent of the user (based on a data processing agreement). Data obtained from forms cannot be transferred to third parties.
If the user uses services from external providers such as Google, they should familiarize themselves with the privacy policy available from these service providers on their websites.
§5 DISCLAIMER AND COPYRIGHT
- The content presented on the Website does not constitute specialized advice or guidance (e.g., educational) and does not refer to a specific factual situation. If the user wants assistance in a specific matter, they should contact a person authorized to provide such advice or the Joint Data Controllers using the provided contact information. The Joint Data Controllers are not responsible for the use of the content on the Website or actions or omissions based on it.
- All content placed on the Website is subject to the copyright of specific individuals and/or the Joint Data Controllers (e.g., photos, texts, other materials, etc.). The Joint Data Controllers do not consent to the copying of this content in whole or in part without their explicit, prior consent.
- The Joint Data Controllers hereby inform the user that any dissemination of content provided by the Joint Data Controllers constitutes a violation of the law and may result in civil or criminal liability. The Joint Data Controllers may also demand appropriate compensation for material or non-material damages incurred in accordance with applicable regulations.
- The Joint Data Controllers are not responsible for the misuse of materials available on the website in violation of the law.
- The content on the Website is current as of the date of publication unless otherwise indicated.
§6 TECHNOLOGIES
To use the website of the Joint Data Controllers, the following is necessary:
- Device with access to the Internet
- Active email inbox receiving email messages
- Web browser enabling the display of websites
- Software enabling the reading of content in presented formats, e.g., pdf, video, mp3, mp4.
§7 COOKIE POLICY
- Similar to most websites, the Joint Data Controllers' Website, hereinafter referred to as the Website, uses so-called tracking technologies, namely cookies, to improve the site for the needs of its visiting users.
- The Website does not automatically collect any information except for the information contained in cookies.
- Cookies (so-called "cookies") are computer data, small text files that are stored on the end device, e.g., computer, tablet, smartphone, when you use the Website.
- These can be proprietary cookies (originating directly from the website) and third-party cookies (coming from websites other than the Website).
- Cookies allow customization of the content of our website to the individual needs of the User and the needs of other users visiting it. They also enable the creation of statistics that show how users of the site use it and how they navigate through it. This helps improve the website, its content, structure, and appearance.
- The Joint Data Controllers use the following third-party cookies within the Website:
- Facebook Conversion Pixel and ads created through the Facebook Ads portal (Facebook Custom Audiences) - to manage ads on Facebook and conduct remarketing activities, which is a legitimate interest of the Joint Data Controllers. The Joint Data Controllers may also direct advertising content to the User through the Facebook portal as part of contact ads.
The Facebook Pixel tool is provided by Facebook Inc. and its affiliated companies. This analytical tool helps measure the effectiveness of ads, shows what actions users take on the Website, and helps reach a specific group of people (Facebook Ads, Facebook Insights). The Joint Data Controllers may also direct advertising content to the User through the Facebook portal as part of contact ads.
The Joint Data Controllers recommend familiarizing yourself with the details related to the use of the Facebook Pixel tool and, if necessary, asking questions to the provider of this tool. Users can also manage their privacy settings on Facebook. More information is available at: https://www.facebook.com/privacy/explanation. Users can opt-out of cookies responsible for displaying remarketing ads, for example, on https://www.facebook.com/help/1075880512458213/ at any time.
By using the website, the User consents to the installation of the specified cookie on their end device.
- Embedded Google Analytics code - for the purpose of analyzing Website statistics. Google Analytics uses its own cookies to analyze the actions and behaviors of Website users. These files are used to store information, such as which page the User came to the current website from. They help improve the Website.
This tool is provided by Google LLC. Actions taken using the Google Analytics code are based on the legitimate interest of the Joint Data Controllers in creating and using statistics, which then enables the improvement of the services of the Joint Data Controllers and the optimization of the Website.
While using the Google Analytics tool, the Joint Data Controllers do not process any User data that allows for their identification.
The Joint Data Controllers recommend familiarizing yourself with the details related to the use of the Google Analytics tool, the possibility of disabling tracking code, and, if necessary, asking questions to the provider of this tool at: https://support.google.com/analytics#topic=3544906.
- Plugins leading to social media Facebook, Instagram, Twitter, LinkedIn.
After clicking on the icon of a specific plugin, the User is redirected to the page of an external provider, in this case, the owner of a given social media service, e.g., Facebook. Then, they have the option to click "Like" or "Share" and like the Joint Data Controllers' fan page located on Facebook or directly share its content (post, article, video, etc.).
The Joint Data Controllers recommend familiarizing yourself with Facebook's privacy policy before creating an account on this portal. The Joint Data Controllers do not have control over the data processed by Facebook. From the moment the User clicks on the button of the social media plugin, personal data is processed by the social media platform, e.g., Facebook, which becomes its administrator and decides on the purposes and scope of their processing. Cookies left by the Facebook plugin (or other third parties) can also be applied to the User's device after entering the Website and then associated with the data collected on Facebook. By using the Website, the User accepts this fact. The Joint Data Controllers do not have control over the processing of data by third parties in this way.
The above guidelines also apply to the following:
Facebook - fan page located at the URL: https://www.facebook.com/OGIOPOLAND,
Profile on the Instagram social media portal, located at the URL: https://www.instagram.com/ogio_poland/?hl=pl,
https://www.instagram.com/amphibious_poland/?hl=pl ,
https://www.instagram.com/plecaki_dla_firm/?hl=pl ,
Twitter accounts on the portal located at the URL: https://twitter.com/ogio_poland.
LinkedIn accounts on the portal located at the URL:
https://www.linkedin.com/legal/privacy-policy?_l=pl_PL#collect.
- Tools for assessing the effectiveness of Google Ads advertising campaigns - for conducting advertising and remarketing campaigns, which is a legitimate interest of the Joint Data Controllers.
The Joint Data Controllers do not collect any data that would allow the identification of the User's personal data. The Joint Data Controllers recommend familiarizing yourself with Google's privacy policy to learn the details of how these functions work and how to disable them through the User's browser settings.
- Content from external websites of third-party providers,
The Joint Data Controllers may embed content from external entities' portals, services, blogs, and other external websites.
These third-party entities may store certain data about the plays of content performed by the User.
If you do not want this to happen, log out of the given portal (if you have an account there and are logged in) before visiting the Website or do not play specific content on the Website. Users can also change their browser settings to block the display of specific content from specific portals.
- Cookies for recovering abandoned shopping carts and User activity on the online store's website,
- to direct advertising communication related to an unfinished order to the User, which is a legitimate interest of the Joint Data Controllers.
- Web push notifications, from the browser level,
- for better communication with the User and faster delivery of valuable content or offers, the Joint Data Controllers enable the User to express consent to receive web push notifications from their browser.
To give consent to receive web push notifications, the User should check the option "show notifications" or a similar one on the message sent by their web browser (each browser may name this option differently).
Consent to receive the above notifications can be withdrawn at any time by changing the User's web browser settings. The Joint Data Controllers do not process any personal data of Users using web push notifications. Users are identified solely based on information stored by their web browsers, to which the Joint Data Controllers do not have access.
- The Joint Data Controllers again recommend familiarizing yourself with the privacy policy of each of the above service providers to learn about the options for making changes and settings to ensure the User's rights are protected.
- Two types of cookies are used within the Website: session cookies, which are deleted after closing the browser, logging out, or leaving the website, and persistent cookies, which are stored on the end user's device, allowing the recognition of the browser on the next visit to the website, for a period specified in the cookie parameters or until they are deleted by the User.
- In many cases, software used to browse websites (web browser) allows the storage of cookies on the end user's device by default. Website users can change cookie settings at any time. These settings can be changed, in particular, to block the automatic handling of cookies in the web browser settings or to inform about placing cookies in the User's device each time they visit the Website. Detailed information on the possibilities and methods of handling cookies is available in the software settings (web browser).
- The Joint Data Controllers inform that limitations on the use of cookies (disabling them, limiting them) may affect some functionalities available on the Website and hinder its operation.
- More information about cookies is available at http://wszystkoociasteczkach.pl/ or in the "Help" section in the internet browser menu.
§8 CONSENT TO COOKIES
Upon the first visit to the Website, the User must give consent to cookies or take other possible actions indicated in the message to continue using the Website's content. Using the Website signifies giving consent. If the User does not want to give such consent, they should leave the Website. Also, the User can always change their browser settings, disable, or delete cookies. Necessary information can be found in the "Help" section of the User's browser.
§9 SERVER LOGS
- Using the Website involves sending queries to the server on which the Website is stored.
- Each query directed to the server is recorded in server logs. The logs include, among other things, the User's IP address, the date and time of the server, information about the internet browser, and operating system used by the User.
- The logs are recorded and stored on the server.
- Server logs are used to administer the Website, and their content is not disclosed to anyone other than individuals and entities authorized to administer the server.
- The Joint Data Controllers do not use server logs in any way to identify the User.
Privacy Policy Publication Date: 12-10-2020
Last Update Date: 15-02-2021