1. The controller of personal data collected via the website www.maced.pl and www.maced-company.com is MACED Sp. z o.o. with the seat: ul. Bobolicka 18, 76-010 Polanów, Poland, entered in the register of entrepreneurs under the KRS no: 0000140490, Tax identification Number (NIP): 4990403778, National Business Registry Number (REGON): 331367780, e-mail address: email@example.com hereinafter referred to as the “Controller”, acting at the same time as the Service Provider, address for delivery: Maced Sp. z o.o., ul. Słoneczna 9A, 62-020 Swarzędz, e-mail address: firstname.lastname@example.org, hereinafter referred to as the “Controller”.
2. Personal data collected by the Controller through the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and the Personal Data Protection Act of 10 May 2018
TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
1. PURPOSE OF PROCESSING AND LEGAL BASIS. The controller processes personal data via www.maced.pl and www.maced-company.com in the case of:
1. the user’s use of the contact form. Personal data are processed on the basis of Article 6(1)(f) GDPR as a legally justified interest of the Controller.
2. subscribing by the user for the Newsletter in order to send commercial information by electronic means. Personal data is processed upon separate consent, pursuant to Article 6(1)(a) of the GDPR.
2. TYPE OF PERSONAL DATA PROCESSED. The Administrator processes the following categories of your personal data:
1. First and last name
3. E-mail address,
4. Telephone number,
PERIOD OF PERSONAL DATA ARCHIVING.
Users’ personal data are stored by the Controller:
1. if the performance of a contract, for as long as it is necessary for the performance of the contract, and thereafter for a period corresponding to the period of limitation of claims is the basis for data processing. Unless otherwise provided by a specific provision, the period of limitation shall be six years and three years for periodic performance claims and claims related to the conduct of business activity.
2. if consent, for as long as the consent is not revoked, and after the revocation of consent for a period of time corresponding to the period of limitation of claims which the Controller may raise and which may be raised against him is the basis for data processing. Unless otherwise provided by a specific provision, the period of limitation shall be six years and three years for periodic performance claims and claims related to the conduct of business activity.
3. When using the website, additional information may be collected, in particular: the IP address assigned to your computer or the external IP address of your Internet provider, domain name, browser type, access time, operating system type.
4. Navigation data may also be collected from users, including information about the links and references they choose to click on or other actions they take on the website. The legal basis for such activities is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) in facilitating the use of services provided electronically and in improving the functionality of these services.
5. Providing personal data by the user is voluntary.
6. Personal data shall also be processed in an automated manner in the form of profiling, provided that the user consents to this on the basis of Article 6(1)(a) of the GDPR. As a consequence of profiling, a profile will be assigned to a person in order to make decisions regarding that person or to analyse or predict that person’s preferences, behaviour and attitudes.
7. The Controller shall take particular care to protect the interests of data subjects and, in particular, to ensure that the data collected by it are:
1. processed lawfully,
2. collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes,
3. substantively correct and adequate in relation to the purposes for which they are processed and stored in a form which permits identification of data subjects for no longer than it is necessary to achieve the purpose of processing.
SHARING OF PERSONAL DATA
1. Users’ personal data are transferred to the service providers used by the Controller to run the website. The Service Providers to whom the personal data are transferred, depending on the contractual arrangements and circumstances, are either subject to the Controller’s instructions as to the purposes and means of processing the data (processors) or determine themselves the purposes and means of processing the data (controllers).
2. Your personal data shall be stored exclusively in the European Economic Area (EEA).
RIGHT TO CONTROL, ACCESS AND CORRECT YOUR OWN DATA
1. Data subject shall have the right of access to the content of his/her personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.
2. Legal grounds for the user’s request:
1. Access to data – Article 15 of the GDPR
2. Rectifying data – Article 16 of the GDPR 2.
3. Deletion of data (so-called right to be forgotten) – Article 17 of the GDPR.
4. restriction of data – Article 18 of the GDPR 4. Transferring data – Article 20 of the GDPR 5. Objection – Article 21 of the GDPR
6. Withdrawal of consent – Article 7(3) GDPR.3. In order to exercise the rights referred to in point 2, you can send the relevant e-mail to: email@example.com.
4. If the user exercises the right resulting from the above rights, the Controller shall fulfil the request immediately or refuse to fulfil it, however, no later than within one month of receiving it.
5. If the processing of personal data is found to violate the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Office for Personal Data Protection.
1. The Controller’s website uses “cookies” files.
2. Installation of “cookies” is necessary for the proper provision of services on the website. Cookie files contain information necessary for the proper functioning of the website and they also provide the possibility to compile general statistics on website visits.
4. The website uses the following types of cookie files: session and permanent 1. “Session” cookies are temporary files stored in the user’s terminal equipment until logging out (leaving the website).
2. “Permanent” cookies are stored in the user’s terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the user.
5. The Controller uses its own cookie files to better understand how the user interacts with the content of the website. The files gather information about the way the user uses the website, the type of website from which the user was redirected and the number of visits and the time of the user’s visit to the website. This information does not record specific personal data about the user, but is used to compile usage statistics for the website.
6. The user has the right to decide on the access of cookie files to his/her computer by selecting them in advance in his browser window. Detailed information on the possibility and methods of using cookie files is available in the software (browser) settings.
1. The Controller shall apply technical and organisational measures to ensure the protection of the processed personal data, appropriate to the risks and categories of data protected and, in particular, to protect the data against their disclosure to unauthorised persons, their appropriation by an unauthorised person, their processing in violation of the applicable regulations as well as their alteration, loss, damage or destruction.
2. The Controller shall make available appropriate technical measures to prevent acquisition and modification by unauthorised persons of personal data sent electronically.