WEBSITE PRIVACY POLICY
WWW.ARTGRANIT.PL
§ 1
GENERAL PROVISIONS
1. the administrator of personal data collected via the www.artgranit.pl website is Robert Noga performing business activity under the name ROBERT NOGA ART GRANIT entered in the Central Register and Information on Business Activity of the Republic of Poland conducted by the minister responsible for economy, place of business and address for delivery: Aleja Wojska Polskiego 75, 58-150 Strzegom, registered office address: 7 Górnicza Street, 58-130 Żarów, NIP: 8842183904, REGON: 020228868, electronic mail address (e-mail): biuro@artgranit.pl, telephone number: + 48 607 211 591, hereinafter referred to as the “Administrator” and being at the same time the “Service Provider”.
2. Personal data collected by the Administrator through the website are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as RODO.
3.. Any words or expressions capitalized in the contents of this Privacy Policy shall be understood as defined in the Terms of Service of www.artgranit.pl.
§ 2
TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes personal data of Service Recipients of www.artgranit.pl in the case of:
1.1. signing up for the Newsletter for the purpose of sending commercial information electronically. Personal data is processed upon separate consent, pursuant to Article 6.1.a) RODO,
1.2. use of the Feedback System in order to allow the Customer to express his/her opinion on the Website and certain Products pursuant to Article 6.1.f) RODO. f) RODO (legitimate business interest),
1.3. use of the Contact Form to send a message to the Administrator on the basis of Article 6(1)(f) RODO (legitimate business interest).
2. TYPE OF PERSONAL DATA PROCESSED. The Service Recipient provides the following in case of:
2.1. Newsletter: first and last name, e-mail address,
2.2. Contact Form: first and last name, e-mail address, telephone number, Tax ID, address,
2.3. Opinion System: first name, e-mail address.
3. PERSONAL DATA ARCHIVING PERIOD. The personal data of Service Recipients shall be stored by the Administrator:
3.1. where the basis of data processing is the performance of the contract, for as long as it is necessary for the performance of the contract, and thereafter for a period corresponding to the period of limitation of claims. If a specific provision does not provide otherwise, the period of limitation is six years, and for claims for periodic benefits and claims related to the conduct of business activity – three years,
3.2. where the basis for data processing is consent, as long as the consent is not revoked, and after revocation of consent for a period of time corresponding to the period of limitation of claims that the Administrator may raise and that may be raised against him. Unless a special provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business – three years.
4. When using the Website, additional information may be collected, in particular: the IP address assigned to the Client’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
5. Upon separate consent pursuant to Article 6(1)(a) of the RODO, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes – respectively, in connection with Article 10(2) of the Act of 18 July 2002 on the provision of services by electronic means or Article 172(1) of the RODO. 1 of the Act of July 16, 2004 – Telecommunications Law, including those directed as a result of profiling, provided that the Customer has given the appropriate consent.
6. Navigation data may also be collected from Service Recipients, including information about the links and references they choose to click on or other actions taken on the Site. The legal basis for such activities is the legitimate interest of the Administrator (Article 6(1)(f) RODO) to facilitate the use of services provided electronically and to improve the functionality of these services.
7. The provision of personal data by the Service Recipient is voluntary.
8The Administrator shall exercise due diligence in order to protect the interests of data subjects, and in particular shall ensure that the data he collects are:
8.1. processed in accordance with the law,
8.2. collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes,
8.3. factually correct and adequate in relation to the purposes for which they are processed, and stored in a form that allows the identification of data subjects for no longer than it is necessary to achieve the purpose of processing.
§ 3
SHARING OF PERSONAL DATA
1. personal data of Service Recipients are transferred to providers of services used by the Administrator in the operation of the Site, in particular to:
1.1. providers of feedback survey systems,
1.2. accounting office,
1.3. hosting provider,
1.4. provider of software enabling business operations,
1.5. providers of mailing system,
1.6. provider of software needed to run the website.
2. service providers (referred to in Section 1 of this paragraph) to whom personal data are transferred – depending on contractual arrangements and circumstances – either are subject to the Administrator’s instructions as to the purposes and means of processing such data (processors) or determine the purposes and means of processing themselves (administrators).
3. Personal data of Service Recipients are stored exclusively in the European Economic Area (EEA) subject to § 5 point 5 and § 6 of the Privacy Policy.
§ 4
THE RIGHT TO CONTROL, ACCESS AND CORRECT THE CONTENT OF THEIR OWN DATA
1. the Data Subject has the right to access the content of his/her personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the legality of the processing performed on the basis of consent before its withdrawal.
2.. Legal grounds for the Customer’s request:
2.1. access to data – Art. 15 RODO,
2.2. rectification of data – Art. 16 RODO,
2.3. deletion of data (so-called right to be forgotten) – Art. 17 RODO,
2.4. restriction of processing – art. 18 RODO,
2.5. data portability – art. 20 RODO,
2.6. objection – art. 21 RODO,
2.7. withdrawal of consent – art. 7(3) RODO.
3In order to exercise the rights referred to in Section 2, you can send the relevant email to: biuro@artgranit.pl
4. In a situation where the Service Recipient requests the right under the above rights, the Administrator shall comply with the request or refuse to comply with it immediately, but no later than within one month after receiving it. However, if – due to the complicated nature of the request or the number of requests – the Administrator will not be able to fulfill the request within one month, he will fulfill it within another two months informing the Service Recipient in advance – within one month of receiving the request – of the intended extension of the deadline and the reasons for it.
5. If it is determined that the processing of personal data violates the provisions of the RODO, the data subject has the right to file a complaint with the President of the Office for Personal Data Protection.
§ 5
COOKIES
1 The Administrator’s website uses “cookies”.
2. The installation of “cookies” is necessary for the proper provision of services on the Website. The “cookies” files contain information necessary for the proper functioning of the website, and they also provide the possibility to develop general statistics of website visits.
3. The website uses two types of “cookies”: “session” and “permanent”.
3.1. “Session” “cookies” are temporary files that are stored on the final device of the Service Recipient until logging out (leaving the site),
3.2. “Permanent” “cookies” are stored on the final device of the Service Recipient for the time specified in the parameters of “cookies” or until they are deleted by the Service Recipient.
4. The Administrator uses its own cookies to better understand how the Service Recipients interact with the content of the site. The files collect information about how the website is used by the Service Recipient, the type of website from which the Service Recipient was redirected, and the number of visits and the time of the Service Recipient’s visit to the website. This information does not record specific personal data of the Service Recipient, but is used to compile statistics on the use of the website.
5. The Administrator also uses external cookies to collect general and anonymous statistical data through Google Analytics analytical tools (administrator of external cookies: Google LLC. based in the USA).
6. Cookies may also be used by advertising networks (in particular, the Google network) to display advertisements tailored to the way the Service Recipient uses the Website. For this purpose, they may retain information about the Service Recipient’s navigation path or time spent on a given page.
7. The Service Recipient has the right to decide on the access of “cookies” to his/her computer by:
7.1. selecting the types of cookies that he/she agrees to collect immediately after entering the Site and displaying a message regarding cookies,
7.2. changing the settings in his/her browser window. Detailed information about the possibility and methods of handling cookies is also available in the settings of your software (web browser).
§ 6
ADDITIONAL SERVICES RELATING TO USER ACTIVITY ON THE SERVICE.
(1) The Service uses so-called social plug-ins (“plug-ins”) of social networks. By displaying the www.artgranit.pl website containing such a plug-in, the Service Recipient’s browser will establish a direct connection to the Facebook, Instagram, Pinterest, Twitter and YouTube servers.
2. The content of the plug-in is transmitted by the respective service provider directly to the Service Recipient’s browser and integrated into the website. Thanks to this integration, service providers receive information that the Client’s browser has displayed the www.artgranit.pl website, even if the Client does not have a profile with the given service provider or is not logged in with him/her at the moment. This information (including the Client’s IP address) is sent by the browser directly to the service provider’s server (some servers are located in the U.S.) and stored there. (3) If the Client logs into one of the above-mentioned social networks, the service provider will be able to directly associate the visit to www.artgranit.pl with the Client’s profile in the given social network. (4) If the Client uses a particular plug-in, e.g. by clicking on the “Like” button or the “Share” button, the relevant information will also be sent directly to the server of the respective service provider and stored there. 5 The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and the rights of the Customer in this regard and the possibility to make settings to ensure the protection of the privacy of the Customer are described in the privacy policies of service providers:
5.1. https://www.facebook.com/policy.php
5.2. https://help.instagram.com/519522125107875?helpref=page_content
5.3. https://policy.pinterest.com/pl/privacy-policy
5.4. https://help.twitter.com/en/rules-and-policies
5.5. https://policies.google.com/privacy?hl=pl&gl=ZZ.
6.If the Customer does not want the social networks to attribute the data collected during a visit to www.artgranit.pl directly to his/her profile on a given service, he/she must log out of that service before visiting www.artgranit.pl. The recipient can also completely prevent the loading of plug-ins on the site by using appropriate extensions for the browser, e.g. blocking scripts with “NoScript”.
7. The Administrator uses remarketing tools on his site, i.e. Google Ads. Their use involves the use of cookies from Google LLC. pertaining to the Google Ads service. As part of the mechanism for managing the settings of cookies, the Customer has the ability to decide whether the Service Provider will be able to use Google Ads (administrator of external cookies: Google LLC. based in the USA) in relation to him.
§ 7
FINAL PROVISIONS
(1) The Administrator shall apply technical and organizational measures to ensure the protection of the processed personal data appropriate to the risks and categories of data protected, and in particular shall protect the data from being disclosed to unauthorized persons, from being taken by an unauthorized person, from being processed in violation of applicable regulations, and from being altered, lost, damaged or destroyed.
2. Administrator shall provide appropriate technical measures to prevent acquisition and modification by unauthorized persons, of personal data sent electronically.
3. In matters not regulated by this Privacy Policy, the provisions of RODO and other relevant provisions of Polish law shall apply accordingly.