PRIVACY POLICY AND INFORMATION ON HOW TO PROTECT PERSONAL DATA OF USERS OF WWW.AEROSOL.PL WEBSITE IN ACCORDANCE WITH THE REQUIREMENTS OF RODO (PERSONAL DATA PROTECTION REGULATION)
1. Introduction
-
This document is a description of the privacy policy contained on the website at www.aerosol.pl, whose administrator is Aerosol Service Sp. z o.o., based in Charnowo 36, 76-270 Ustka Poland, NIP: 8393056472, (hereinafter: Administrator).
-
The purpose of the Policy is to define the principles, processing and use of data and information from users of the website, and includes information on the rights of individuals with respect to the personal data they provide.
-
By accessing or using this site and submitting any personal information to us, you agree to the terms of this privacy policy.
-
We collect, process and use personal data in accordance with the contents of this Privacy Policy and applicable data protection regulations, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Dz.U.UE.L.2016 .119.1 of 2016.05.04, hereinafter referred to as the "GDPR"), the Act of 10.05.2018 on the protection of personal data (i.e. Journal of Laws of 2019, item 1781) and the Act of 16.07.2004. Telecommunications Law (i.e., Journal of Laws of 2019, item 2460, as amended).
2. Data protection rules
-
The Administrator shall take special care to ensure that all personal data are processed in accordance with the purpose for which they were collected and used in accordance with the scope of the authorizations (consents) granted and the areas of processing permitted by law.
3. Purpose of personal data processing
-
Any person providing personal data to the Administrator through the forms on the website is informed of the specific purpose for which the data are processed and the legal basis for the processing.
-
The administrator uses personal data only for the following purposes:
- in the case of consent to be contacted via a contact form for the purpose of contacting a representative of the Administrator (Article 6(1)(a) of the DPA);
- in the case of the conclusion of a contract, for its proper execution (Article 6(1)(b) of the RODO);
- For the purpose of establishing, investigating or defending claims (Article 6(1)(f) of the GDPR).
- Your personal data processed on the basis of your consent will be processed until you revoke it or the purpose for which the data was collected ceases.
-
Data processed in connection with the conclusion and performance of the contract, will be processed in accordance with applicable regulations, but no longer than until the expiration of the period in which the Administrator can assert claims related to the concluded contract.
4. Data safety and storage
-
The Administrator shall ensure the security of personal data by means of appropriate technical and organizational measures to prevent unlawful processing of data and their accidental loss, destruction and damage.
-
The Administrator shall exercise due diligence to ensure that personal data:
- lawful, up-to-date, reliable and transparent,
- collected for specific and legitimate purposes and not further processed in a manner incompatible with those purposes;
- adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- correct and updated as necessary;
- kept in a form that allows identification of the data subject for no longer than necessary for the purposes for which the data are processed;
- processed in a manner that ensures appropriate security of personal data;
- while ensuring the realization of the rights of data subjects;
- nie transferowane bez odpowiedniej ochrony do krajów poza Europejski Obszar Gospodarczy lub organizacji międzynarodowych.
-
We store user data on specially protected servers. They are secured by technical and organizational measures against loss, destruction, access, modification or distribution of data by unauthorized persons. Only authorized responsible persons with appropriate qualifications and knowledge of the importance of personal data and its protection have access to the data. Those responsible for technical, commercial or editorial support of servers present the same qualifications and responsibility. We conduct regular inspections of the data protection system against all threats striving for maximum data protection. Personal data is transferred on the Internet in encrypted form. However, data transfer is at the data owner's own risk. Having any doubts about transferring one's own data, everyone should consider the safest way to transfer it.
5. Data acquisition
-
When collecting any personal data, the Administrator shall note from where it was first obtained.
-
Personal data is obtained through:
- forms filled out online - information is collected through various forms available on the website for contact purposes, to submit questions, to express comments;
- non-network contact ̶ on the Administrator's websites there are various telephone and fax numbers and email addresses where you can contact us ;
- traffic data and statistics on the frequency of visits to the Administrator's sites - a record is kept of information on traffic data that is automatically recorded by our server, such as the user's IP address, URLs visited before visiting our site, URLs visited after visiting our site, and visited pages. Statistics on the number of visits to the site and page views are also collected. The administrator is not able to directly determine the identity of a user based on traffic data and statistics on the use of the site.
- When using the resources of the websites managed by the Administrator - information about users is collected through files such as "cookies". Cookies - small text files transferred from the website and stored on the hard drive of the user's computer used for customization of content and services to the individual needs and interests of users of the Administrator's website. They allow the site to "remember" who you are. The user may disable the option to accept cookies in his/her browser at any time, however, the effect of such a change may be the loss of use of the Administrator's website.
- During each visit to our site or online service, we collect the following information about your computer: your computer's IP address, the query sent from your browser and the time of such query. In addition, as part of such a query, information about the status and amount of data transferred is collected.
-
We collect information about the type and version of the Internet browser you use and the operating system of your computer. We also collect information about which website you came to our online service from. In doing so, the computer's IP address is stored only during the time you use our online service, and is then deleted or given anonymity status by truncation. Other data is stored for a limited period. We use this data to operate the online offering, in particular to identify and rectify errors, to determine the load of the online offering, as well as to adjust or improve it. We ensure data security according to the most modern data protection standards.
6. User rights
-
The Administrator shall respect each person's rights related to the processing of his/her personal data. In particular, each person whose data is processed is entitled to:
- The right to access your personal data and the right to request their rectification, deletion or restriction of their processing;
- The right to portability of personal data, i.e. to receive your personal data from the Administrator, in a structured, commonly used machine-readable format, if technically possible. You may send this data to another controller;;
- to the extent that the processing of your personal data is based on the premise of the controllers' legitimate interest, you have the right to object to the processing of your personal data;
- withdraw it. You can revoke your consent at any time by sending a request to the Administrator's address listed in Section 1. However, withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal;
- to exercise the above rights, please contact the Administrator;
- the right to file a complaint with the President of the Office for Personal Data Protection.
- The controller stipulates that in the event that it is not possible to identify a person absolutely, for example, due to the extent of the data provided by him/her, he/she may refuse to take action at the request of the data subject by informing the data subject, unless the data subject provides additional information that allows him/her to be identified.
-
The Administrator informs that he is not obliged to delete data ("right to be forgotten") in case the processing is necessary to:
- exercise of rights and freedom of expression and information,
- to comply with a legal processing obligation under European or Polish law, or to perform a task carried out in the public interest, archival purposes in the public interest, scientific or historical research purposes, or statistical purposes,
- to establish, assert or defend claims.
- If the User objects to further processing for marketing purposes or to the transfer of personal data to another data controller, the objection shall be upheld. However, the data controller may leave the data identifying the individual in the file only to avoid reuse of the individual's data for the purposes covered by the objection.
-
The user may exercise the right to information and access to data. At the request of the data subject, the Data Controller shall, within 30 days, provide the necessary information.
7. Scope of sharing user data
-
The Administrator declares that he does not sell and does not lend the personal data collected for processing to other entities, except at the request of state authorities authorized by law for the purposes of their investigations or activities related to security or defense, for legally defined tasks carried out for the public good, when it is necessary to fulfill the legally justified purposes of the Administrator.
-
The administrator may share personal data with the company's employees and associates.
-
In addition, the recipients of the personal data processed by the Administrator will only be entities that provide and support ICT systems.
8. Privacy policy changes
-
Changes in the privacy policy may be affected by changes in the legislative sphere of data protection, as well as other factors. Customers and users will be promptly informed of any changes on the Administrator's website. In the event of a change in the applicable privacy policy, appropriate modifications will be made to the above provision.
9. Right to make a complain
-
Whenever an individual believes that his or her rights under the law and this privacy policy are being violated, he or she has the right to file a complaint with the Data Protection Authority.
10. Contact
-
For any questions related to the processing and protection of personal data, including this Privacy Policy, please contact: office@aerosol.pl.
11. Cookies
-
Our website uses cookies. Cookies are small text files that are stored on your computer, which save certain settings and data for exchange with our online offerings when accessed in your browser. A cookie usually contains the name of the domain from which the cookie was sent, as well as information about the age of the cookie and an alphanumeric identifier. Cookies allow us to recognize your computer and immediately provide you with initial settings. Cookies help us improve our online offerings and offer you a better and more customized service. The use of cookies is necessary for technical reasons for the shopping cart function. In most browsers, cookies are automatically accepted. However, the saving of cookies can be disabled or the browser can be set to inform you when cookies are being sent. If you refuse to save cookies, the use of our online offerings is limited or impossible.
12. Use of cookies
-
The online offering uses Google Analytics and Google Search Console, web analytics services from Google Inc. ("Google"), which use cookies. The information collected by the cookies as a result of using the website is transferred to a Google server in the United States and stored there. If the IP address anonymization status is activated on this website, the IP address of the Google websites will be truncated within the member states of the European Union or other countries that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the United States and shortened there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to regulate services related to website use. Google will also transfer this information to third parties where required to do so by law or where such third parties process the data on Google's behalf. Google will under no circumstances link your IP address to any other Google data. You may prevent the installation of cookies by selecting the appropriate settings in your browser; however, please note that in this case not all functions may be fully functional. In addition, you can prevent Google from collecting the data triggered by the cookies and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at tools.google.com/dlpage/gaoptout. Please note that this website uses the Google Analytics tool with the extension "_anonymizeIp()" and therefore IP addresses are processed only in an abbreviated form in order to exclude the possibility of direct association with a specific person. For this purpose, the last octet of the IP address is removed. For more information, please visit www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection).
13. Protection of minors
-
Children and young people under the age of 16 are not allowed to provide us with any personal information without the consent of their parents or guardians. We do not request any personal information from children or young people, we do not collect it and we do not provide it to third parties.