GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Personal data - within the meaning of Article 4 (1) GDPR means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be directly or indirectly identified.
Data processing - within the meaning of Article 4 (2) GDPR means an operation or a set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collection, recording, organisation, structuring, storage, adaptation or alteration, download, viewing, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1. WHO IS YOUR PERSONAL DATA CONTROLLER?
1.1. The data controller of your personal data is Conclusive Engineering spółka z ograniczoną odpowiedzialnością [polish limited liability company] with its registered office in Katowice, address: ul. Ligocka 103 lok. 3, 40-568 Katowice, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for Katowice-Wschód in Katowice, VIII Commercial Division of the National Court Register under number 0000736516, NIP [tax ID No.] 6793170667 (hereinafter referred to as Controller or Conclusive).
1.3. Controller may be contacted via the following channels:
- Headquarters: ul. Ligocka 103 lok. 3, 40-568 Katowice, Poland
- E-mail: firstname.lastname@example.org.
- Telephone: +48 795 757 955
2. WHEN CAN WE PROCESS YOUR PERSONAL DATA?
2.1. The scope of Personal data that we will process may vary depending on the service you use. We can obtain Personal data in the following ways:
- when placing orders and concluding sales contracts as part of our online store;
- creating a customer account on our website;
- arranging appointments as part of the calendar - using a third party service "Calendly";
- automatically, when using our website:
2.2. During your visit to our website and your use of its resources, data about your visit and activity are automatically collected, in particular IP address, domain name, browser type, and operating system type. More information about this can be found in the section on cookies.
3. HOW DO WE PROCCESS YOUR PERSONAL DATA ON THE WEBSITE?
3.1. When visiting our website, you remain anonymous until you decide otherwise. The information contained in the system logs (e.g. IP address) are used by us for technical purposes related to administration of our servers. In addition, IP addresses are used to collect general, statistical demographic information, such as the region from which you connect with us. Providing Personal data is therefore voluntary, and failure to provide them does not have any adverse consequences for the person visiting our websites.
- ensuring the proper and safe operation of the website for the user and their device;
- adapting the website to the individual settings of the website user and remembering the data entered by that person related to the use of the website, e.g. the choice of saving Cookies on the user's device or remembering the password (maintaining the logged in user);
- conducting statistic and analytic regarding to website visitors and users, e.g. website visit statistics, which will be used to improve the effectiveness of our marketing activities and for the purposes of building business strategies;
- for advertising and promotion, distribution of information and advertising materials via the website.
[BY ORDERS PLACED IN THE ONLINE STORE AND SETTING UP A CUSTOMER ACCOUNT]
3.5. Personal data of Clients who are natural persons shall be processed for the following purposes:
a) realization of the order, so for the purpose of undertaking action in regard to natural person’s demand before conclusion of the agreement and for the purpose of execution of rights and obligations resulting from concluded agreement – pursuant to Article 6(1)(b) of the GDPR, for the whole period of execution of the agreement;
b) providing Services via the website, based on the provisions of the online store regulations describing the rules for provision of services by electronic means in order to conclude a sales contract - pursuant to Article 6(1)(b) of the GDPR, for the whole period of execution of the agreement;
c) setting up and operating a Client’s account on the Controller's website – pursuant to Article 6(1)(b) of the GDPR, for the entire duration of the contract for the provision of electronic services;
d) fulfillment of the obligations imposed on the Controller by generally applicable provisions of law, including the provisions of tax acts and the Accounting Act – pursuant to Article 6(1)(c) of the GDPR in connection with the provisions of the Accounting Act and tax acts. The data will be processed for this purpose for the period provided for generally applicable provisions of law;
e) ensuring communication and servicing of the contract and improving the flow of information under the contract – pursuant to Article 6(1)(f) of the GDPR (legitimate purposes of the Controller), until an effective objection to such processing of this personal data is exercised;
f) establishing, defending and pursuing possible claims – pursuant to Article 6(1)(f) of the GDPR (legitimate purposes of the Controller), until the expiry of the limitation period for any claims;
g) implementation of the Controller's legitimate purposes in the form of marketing of own products and services, pursuant to Article 6(1)(f) of the GDPR, however, distribution of marketing information via the e-mail address and telephone number may be carried out after the Client expresses consent under special provisions regarding e-privacy. In this case, the Client's data will be processed until an effective objection to such processing of this personal data is exercised or until the consent to receive marketing materials by electronic means is withdrawn, depending on which occurs first.
[BY ORDERS PLACED IN THE STORE AND SETTING UP AN ACCOUNT
BY CLIENT’S REPRESENTATIVES
AND CONTACT PERSONS]
3.6. Personal data of contact persons and representatives of our Clients in the form of name, surname, email, address for delivery Controller has received from Client. The data shall be processed to achieve the purpose of:
a) taking actions before concluding a contract or which purpose is to conclude a contract with the Client (party of agreement with Controller), which you represent or act as a contact person for the performance of the contract; and in the case of conclusion of the contract, also for the purpose of performing the contract, to achieve the purpose of realisation of pursuing the legitimate interest of Controller, so pursuant to Article 6(1)(f) of the GDPR - for the duration of the contract with the Client or placing the order;
b) establishment, exercise or defence of legal claims that may arise or result from the performance of the contract, to achieve the purpose of realisation of pursuing the legitimate interest of Controller, so pursuant to Article 6(1)(f) of the GDPR - data will be processed until the limitation of such claims resulting from generally applicable law;
c) implementation of the Controller's legitimate purposes in the form of marketing of own products and services, pursuant to Article 6(1)(f) of the GDPR, however, distribution of marketing information via the e-mail address and telephone number may be carried out after the expresses consent under special provisions regarding e-privacy. In this case, the data will be processed until an effective objection to such processing of this personal data is exercised or until the consent to receive marketing materials by electronic means is withdrawn, depending on which occurs first;
d) in the event that the Client’s representative or contact person shall sets up a Client account - the personal data of natural person shall also be processed for the purpose of setting up and maintaining a Client account on the website - pursuant to Article 6(1)(b) of GDPR, for the entire duration of the contract for the provision of electronic services.
3.7. Clients and users of our website have a possibility to arrange meetings using a tool available on our website - a calendar for arranging meetings online with a selected consultant. The tool is called Calendly. Please be advised that the provider of the online appointment scheduling tool is an entity based in the United States of America, i.e. outside the European Economic Area (EEA).
3.8. The Controller informs that the adequacy decision referred to Article 45 GDPR, which means that the European Commission did not find that the third country where the recipient of personal data is located provides an adequate level of protection, nevertheless, the Controller concluded with the abovementioned the subject of the contract on the basis of standard contractual clauses adopted by the Commission (Article 46(2)(c) of the GDPR). In order to use the tool, you must provide your personal data in the form of an email address and first name.
3.9. If you wish to make an appointment with our consultant via the calendar provided by Calendly LLC seated in the United States of America, your personal data will be processed by us for the following purposes:
a) establishing and maintaining contact with website users and customers of our store - to implement the Controller's legitimate interest (Article 6(1)(f) of the GDPR, for the time necessary to execute the contact and provide you with all information you required,
b) establishing, pursuing or defending against possible claims that may be related to the Controller's conduct of the above activities - to implement the Controller's legitimate interest in the form of securing claims, so pursuant to Article 6(1)(f) of the GDPR, for the time provided for by legal provisions regarding the limitation of such claims.
3.10. Due to the fact that the supplier of the tool Calendly LLC is an entity based in the United States of America, your data may be transferred outside the European Economic Area (EEA).
4. WHAT ABOUT RIGHTS OF DATA SUBJECT?
4.1. In connection with the processing of Personal data, you have the following rights:
a) request access to Personal data that concerns you;
b) request that the data are corrected, if you belive that the data are incorrect or incomplete;
c) request removal of your Personal data, if the data concerning you:
- are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
- you withdraw your consent for processing your data and there is no other legal basis for processing them,
- you object to processing of your personal data and the Controller has no overriding legitimate grounds for processing despite your objection or you object to the processing of personal data for direct marketing purposes,
- your data have been unlawfully processed,
- data should be deleted in order to comply with a legal obligation or the data were collected in connection with the provision of information society services offered to a child.
The right to delete data does not apply to data processed on the basis of applicable law or data processed for the purpose of establishing, defending and pursuing possible claims.
d) request the restriction of the processing of personal data, if:
- the data are incorrect - you can request that the processing of your data can be limited for a period that allows the Controller to check the correctness of those data,
- the data are unlawfully processed, but you do not want them to be deleted by the Controller,
- we no longer need the data, but you require them to establish, exercise of defend legal claims,
- you object processing but we have to verify if our legitimate grounds for processing your personal data does not override your objection.
e) request transfer of the data you provided us with, if the processing is based on your consent and is carried out by automatic means,
f) object to processing your personal data if the processing is based on enforcement of legitimate interest of the Controller.
4.2. You have the right to withdraw consents on the basis of which we process personal data, but the withdrawal of consent does not affect the lawfulness of the actions that were taken before the consent was withdrawn.
4.3. You have the right to lodge a complaint when you believe that the processing of your data infringes provisions of the GDPR. The complaint should be submitted to the supervisory authority, which in Poland is the President of the Personal Data Protection Office.
5. WHO CAN BE THE RECIPIENT OF YOUR DATA?
5.1. The data concerning you may be disclosed to entities cooperating with us, including those providing goods or services for us, such as postal and hosting services, payment service provider, etc.
5.2. The data may be disclosed to entities entitled to access them by generally applicable law (for example police).
5.3. We may collect your personal data using technologies of third parties, who provide services to the us and have headquarters or data centres outside European Economic Area (EEA). Those personal data may be processed outside European Economic Area (EEA), but in such case Controller shall provide adequate guarantees of security and respect for your privacy. The transfer may be related to:
a) using analytical tools and anonymized tracking of user behaviour, in particular, such as Google Analytics, Google Ads (Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
b) using the calendar functionality to arrange online meetings. The provider of the tool is https://calendly.com/ seated in the United States - Calendly LLC (271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA).
6. IS PROVIDING DATA NECESSARY?
6.1. Providing data to place an order in the store is voluntary, but necessary to conclude a sales contract. Providing data to set up a Customer account is voluntary, but lack of those data may prevent us from creating your account.
6.2. Providing data as part of using the calendar and for the purpose of sending marketing e-mails is voluntary.
WHAT KIND OF COOKIES DO WE USE?
7.1. Cookies files (the so-called: cookies) are small text files, which may contain various information about the user, including personal data in the form of a computer's IP address and a unique device identifier saved in the file. Cookies are stored in the device's memory - they are not stored on our servers, we only read the content of these files, gaining access to them when you visit our website.
7.4. Our website also includes content provided by third parties. These are entities providing analytical and advertising services. The information contained in Cookies used by our website may be transferred to these entities. Cookies provided by third parties perform the following functions:
7.5. These files collect data on the basis of which collective, anonymized reports are created. We use these reports to understand how users use our website, how effective our marketing activities are, and what we can do to improve the use of our website.
7.6. When visiting our website, you remain anonymous until you decide otherwise. The information contained in the system logs (e.g. IP address) is used by us for technical purposes related to administration of our servers. In addition, IP addresses are used to collect general, statistical demographic information, such as the region from which you connect to us.
7.8. More information may be found in your browser’s settings: Chrome, Firefox, Safari, Opera, Edge, Internet Explorer.
7.9. The use of certain Cookies, depending on their function and purpose, requires user's consent. This is due to the specific provisions based on e-privacy regulations (in Poland including Article 173 of the Telecommunications Act of July 16th, 2004). You do not need to consent to cookies if they are absolutely necessary for to use our website or other functionalities or to guarantee IT security. Cookies for all other purposes, such as individual website optimization, marketing or statistical evaluation of website activity, require consent.
7.10. In connection with our reading of Cookies stored on your device, you have the right to request the deletion of data collected by us, the right to object to their processing, as well as the right to lodge a complaint to the President of the Office for Personal Data Protection (supervisory authority in Poland).
8. PLUGINS FORM FACEBOOK, YOUTUBE, LINKEDIN
8.1. The website uses plugins from Facebook, Linkedin, Youtube. Data is only transferred to social networks if you have actively click on the corresponding plug-in button. After clicking on the plug-in icon, the web browser will start a connection with the servers of a given social networking site, and the user will be redirected to the website of the owner of a given social networking site, and your web browser will establish a direct connection with the servers of these social networking sites. Using these functions may involve the use of external cookies.
8.3. The Controller in cooperation with Facebook, Linkedin and Youtube partially obtains personal data directly from users of its websites, and partially from user’s profiles on one of the abovementioned social networks.
8.4. To the extent that the Controller obtains data directly from users, providing personal data is completely voluntary, and failure to provide it does not have any adverse consequences for the user. The user may use the website without providing any personal data and remain anonymous all the time (in a situation where the user is only browsing the website without interacting with the plug-in).
8.5. To the extent that the Controller obtains user data from user’s profiles on social networking sites, the disclosure will include user’s data in the form of anonymous statistical summaries prepared by these social networks’ providers.
8.6. The Controller processes the data of users who interact with the plug-in on the website in order to create analyzes, statistics and summaries that will be used to improve the effectiveness of our marketing activities and build business strategies - the vast majority of such statistics are created on the basis of non-personal data or anonymized data. In some cases, personal data collected using Cookies may be used. In the event that personal data will be used for this purpose, their processing will take place as necessary to implement our legitimate interest in the form of analytical and statistical activities aimed at the development of the website, so pursuant to Article 6(1)(f) of the GDPR. The data will be processed for this purpose until it is fully implemented or until an effective objection to its processing is submitted, depending on which appears first.
8.7. The Controller also informs that in connection with the functioning of the social networks, user profiling may occur, i.e. creating a profile containing information about the interests or specific characteristics of the user. Some functions provided by social networks’ providers allow the compilation of users' personal data and the creation of statistics and statements from them, which the Controller may later use to properly adjust the content made available to users. At the same time, we would like to inform you that decisions based on the created profiles will not be made automatically.
8.9. In addition, personal data disclosed by social networks’ users in our social media accounts as public shall be available to an unlimited group of recipients, including recipients in countries outside the European Economic Area (EEA). Due to the fact that the Conclusive has no influence on the content published by users on i.a. Facebook social network.
8.10. Since, as part of the Controller's cooperation with Facebook and Linkedin, there is a joint controller of personal data, the user has the right to obtain an extract from the arrangements made by either Facebook or Linkedin and the Controller in the field of co-administration. An extract of the most important information is available at: https://www.facebook.com/legal/controller_addendum for Facebook and https://legal.linkedin.com/pages-joint-controller-addendum for Linkedin.