Privacy and Cookies Policy
This Privacy and Cookie Policy sets out the principles for obtaining, processing and securing personal data provided by Users in connection with the use of the Website and implements the information obligation resulting from Art.13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation ), hereinafter referred to as “GDPR”.
This Policy also specifies the rules for storing and accessing information on User’s Devices using cookies.
Information obligation:
The Data Controller of personal data collected as part of the IPLAS portal is the company Systemy Przetwarzania i Integracji Danych sp.z o.o. (hereinafter referred to as the “Data Controller”), with headquarters in Rybnik, ul. gen. Jarosława Dąbrowskiego 9, 44-200 Rybnik, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Gliwice, X Commercial Department of the National Court Register under the number KRS 0000535640, NIP (Tax ID) 6423188801 and REGON (Business ID) 360342581, with the share capital of PLN 50,000.00.
Data Processing and Integration Systems sp.z o.o. is represented by the Management Board in the following composition:
Paweł Marks – President of the Board;
Rafał Malczok – Vice President of the Board.
Contact details:
Postal address: Systemy Przetwarzania i Integracji Danych sp. z o.o., ul. gen. Jarosława Dąbrowskiego 9, 44-200 Rybnik,
e-mail: biuro@spiid.pl
phone number: +48 502 373 576
The customer service office is open from Monday to Friday from 8AM to 4PM.
Acting in performance of the information obligation arising from Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Protection Regulation data), hereinafter referred to as “GDPR”, we hereby inform that:
Data Protection Officer:
The Data Controller has appointed a Data Protection Officer – a person who can be contacted in all matters related to the processing of personal data by the Data Controller and in matters of exercising the rights related to the processing of personal data.
Contact details of the Data Protection Inspector:
Name: Katarzyna Koczy
Postal address: Systemy Przetwarzania i Integracji Danych sp. z o.o. attention: Katarzyna Koczy Data Protection Officer, ul. gen. Jarosława Dąbrowskiego 9, 44-200 Rybnik;
e-mail: IOD@spiid.pl
Purposes and legal grounds for the processing of personal data as part of the IPLAS website:
Data provided in the registration process – personal data necessary to establish, shape the content, change or terminate the relationship between the Parties. Legal basis:
a. Article 6 point 1 letter b) of the GDPR – processing is necessary for the performance of an agreement to which the data subject is party to or to take action at the request of the data subject before the conclusion of the agreement;
b. Article 18 of the Act on the provision of electronic services – a service provider may process the recipient’s personal data necessary to establish, shape the content, amend or terminate the legal relationship.
In the case of giving optional consent, for the purpose of sending commercial information to the e-mail address provided in the registration process by means of electronic communication within the meaning of the Act of 18 July 2002 on the provision of electronic services. Legal basis:
a. Art. 6 point 1 letter a) GDPR – the data subject has consented to the processing of his personal data for one or more specific purposes;
b. Art. 10 of the Act on Providing Services by Electronic Means – commercial information is considered to be ordered, if the recipient has consented to receive such information, in particular, has provided an e-mail identifying him for this purpose.
In the case of a paid contract for the provision of IPLAS services -–personal data entered by the Customer into the IPLAS system. Legal basis:
a. The contract for entrusting the processing of personal data concluded with the Customer;
Article 6 point 1 letter b) of the GDPR – processing is necessary for the performance of an agreement to which the data subject is party to or to take action at the request of the data subject before the conclusion of the agreement;
The Customer’s personal data may also be processed in order to exercise the rights of the Data Controller or to perform the obligations. Legal basis:
a. Art. 6 point 1 letter c) of the GDPR – processing is necessary to fulfil the legal obligation incumbent on the data controller;
b. art. 6 point 1 letter f) of the GDPR – processing is necessary for the purposes of the legitimate interests pursued by the data controller.
Additional processing purposes include ensuring the safety of using the services, ensuring the possibility of selecting and maintaining personalized, analytical and statistical settings to improve the service. Legal basis:
a. Art. 6 point 1 letter f) of the GDPR – processing is necessary for the purposes of the legitimate interests pursued by the data controller.
Period of storage of personal data:
Users’ personal data will be processed for the duration of the contract for the provision of electronic services (Demo Version), and in the case of a paid contract for the provision of IPLAS services for the duration of this contract, as well as for the time appropriate to the investigation or defence against claims that may arise from concluded contracts.
Personal data processed on the basis of consent to processing will be processed until this consent is revoked.
In the event of concluding a paid contract for the provision of IPLAS services, personal data entrusted by the Customer to the Data Controller on the basis of the contract for entrusting the processing of personal data, will be processed for the period specified in this contract.
After completing the processing of personal data for the original purpose, the data may be processed for another purpose, if there is a legal basis for it.
Data recipients:
The Data Controller will transfer personal data only to entities that will perform services necessary for him to provide services under IPLAS. Such entities are, in particular, providers of the following services: IT service providers (including professional Data Centre), couriers, accountants, lawyers. The Data Controller hereby declares that the processing of data by each of such entities will take place on the basis of an agreement entrusting the processing of personal data and in accordance with the Data Controller’s instructions. Service recipients will only have access to data that is necessary to provide their services.
Your rights:
As the Data Controller of your data, we provide you with the right to access your data, you can also rectify them, request their removal or limit their processing. You can also exercise the right to object to the Data Controller against the processing of data and the right to transfer data to another data Data Controller. If consent to the processing of personal data (e-mail address for the purpose of sending commercial information) is provided voluntarily, there is a right to withdraw consent to the processing of data at any time, which does not affect the lawfulness of the processing, which was made on the basis of consent before the withdrawal thereof. All rights that you have will be exercised in accordance with the relevant provisions of law, in particular the provisions of the GDPR.
In order to exercise the above rights, please contact us or our Data Protection Officer (contact details above).
Right to lodge a complaint with the authority:
We hereby inform that in terms of violation of the right to protection of personal data or other rights granted under the GDPR, you have the right to lodge a complaint to the body supervising compliance with personal data protection provisions, i.e. to the President of the Office for Personal Data Protection.
Voluntary submission of data:
Providing personal data by the User at the registration stage is voluntary, however, it is necessary to register the User and provide services electronically.
Cookies
For the proper operation of the Website, cookies are used (“cookies”). Cookies are small packages of information saved on the User’s device, usually containing the website address, date of placement, expiry date, unique number and additional information in accordance with the intended use of the file.
Cookies do not contain data that would allow identification, and their reading can be turned off by the server that created them.
The user may disable the saving of cookies on his device, in accordance with the browser manufacturer’s instructions, but this may result in the unavailability of some or all of the website functions. Each website user may delete cookies stored on their device at any time, in accordance with the browser manufacturer’s instructions.
Types of Cookies in relation their origin:
On the Website, the Data Controller uses the following Cookies in relation to their origin:
1) Data Controller’s Cookies – denotes Cookies placed by the Data Controller, related to the provision of electronic services by the Data Controller via the Website. Data Controller’s Cookies are used to ensure proper use of the Website, including:
– optimizing the Website for devices and browsers that Users use most often;
– improving the process of using the Website, for this purpose Cookies may save decisions made by the User on the Website.
2) External Cookies – denote Cookies placed by the Data Controller’s partners via the Website. External Cookies are used for analytical, marketing, social and video display purposes.
Analytical Cookies:
The Data Controller utilizes Analytical Cookies to improve the functioning of the Website and to measure, without directly identifying the User’s personal data, the effectiveness of marketing activities. For these types of Cookies, the Data Controller utilizes the solution:
- Google Analytics – a solution provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The Data Controller uses this solution on a legitimate interest, consisting in creating statistics and analysing them in order to optimize the Website.
The information collected in this way can be transmitted to servers in the United States and stored there. Google has joined the EU-US-Privacy Shield program to ensure an adequate level of protection of personal data required by European regulations. The European Commission has recognized that companies with a Privacy Shield certificate provide an adequate level of data protection.
More information about Google Analytics and Google Cookies can be found on the service provider’s website:
https://support.google.com/analytics/answer/6004245.
The User can block the processing of data by Google as part of the Google Analitycs service, by installing a browser plug-in that blocks this service. The plug-in is available at: https://tools.google.com/dlpage/gaoptout
- Hotjar – Solution provided by Hotjar Limited, Level 2, St Julian’s Business Center, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. The Data Controller uses this solution on a legitimate interest, consisting in creating statistics and analysing them in order to optimize the Website.
You can object to Hotjar creating your user profile, Hotjar’s storage of information about your use of our website and the use of Hotjar cookies here: https://www.hotjar.com/legal/compliance/opt-out.
If you are interested in the details related to data processing under Hotjar, we encourage you to read the Hotjar privacy policy: https://www.hotjar.com/legal/policies/privacy.
Marketing Cookies:
Cookies used for marketing purposes are used to match the content and forms of ads displayed on the website of a service provider. In this case, the Data Controller uses the solution:
Facebook Pixel – a solution provided by Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA. Actions in this area are carried out by the Data Controller based on his legitimate interest in the form of marketing his own products or services.
Facebook Pixel automatically gathers information about the use of the Website by the User. The information collected in this way can be transmitted to Facebook servers in the United States and stored there. Facebook has joined the EU-US-Privacy Shield program to ensure an adequate level of protection of personal data required by European regulations. The European Commission has recognized that companies with a Privacy Shield certificate provide an adequate level of data protection.
The information collected as part of Facebook Pixel does not allow the Data Controller to identify the User. The Data Controller only knows which User has taken actions on the Website. However, Facebook may combine this data with other data collected as part of the use of Facebook by the User, as well as utilize such information for its own purposes. Facebook’s activities in this area are independent of the Data Controller. A User with an account on Facebook can manage his/her privacy settings at:
https://www.facebook.com/privacy/explanation .
Social Cookies:
The Website uses a plug-in provided by Facebook. As a consequence, by displaying the Website, the User’s browser will directly connect to a Facebook server. If a User entering the Website is simultaneously logged in to Facebook, Facebook will be able to associate visiting the Website with the User’s data on Facebook.
As part of the Social Cookies of Facebook, the Data Controller uses the Facebook service Messenger Plugin which is used to chat with the User. The Messenger plug-in is associated with the User’s account on Facebook.com
If the User does not want Facebook to assign data collected by displaying the Website, the User should log out of Facebook before entering the Website. The User can also use browser plugins that block the loading of Facebook plugins.
Video-related Cookies:
- You Tube – the website uses the installed YouTube button and the possibility of playing a YouTube video directly on the website. The provider of YouTube is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA,
For this purpose, Google Cookies associated with the YouTube service are used. In this regard, Cookies will be downloaded to the User’s Device when a video is played. In the absence of consent to load these Cookies, the User should refrain from playing video recordings embedded on the Website.
If the User does not want YouTube and its Data Controller – Google – to assign the data collected by displaying a video on the Website, the User should log out of YouTube/Google before playing the video. The User can also use browser plugins that block the loading of YouTube/Google plugins.
- Vimeo – The website also uses an integration tool (embedding) in the video website called Vimeo. The provider of Vimeo is Vimeo, LLC, with its registered office at 555 West 18th Street, New York, New York 10011.
In the event of entering website on which a video would be implemented using Vimeo, a connection will be established with Vimeo’s servers. Vimeo receives information about which page of the Website has been visited by the user. In addition, Vimeo also receives the User’s IP address.
More information can be found at: https://vimeo.com/privacy.
Types of Cookies in relation their persistence:
Some Cookies used by the Data Controller are deleted after the end of a web browser session, i.e. after closing it (so-called Session Cookies). Other Cookies are stored on the User’s end device and enable the Data Controller to recognize the User’s browser the next time he/she enters the Website (Persistent Cookies).
Safety
The storage and reading mechanisms do not allow the collection of any personal data or any confidential information from the User’s Device. In the case of own Cookies, the Data Controller of the Website is responsible for their safety, which guarantees that they are safe for Users’ Devices. In the case of External Cookies, the entities indicated in this Policy are responsible for their safety.
Information concerning Cookies:
During the first visit to the Website, the User is displayed information on the use of Cookies. The information displayed contains a link to this Policy. Acceptance of the information will create a Cookie that will confirm the acceptance of this information. Thanks to this, the information will not be displayed again to the User, unless he/she removes the Cookie file from his/her Device.
Changing browser settings
Default browser settings usually allow Cookies to be saved on the devices of the users of websites. However, these settings can be changed by the User.
The Data Controller hereby informs that in accordance with the provisions of the Telecommunications Law, the user’s consent to the storage of information or access to information already stored in the user’s telecommunications equipment may also be expressed by the user through the settings of the software installed in the equipment used by him/her.
Therefore, if the User does not want to give such consent, he/she should change the settings of the web browser.
Detailed information on changing browser settings regarding Cookies and their removal can be obtained on the official website of the specific browser. In particular, the above information can be found on the following websites:
1) Firefox browser – https://support.mozilla.org/pl/kb/usuwanie-ciasteczek
2) Chrome browser –
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=pl ;
3) Microsoft Edge browser – https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies ;
4) Opera browser – https://help.opera.com/pl/latest/web-preferences/#cookies ;
5) Safari browser – https://support.apple.com/pl-pl/guide/safari/sfri11471/mac .