In connection with its business activity, the Controller shall collect and process personal data in accordance with the relevant provisions; in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR. When processing data, the Controller shall ensure its security and confidentiality and access to information on such processing for data subjects.
§1 CONTROLLER INFORMATION
2. The Controller of your personal data is Bizuu sp. z o.o. sp.k. with its registered office in 61-823 Poznań at ul. Piekary 12/5, entered in the Register of entrepreneurs kept by the District Court Poznań Nowe Miasto in Poznań, 8th Commercial Division of the National Court Register under KRS (National Court Register) number 390911, NIP (Tax Identification Number) 7831677097, Regon (National Business Registry Number) 0000390911.
3. You can contact the Controller directly by writing to: firstname.lastname@example.org or by calling + 48 783 895 590 and at the address of our registered office.
§2 THE TYPE OF PERSONAL DATA PROCESSED, THE PURPOSE AND SCOPE OF DATA COLLECTION
Depending on our relationship with you, we shall process your personal data for the purposes and scopes described below:
1. Potential customers, including newsletter subscribers, people we target with our marketing content, users of our social media sites:
- data (first and last name, contact address, telephone number) is processed in order to fulfil the legitimate interests of the Controller under Article 6(1)(f) of the GDPR which consists primarily of marketing our products and services, promoting our brand and running social media sites. If we obtain consent from you, your data shall be processed on the basis of Article 6(1)(a) of the GDPR (in the form of contacting you by telephone, sending you an email or text message, or sending our offer by post to the address provided by you). On the basis of our legitimate interest, we may also process your data for the enforcement of possible claims, for statistical purposes and for the continuous improvement of the quality of our services.
It is not a legal obligation for you to provide your personal data, but it is necessary to respond to your inquiries, e.g., in the contact form.
2. Our customers and customers’ contact persons:
- data (most often first and last name, contact address, telephone number, service details and invoice data) is processed for the purpose of executing the contract or taking pre-contractual action at the request of the customer pursuant to Article 6(1)(b) of the GDPR; in the case of customers and in the case of contact persons designated by the customer, for example in the content of the contract - pursuant to Article 6(1)(f) of the GDPR - due to our legitimate interest. Your data as our customers is also processed to fulfil our legal obligations, such as settlements, accounting and financial reporting, etc., and we do so on the basis of Article 6(1)(c) of the GDPR. Providing the above-mentioned data is necessary to properly implement the contract.
3. Conducting email and traditional mail correspondence:
– data provided by you (usually first and last name, contact address), in the event that you send us correspondence by email or traditional mail, is processed exclusively for the purpose of communication and settlement of the matter to which the correspondence relates. In such a case, the legal basis for the processing is the legitimate interest of the Controller pursuant to Article 6(1)(f) of the GDPR to carry out correspondence addressed to it in connection with its business activity. Providing the above-mentioned data is necessary in order to respond to the correspondence addressed to us.
– data provided by you within the recruitment processes (to the extent specified in the law) will be processed by the Controller in order to fulfil the legal obligations related to the employment process, including in particular the Labour Code, pursuant to Article 6(1)(c) of the GDPR. If you provide data not required by the Labour Code, as well as for future recruitment processes, the legal basis for processing will be your consent, i.e., Article 6(1)(a) of the GDPR. In order to establish or pursue any claims or defend against such claims, the legal basis for the processing of data is the legitimate interest of the Controller, i.e., Article 6(1)(f) of the GDPR. Your data must be provided to the extent required by law in order to conduct the recruitment process.
5. Visitors to our Website:
- Please note that when you use the Website, additional information may be collected, including, but not limited to: the IP address associated with your computer or the external IP address of your Internet Service Provider, domain name, browser type, access time, and operating system type; navigational data may also be collected from users of our website, including information about links and references you choose to click on or other actions you take on the Website. The legal basis for such activities is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) to facilitate the use of electronically supplied services and to improve the functionality of those services.
6. Participants in our competitions
- the data provided by you, in connection with your participation in competitions that we organise, will be processed in order to fulfil our obligations as the organiser of a competition, including processing the entries, communicating the results and selecting the winners, and awarding and sending the competition prizes, which is our legitimate interest (Article 6(1)(f) of the GDPR). The data will also be processed for the purpose of settlement, accounting and financial reporting and other legal obligations (Article 6(1)(c) of the GDPR) and for the purposes indicated in the consent for the processing of personal data, if such consent is expressed (Article 6(1)(a) of the GDPR). Providing your details to the extent specified in the terms and conditions of a given competition is necessary to participate.
7. Person lodging a complaint
- the personal data you provide will be processed in order to process the complaint, on the basis of Article 6(1)(f) of the GDPR, which is a legitimate interest of the controller, but also necessary in order to fulfil the legal obligations imposed on the Controller, i.e. on the basis of Article 6(1)(c) of the GDPR). Your data must be provided to the extent required by law in order to conduct the complaint procedure.
§3 PROVISION OF PERSONAL DATA
The Controller may transfer your personal data only if necessary for the purposes of the processing: to entities providing IT services to us, i.e. providers of hosting services, providers of software enabling the website to be operated, authorised employees and associates who will respond to your enquiries generated by the contact form. Moreover, we may disclose your data to consulting and auditing companies, law firms, postal and courier companies, banks, ZUS (Social Insurance Institution), US (Tax Office) - within the scope of legal obligations imposed on the Controller.
§4 THE RIGHT TO CONTROL, ACCESS AND RECTIFY YOUR OWN DATA
1. The data subject shall have the right to access the content of their personal data and the right to rectify it, to delete it (unless the Controller is under an obligation to further process it), to limit the processing, to transfer the data, to object, to withdraw consent at any time without affecting the lawfulness of the processing, which was made on the basis of prior approval.
2. Legal basis of User request:
a) Access to data – Article 15 of the GDPR.
b) Rectification of data – Article 16 of the GDPR.
c) Deletion of data (the right to be forgotten) – Article 17 of the GDPR.
d)Limitation of processing – Article 18 of the GDPR.
e)Transfer of data – Article 20 of the GDPR.
f) Objection – Article 21 of the GDPR.
g) Withdrawal of consent – Article 7(3) of the GDPR.
3. For the exercise of the rights referred to in point 2 you should send the relevant e-mail to: email@example.com
4. In the event of the User asserting their right under the above-mentioned rights, the Controller shall either comply with the request or refuse to comply with it immediately, but comply no later than within one month of receiving it. However, if - due to the complexity of the request or the number of requests - the Controller is unable to comply with the request within one month, it shall comply with the request within the following two months and inform the User about the intended extension of the deadline and the reasons for it within one month of receiving the request.
5. If it is found that the processing of personal data is in breach of the rules of the GDPR, the data subject shall have the right to file a complaint with the President of the Personal Data Protection Office with its registered office in Warsaw.
§5 COOKIE FILES
1. The Controller’s Website uses“cookies”.
2. Installing “cookies” is necessary to properly provide services on the Website. “Cookies” contain information necessary for the proper functioning of the Website and provide the opportunity to compile general statistics on Website visits.
3. The Website uses two types of "cookies": "session" and "permanent".
a) "Session cookies" are temporary files that are stored on the User's end device until the user logs off (leaves the page).
b) "Permanent cookies" are stored in the User’s end device for the time specified in the "cookies" parameters or until they are deleted by the User.
4. The Controller uses its own cookies to better understand how Users interact with the content of the Website. The cookies collect information about how the User uses the Website, the type of website the User came from, the number of visits and the length of the User's visits to the Website. This information does not register specific personal data about the User, but it is used to compile statistics on the use of the Website.
5. The Controller uses external cookies to collect general and anonymous static data via Google Analytics (third-party cookie controller: Google Inc., based in the USA).
6. Cookies may also be used by advertising networks, in particular the Google network. To do this, they can retain information about the User's navigation path or the time they stay on a given website.
7. The User is entitled to decide on the access of cookies to their computer by selecting them in advance in their browser window. Detailed information about the possibility and methods of using “cookies” is available in the software (browser) settings. Information for selected, most popular browsers:
a) Chrome: https://support.google.com/chrome/answer/95647?hl=pl
b) Safari: https://support.apple.com/pl-pl/guide/safari/sfri11471/mac,
c) Microsoft Edge: https://support.microsoft.com/pl-pl/microsoft-edge/wy%C5%9Bwietlanie-i-usuwanie-historii-przegl%C4%85darki-w-programie-microsoft-edge-00cf7943-a9e1-975a-a33d-ac10ce454ca4
d) Internet Explorer: https://support.microsoft.com/pl-pl/topic/jak-usun%C4%85%C4%87-pliki-cookie-w-programie-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc
e) Firefox: https://support.mozilla.org/pl/kb/ciasteczka
f) Opera:https: https://help.opera.com/pl/latest/web-preferences/#cookies.
§6 DATA PROCESSING PERIODS
The duration of data processing by the Controller depends on the type of service provided and the purpose of processing. The period for which the data is processed may also result from legislation, where this is the basis for the processing. In case of data processing on the basis of the legitimate interest of the Controller - the data shall be processed for the period enabling its fulfilment or until an effective objection to data processing is raised. If processing is carried out on the basis of consent, the data shall be processed until its withdrawal. Where processing is essential for the conclusion and performance of the contract, the data shall be processed until it is terminated. The processing period may be extended where processing is necessary to establish, investigate or defend against possible claims and after that period only if and to the extent required by law. After the processing period has expired, the data is permanently deleted or anonymised.
§7 TRANSFER OF DATA TO THIRD COUNTRIES
In principle, your personal data will not be transferred outside the European Economic Area (hereinafter EOG). However, in consideration of the services provided by the supplier of the software used for maintenance of the online store, your data may be transferred outside of the EOG. This only involves countries that guarantee an appropriate level of protection based on the decision by the European Commission and, in the case of countries which do not guarantee an appropriate level of protection, only if they provide proper safety provisions, including those based on standard contractual clauses adopted by the European Commission or binding corporate rules.
§8 AUTOMATED DATA PROCESSING
The Controller shall not process your personal data in an automated manner in such a way that as a result of such automated processing any decisions could be made, other legal effects would be caused or to do so would have a significant impact on your rights and obligations.
§9 FINAL PROVISIONS
- The Controller shall apply technical and organisational measures to ensure the protection of the processed personal data, appropriate to the risks and categories of data protected, and in particular to protect the data against its disclosure to unauthorised persons, against its acquisition by unauthorised persons, against its processing in violation of the applicable legislation, and against its alteration, loss, damage or destruction.
- The Controller shall make available appropriate technical measures to prevent unauthorised persons from acquiring and modifying personal data sent electronically.