Limpol Sp. z o.o.
KRAKOW, 24th MAY 2018
1. GENERAL PROVISIONS
2. PERSONAL DATA CONTROLLER
2.1. The Company is the Controller of the personal data provided by the users at the Company’s website: https://www.limpol.pl/
2.2. The Company exercises due diligence to ensure that all personal data are processed in accordance with the purpose for which they were collected and used in accordance with the conditions and categories of data processed permitted by law.
3.1. In all matters related to data protection and processing of personal data originating from users of the website administered by the Company, as well as establishing contact with the Company using the phone number, fax number or e-mail address indicated at the Company’s website, the Company may be contacted via e-mail: firstname.lastname@example.org or in writing to the address of the Company indicated in item 1.1. above.
4. INFORMATION SECURITY AND SAFEKEEPING AND DATA PROCESSING RULES
4.1. The Company ensures the security of personal data through appropriate technical and organizational measures aimed to prevent unlawful data processing and their accidental loss, destruction and damage. The Company’s website and the contact form at the Company’s website are encrypted.
4.2. The Company exercises due diligence to ensure that personal information is processed in accordance with the principles of personal data processing specified in the GDPR, that is:
a) processed lawfully, fairly and in a transparent manner in relation to the data subject (lawfulness, fairness and transparency);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
d) accurate and, where necessary, kept up to date; personal data that are inaccurate, having regard to the purposes for which they are processed, will be deleted or rectified without delay (“accuracy”);
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
5. PURPOSE OF PERSONAL DATA PROCESSING AND LEGAL BASIS
5.1. The Company collects personal data when:
a) the data subject contacts the Company using the e-mail address or fax no. provided at the website;
b) the data subject contacts the Company using the telephone number provided at the website;
c) the user of the website administered by the Company subscribes to the newsletter;
d) the user of the website administered by the Company contacts the Company
by means of a contact form.
5.2. Each time the purpose of data processing by the Controller results from actions taken by users of the website administered by the Company, as well as establishing contact with the Company using the phone number, fax number or e-mail address indicated at the Company’s the website.
5.3. The purposes and legal bases for the collection of personal data in such cases shall be as follows:
a) in the event of a contact form (including for the purpose of subscription to the newsletter) or contact using e-mail address/fax number, personal data will be processed in order to contact the data subject once in a specified form with regard to the demand, e.g. presentation of an offer, provision of information – legal basis: Article 6, section 1, letter f of the GDPR (providing answers to requests and inquiries made using the contact form or in another form, including storing relevant requests and answers provided in order to comply with the principle of accountability);
b) in the case of telephone contact and recording of conversations during which personal data may be transferred, the data will be processed in order to enable contact with the data subject in relation to the demand, e.g. presentation of an offer, provision of information – legal basis: Article 6, section 1, letter f of the GDPR (responding to requests and inquiries made using a contact form or in any other form, including storing relevant requests and answers provided in order to comply with the principle of accountability);
d) in the event of concluding an agreement with the Company, personal data shall be used for the purposes of the implementation thereof – legal basis: Article 6, section 1, letter b of the GDPR.
6. PERIOD OF PERSONAL DATA PROCESSING
6.1. The Company examines whether personal data processed by it are not processed for a longer period than is necessary for the purposes for which the data are processed.
6.2. Personal data processed on the basis of the granted consent will be processed until such consent is revoked or the purpose for which they were collected ceases to exist. The consent granted may be revoked at any time without affecting the lawfulness of processing carried out on the basis of the consent prior to its revocation.
6.3. Data provided using the contact form or during telephone contact, by fax or e-mail will be processed for the time of meeting the demand, e.g. presentation of an offer, providing information, but not longer than 2 years in order to comply with the principle of accountability.
6.4. Data processed in connection with the presentation of an offer, provision of services, conclusion and performance of an agreement will be processed in accordance with the applicable regulations, however, no longer than until the expiry of the period in which the Company or the data subject may pursue claims related thereto.
6.5. Data processed for the purpose of direct marketing will be processed until consent is revoked or objections are raised.
7. USER RIGHTS
7.1. The Company is responsible for exercising the rights of persons whose data are processed in accordance with the applicable provisions of law. Should you have any questions or requests regarding the scope and exercise of your rights, or if you would like to contact us precisely in order to exercise your specific data protection right, please contact us by e-mail at: email@example.com. The Company reserves the right to exercise the following rights after a positive verification of the identity of the person applying for a given action.
7.2. Access to personal data. Natural persons have the right to access data held by the Company.
7.3. Change of personal data. Natural persons have the right to change, including update, their personal data processed by the Company.
7.4. Revocation of consent. Where personal data are processed on the basis of consent, natural persons have the right to revoke their consent at any time. The right to limit or object to the processing of personal data. Natural persons shall have the right to restrict or object to the processing of their personal data at any time on account of their particular situation, unless such processing is required by law.
7.5. The right to request the deletion of data and the right to data transfer. Natural persons shall have the right to request the deletion of data when they are no longer necessary for the purpose for which they were collected, in the event of revocation of consent, in the event of objection to processing or when the processing is unlawful.
7.6. The right to data transfer, on the other hand, applies when a person’s data are processed on the basis of a consent or an agreement and when the processing is carried out automatically. In such a case, the Company issues or provides to the indicated entity the data of the person who requests it, in a structured, commonly used format suitable for machine readout.
7.7. The Company informs that there is no obligation to delete data if the processing is necessary to: fulfill a legal obligation of processing under EU or the Polish law, or to perform a task in the public interest, or to establish, pursue or defend a claim.
8. SCOPE OF PROVISION OF DATA ON USERS
8.1. The Company declares that it shall not sell, share or transfer the personal data collected for processing to other persons or institutions, unless it is done with the express consent or at the request of that person or at the request of state authorities authorized under the law, for the purposes of the proceedings conducted by them.
8.3. The Company informs that personal data processed by the Company, including data processed for marketing purposes, may be made available to other entities only if it is permitted by law. In such a case, in a relevant agreement concluded with a third party, the Company provides for security provisions and mechanisms in order to protect data and maintain the Company’s standards in terms of data protection, confidentiality and security. Such agreements are called personal data processing outsourcing agreements, and the Company has control over how and to what extent the entity to which the Company has entrusted the processing of certain categories of personal data processes such data. Therefore, we wish to point out that the recipients of personal data processed by the Company as a personal data controller may be entities processing personal data pursuant to data processing agreements concluded with the Company, including financial institutions, whereas the Company transfers personal data to such entities only to the extent that it is actually necessary to achieve the purpose of concluding and performing the agreement with a data subject.
9. TRANSFER OF DATA OUTSIDE EEA
9.1. The Company informs that personal data processed by the Company shall not be transferred outside the EEA.