- The controller of personal data of Users is the Service Provider.
- The purpose and scope of the processing of personal data are defined by approvals and information provided and submitted in a relevant form. The following personal data of Users are processed: e-mail addresses, IP addresses, and other data required to provide services in accordance with the Rules of Procedure. The nature of the services provided by the Service Provider renders it impossible to provide them anonymously.
- Personal data of Users are processed in order to:
- comply with the applicable law
- create a Customer Zone, perform services agreements online, handle complaints, and optimise the services rendered by the Service Provider
- run promotional and commercial campaigns by the Service Provider.
Providing personal data and consenting to receive trade offers is voluntary, but failure to consent to the processing of personal data marked as obligatory in a form will make it impossible for the Service Provider to render services and perform agreements, subject to the item below. Processing personal data of Users for marketing purposes requires the User’s consent. The User may withdraw his consent at any time by sending a relevant request to the e-mail address or the location address of the Service Provider identified in the Rules of Procedure or in the Contact Data. In addition, information gathered as part of provision of services is of ad hoc nature and is deleted when not required for their provision. The legal basis of the processing of personal data in the event referred to in item 3(a) above constitutes the statutory authorisation to process data required for lawful business operation, and in the event referred to in items 3(b) and 3(c) – it constitutes the User’s consent and the contractual authorisation to process personal data in case it is necessary to pursue legally justifiable goals by the Service Provider or data recipients. Only authorised persons may access data gathered by the Website. Personal data gathered by the Service Provider are not disclosed to other people, except for cases provided for by the applicable law or if such disclosure is necessary for the Service Provider to render its services. In accordance with the Rules of Procedure, personal data may be disclosed to unauthorised entities only upon prior consent of the concerned User. Users are entitled to inspect the processing of personal data that relate to him, collected in data files; in particular, Users can: (i) access their personal data, supplement them, and change them by requesting the Service Provider to do so, (ii) request the Service Provider to temporarily or permanently cease to process such data or to delete them if they are incomplete, outdated, inaccurate, were collected in breach of the act or are no longer required to achieve their prior intended purpose, (iii) object to the processing of their personal data in cases provided for by the applicable law, and (iv) request the Service Provider to delete their data if they are no longer required to achieve their prior intended purpose. Provided personal data are kept and protected in accordance with, among other things, the Regulation of the Minister of the Interior and Administration of 29 April 2004 on keeping records of personal data processing and the technical and organisational requirements to be met by IT equipment
and systems used for the processing of personal data (Dz.U. No. 100, item1024). The Website may automatically keep http requests, therefore, server logs may include information about the User, including the IP address of a requesting computer, the name of the User’s station if possible, date and system time of registration on the Website and of the request, a number of bytes sent by the server, information on the User’s web browser or information about errors that occurred while carrying out an http transaction. Log files may by analysed in order to compile statistics on website traffic and occurring errors. Such information is anonymous and its compilation does not identify the Users. Logs may be collected in order to operate the Website properly. Only people authorised to operate the computer system may access data.
- The Service Provider employs technical and organisational measures to protect personal data being processed in a manner relevant for possible risks and data categories under protection; in particular, the Service Provider technically and organisationally protects data against unauthorised access, unauthorised collection, unlawful processing, and any change, loss, damage or destruction; SSL certificates are one of the protection measures applied. Collections of personal data of Users is kept on the secured server. Data are also protected by internal procedures of the Service Provider regarding the processing of personal data and the information security policy.
- To log in to the Customer Zone, the User has to enter his login and password. In order to ensure an appropriate level of protection and security, the password to the Customer Zone is always encrypted. Moreover, the Website is used via secure https connection. Communication between the User’s device and the servers, particularly when making a payment, is encrypted with SSL protocol.
- At the same time, the Service Provider points out that the use of the Internet and the services provided online may carry the risk of infecting the computer system and the device of the User with malware as well as the risk of unauthorised access to the User’s data, including personal ones, by third persons. In order to reduce these risks, the User should employ the relevant technical protection measures, e.g. by using up-to-date anti-virus software or other software protecting identity data of Users on the Internet. To obtain detailed and professional information on being safe and protected on the Internet, the Service Provider recommends requesting it from entities that specialise in IT services of this type.
- Cookies usually include the website name, placement date, validity date, unique number, and additional information appropriate for a given file.
- The Service Provider uses two types of Cookies: session Cookies that are permanently deleted once the User’s browser session is over, and permanent Cookies that are stored on the User’s device after the session is over, until they are deleted.
- It is not possible to identify the User based on session or permanent Cookies. Cookies do not allow for the collection of any personal data.
- Cookies of the Service Provider are safe for the User’s device; in particular, they do not infect the device with any viruses or malware.
- External Cookies (Cookies placed by partners of the Service Provider) may be read by the external server.
- The User my turn off the Cookies saving option on his device in accordance with browser’s instructions, but it may result in unavailability of a part or all of the Website’s functionalities.
- The Service Provider uses its own Cookies for the following purposes: authentication of the User on the Website and maintenance of the User’s session; configuration of the Website and adjustment of website’s content to the User’s preferences, e.g. recognising the User’s device or saving the settings of the User; ensuring data security and safe use of the Website; traffic analyses; provision of advertising services.
- The Service Provider uses External Cookies to compile (anonymous) statistics that allow to optimise the usefulness of the Website and it does it with the use of such analytical tools as for instance Google Analytics (controller of Cookies: Google Inc seated in the US), … [other?]
- The User may at his discretion change the Cookies settings at any time, defining its storing conditions, in the browser settings or the service configuration panel. The User may at his discretion delete Cookies saved on his device at any time, according to browser’s instructions.
- Detailed information on the management of Cookies is available in the browser’s settings.