- The Administrator of personal data collected via the 4ba.pl website is Radosław Grębski, conducting commercial activity under the company name IT Radosław Grębski, with the company address: ul. Nyska 18, 48-300 Goświnowice, in Poland; the address for service: ul. Nyska 18, 48-300 Goświnowice; Polish tax identification number (NIP): 7532362368; Polish National Business Registry Number (REGON): 160212287; entered into the Polish Central Business Register and Information Service (Centralna Ewidencja i Informacja o Działalności Gospodarczej), hereinafter referred to as the “Administrator”.
- Personal data collected by the Administrator via the website are processed in accordance to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), hereinafter referred to as GDPR, and the Polish Personal Data Protection Act of 10 May 2018.
The scope, purpose and type of personal data being collected
- The data processing purpose and its legal basis. The Administrator processes personal data via the website 4ba.pl in the following cases:
- A website user uses a contact form on the site. User’s personal data are processed based on article 6 section 1 letter f GDPR, as the Administrator’s legitimate interest.
- A website user subscribes to a Newsletter to receive commercial information electronically. User’s personal data are processed after obtaining a separate consent, pursuant to article 6 section 1 letter a GDPR.
- The type of processed personal data. The Administrator processes the following types of users’ personal data:
- First and last name
- Email address
- Personal data archiving period. Users’ personal data are stored by the Administrator in the following cases:
- When the basis for data processing is fulfillment of a contract, the data are retained for as long as it is essential to fulfill the contract, and once fulfilled, for as long as the limitation period for claims lasts. If a special provision does not state otherwise, the limitation period for claims shall be 6 years, and for claims for periodical performance and performance related to conducting business activity – 3 years.
- When the basis for data processing is a user’s consent, the data are retained for as long as the consent lasts, and once it is revoked, for the duration of the limitation period for claims, which may be raised against and/ or by the Administrator. If a special provision does not state otherwise, the limitation period for claims shall be 6 years, and for claims for periodical performance and performance related to conducting business activity – 3 years.
- Additional information may be collected when using the website, in particular: IP addresses from which user browses the website or an external IP address of the user’s Internet provider, domain name, information about the user’s browser, access time, user’s operating system.
- Some log data may also be collected from users, including information on any links and cross-references they click or perform other activity on the website. The legal basis of log data collection is the Administrator’s legitimate interest (article 6 section 1 letter f GDPR), which is to facilitate easier provision of services electronically and to enhance these services.
- Users share their personal data voluntary.
- Provided the user’s consent is obtained, personal data are processed and profiled automatically, under article 6 section 1 letter a GDPR. Profiling effects in creating a user profile to process decisions pertaining this user or to analyze the user’s preference, behaviors and attitudes.
- The Administrator ensures an appropriate protection is applied to safeguard the interest of the data subjects, in particular, the Administrator ensures that data he collects are:
- processed in accordance with legal requirements;
- collected for designated, legitimate purposes and not subject to further processing incompatible with these purposes;
- substantively correct and adequate for the purposes they are processed and retained in the form enabling to identify persons which they pertain, no longer that it is required to attain the goal of processing.
Sharing personal data
- Users’ personal data are shared with the service providers used by the Administrator to maintain the website operation. The service providers with whom the data are shared, depending on contractual agreements and circumstances, are either subject to the Administrator’s instructions as to the purposes and methods of data processing (processing entities) or they stipulate the purposes and methods of retention independently (administrators).
- The users’ personal data are retained solely within the European Economic Area (EEA).
Right of access and to update users’ own data
- The data subject is entitled to access the content of the data, to rectify or remove them, restrict their processing or transfer the data, along with the right to object and right to withdraw the consent in any moment without affecting the data processing title which was exercised based on the consent given before the withdrawal.
- Legal basis for users’ rights:
- Right of access by the data subject – article 15 GDPR
- Right to rectification – article 16 GDPR
- Right to erasure (so called right to be forgotten) – article 17 GDPR
- Right to restriction of processing – article 18 GDPR
- Right to data portability – article 20 GDPR
- Right to object – article 21 GDPR
- Right to withdraw the consent – article 7 section 3 GDPR
- For the purpose of exercising the rights mentioned in point 2, an appropriate email communication may be sent to: email@example.com.
- If the user exercises their rights resulting from the above list, the Administrator grants or denies its fulfillment as soon as possible; no later, however, than within a month from the date the request was received. If, however, due to the complex nature of the request or large number of requests received, the Administrator is not able to fulfill the request within the month, he will fulfill it within two subsequent months, while notifying the user about the projected extension period and its cause within a month from the date he received the request.
- In the event a data subject deems that the data processing violates the GDPR provisions, they are entitled to file a complaint with the President of the Polish Personal Data Protection Office (UODO).
- Installation of cookies is required in order to provide services on the website appropriately. Cookies store essential information ensuring the website works properly and they enable preparation of general site visiting statistics.
- The website uses two types of cookies: session and permanent:
- Session cookies are temporary files and are stored on the end-user device only until the user is logged in (remains on the website).
- Permanent cookies are stored on the end-user device for the time specified in cookie file parameters or until they are removed by the user.
- The Administrator utilizes own cookies to enhance his knowledge on the user’s interaction with content of the website. These files collect information on ways the website is used by the user, the website type from which the user was directed to the said website, the number of visits and the time the user spends browsing it. These information do not record user’s particular personal data, but are used to prepare statistic of the website usage.
- The user is entitled to decide on the access the cookies have to their device by applying preferred browser settings. Detailed information on how to manage cookies are available in the software settings (internet browser).
- The Administrator applies technological and organizational means to ensure the protection of processed personal data accordingly to the risks and data categories being protected, in particular, he safeguards the data against: unauthorized access, taking the control of data by an unauthorized person, processing the data with violation of legal provisions, loss, damage or destruction of data.
- The Administrator provides appropriate technological means preventing the data transferred electronically being captured and modified by unauthorized persons.