PRIVACY AND PERSONAL DATA PROTECTION POLICY IN ACCORDANCE WITH THE GDPR
1.1. Controller – legal person, MQX Polska Sp. z o.o. with headquarters in Rzeszów, ul. Cicha 7/70A, 35-326 Rzeszów, KRS 0000314062, NIP 8133572277, REGON 180387143, office address (ul. Grzybowska 87, 00-844 Warsaw).
1.2. Personal data in accordance with the GDPR definition – any information relating to an identified or identifiable natural person, who can be identified, directly or indirectly, in particular by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, as well as to a device IP, location data, an online identifier or information collected through cookies and other similar technology. Please be advised that we do not collect the above data, only those used for contact via the form and/or cookies.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.5. Website – a website run by the Controller at www.ochronasygnalistow.com.pl
1.6. User – any natural person visiting the Website, or using one or more services or functionalities described in the Policy.
2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE
2.1. In connection with the User's use of the Website, the Controller collects data to the extent necessary to provide individual services offered, as well as information about the User's activity on the Website. The detailed rules and purposes of processing of personal data collected during the use of the Website by the User are described below.
3. PURPOSE AND LEGAL BASIS FOR DATA PROCESSING ON THE WEBSITE USING THE WEBSITE
3.1. The personal data of the Website Users (including the IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Controller:
3.1.1. in order to provide electronic services in the scope of making the content collected on the Website available to Users – then the legal basis for processing is the necessity of processing to perform a contract (Article 6 (1) (b) of the GDPR);
3.1.2. for analytical and statistical purposes – then the legal basis for processing is the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR) consisting in conducting analyses of Users' activity, as well as their preferences in order to improve the functionalities and services provided;
3.1.3. in order to establish and pursue claims or defend against them – the legal basis for processing is the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR) consisting in the protection of their rights;
3.2. The Controller sends information about their offer to people who have provided their e-mail address for this purpose. Providing data in order to receive information regarding the Controller's offer is voluntary. The Controller sends such information only if the User has given their consent, which they may withdraw at any time without affecting the lawfulness of the processing carried out prior to its withdrawal.
3.3. Personal data is processed in order to send information about the Controller's offer by e-mail as part of the newsletter – the legal basis for processing, including profiling, is the Controller's legitimate interest (Article 6 (1) (f) of the GDPR) in connection with the consent expressed to receive the newsletter .
3.4. The Controller provides the possibility of contacting them on the Website using electronic contact forms. Using the form requires providing personal data necessary to contact the User and answer the inquiry. The User may also provide other data in order to facilitate contact or handling the inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to do so results in the inability to handle it. Providing other data is voluntary.
3.5. Personal data is processed:
3.5.1. in order to identify the sender and handle their inquiry sent via the provided form – in the scope of data necessary to establish contact or handle the inquiry – the legal basis for processing is the necessity of processing to perform a service contract (Article 6 (1) (b) of the GDPR);
3.5.2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR), consisting in conducting analyses of Users' activity and preferences when using the Website and the method of using the account, in order to improve the functionalities used;
3.5.3. in order to identify the sender and handle their inquiry sent via the provided form – in the scope of data that is not necessary to contact or handle the inquiry – the legal basis for processing is the User's consent (Article 6 (1) (a) of the GDPR).
4. SOCIAL MEDIA
4.1. The Controller processes personal data of Users visiting the Controller's profiles on social media (Linkedin). This data is processed only in connection with running the profile, including to inform Users about the Controller's activity and to promote various types of events, services and products. The legal basis for the processing of personal data by the Controller for this purpose is their legitimate interest (Article 6 (1) (f) of the GDPR) consisting in promoting their own brand.
5. COOKIES AND SIMILAR TECHNOLOGY
5.1. Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information that facilitates the use of the website – e.g. by remembering the User's visits to the Website and the activities performed by the User (service cookies).
5.2.1. cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
5.2.2. authentication cookies used for services that require authentication for the duration of the session (authentication cookies);
5.2.3. cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies);
5.2.4. multimedia player session cookies (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
5.2.5. persistent cookies used to personalize the User's interface for the duration of the session or a little longer (user interface customization cookies),
5.2.6. cookies used to monitor traffic on the website, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyse how the User uses the Website, to create statistics and reports on the functioning of the Website). Google does not use the collected data to identify the User and does not combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners.
6. PERSONAL DATA STORAGE PERIOD
6.1. The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, the User's data is processed by using the Website or communicating with the User, while the data related to the sending of the newsletter – until the consent is withdrawn or an effective objection to data processing is submitted.
6.2. The data processing period may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly erased or rendered anonymous.
7. USER RIGHTS IN ACCORDANCE WITH GDPR
7.1. The User has the right to: access the data and request rectification, erasure, processing restrictions, transfer data and object to data processing, as well as the right to lodge a complaint with a supervisory body dealing with the protection of personal data.
7.2. To the extent that the User's data is processed on the basis of consent, it can be withdrawn at any time by contacting the Controller, which does not affect the lawfulness of data processing before its withdrawal.
7.3. The User has the right to object to the processing of data for marketing purposes, if the processing takes place in connection with the legitimate interest of the Controller, and – for reasons related to the specific situation of the User – in other cases when the legal basis for data processing is the legitimate interest of the Controller (e.g. in connection with the implementation of analytical and statistical purposes).
8. DATA RECIPIENTS
8.1. In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems.
8.2. The Controller reserves the right to disclose selected information about the User to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.
9. SECURITY OF PERSONAL DATA
9.1. The Controller conducts a risk analysis on an ongoing basis to ensure that personal data is processed in a safe manner – ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. The Controller makes sure that all operations on personal data are recorded and performed only by authorized employees and associates.
9.2. The Controller takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process personal data on behalf of the Controller.
10. CONTACT DETAILS
10.1. Contact with the Controller is possible via the form in the CONTACT tab or to the correspondence address: MQX Polska Sp. z o.o., ul. Grzybowska 87, 00-844 Warszawa, Tel 22 270-12-93.
11.1. The Policy is verified on an ongoing basis and updated if necessary.