Rules for the processing of Users’ personal data
From May 25, 2018, the Regulation of the European Parliament and of the Council (EU) has been in force in Poland 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing personal data and on the free movement of such data, and repealing the Directive 95/46/EC (referred to as “RODO”, “ORODO”, “GDPR” or “General Data Protection Regulation data”).
Therefore, we would like to inform you about the processing of your data and the rules on which it has been taking place since May 25, 2018. Below you will find basic information on this topic.
1) Principles of personal data processing:
a) “lawfulness, fairness and transparency”,
b) “purpose limitation”,
c) “data minimization”,
e) “storage limitation”,
f) “integrity and confidentiality”.
2) Conditions for the lawful processing of personal data:
a) the data subject has consented to the processing of his personal data in one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject is a party relate to, or to take action at the request of the data subject prior to the conclusion contracts;
c) processing is necessary to fulfil the legal obligation imposed on administrator;
d) processing is necessary to protect the vital interests of the data subject or another natural person;
e) processing is necessary to perform a task carried out in the public interest or in the exercise of public authority vested in the administrator;
f) processing is necessary for the purposes of legitimate interests carried out by the controller or by a third party, except where those interests are overridden by interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data, in in particular where the data subject is a child.
For what purpose and on what basis the data will be processed:
Your personal data obtained in connection with the use of the website will be processed in the following purposes, based on the following legal bases:
1) servicing the created account – based on the premise of the necessity of processing to performance of the contract or to take steps at your request prior to entering into the contract, for pursuant to art. 6 sec. 1 lit. b) GDPR,
2) presenting a commercial offer (electronically via email) – based on the one provided consent, pursuant to art. 6 sec. 1 lit. a) GDPR,
3) execution of the entrusted order (if any) or (if consent has been given) to be contacted marketing by telephone or via e-mail – based on the premise of the necessity of processing to perform the contract or take action on your behalf request before concluding the contract, based on the premise of the necessity of processing to fulfilment of a legal obligation incumbent on the administrator or based on the granted consent, pursuant to art. 6 sec. 1 lit. b), letter c) or point. a) GDPR;
4) conducting marketing activities, including customer acquisition and retention – based on granted consent or based on the premise of the necessity of processing to achieve the goals resulting from legitimate interests pursued by the administrator, pursuant to art. 6 sec. 1 lit. (a) or point (a) f) GDPR;
5) sale of products and services – based on the premise of the necessity of processing to performance of the contract or taking action at your request prior to entering into the contract, based on for the premise of the necessity of processing to fulfil the legal obligation to which you are subject administrator or based on the premise of the necessity of processing to achieve the goals resulting from legitimate interests pursued by the administrator, pursuant to art. 6 sec. 1 lit. b), letter c) or point. f) GDPR;
6) related to the conducted business activity, including for the purposes of conducting analyses and statistics – based on the consent granted or based on the premise of necessity processing to achieve the purposes of legitimate interests carried out by the administrator, pursuant to art. 6 sec. 1 lit. (a) or point (a) f) GDPR;
7) responding to letters and requests, as well as responding and examining any complaints and possibly to establish, pursue or defend claims
– based on the premise of the necessity of processing to achieve the purposes resulting from legitimate interests pursued by the administrator, pursuant to art. 6 sec. 1 lit. f) GDPR.
Providing personal data that will be processed in the above-mentioned purposes is voluntary, however failure to provide personal data may result in the inability to achieve these goals.
Who is the data controller and how to contact them
▪ The administrator of your personal data is Over Group Spółka z ograniczoną odpowiedzialnością
limited partnership, ul. Warszawska 65, 98-100 Łask,
▪ The Data Protection Officer, Bartosz Migas, has been appointed in the Company, correspondence address:
ul. Warszawska 65, 98-100 Łask with the note “IOD”, e-mail: email@example.com
For what period the data will be stored
The period of storage of your personal data depends on the purpose for which the data is processed. The period for which your personal data will be stored is calculated based on for the following criteria:
1) legal provisions that may oblige Over Group Spółka z ograniczoną odpowiedzialnością Spółka Komandytowa for data processing for a specified period of time;
2) the period necessary to maintain and service the created account on websites;
3) the period necessary to provide services and provide the necessary customer service;
4) the period necessary to implement the legally justified interests of the administrator, including for the time of considering possible complaints, for the time of determination, investigation or defence of claims;
5) the period for which the consent was granted, no longer than until the consent is withdrawn;
6) until the objection to further processing of personal data is raised, when data processing is carried out on the basis indicated in art. 6 sec. 1 lit. f) GDPR.
What are your rights
You have the right to:
1) request access to personal data concerning you;
2) rectification of data;
3) request supplementing incomplete personal data, including by presenting additional statement;
4) deletion of data or limitation of processing;
5) transfer of your personal data.
You have the right to raise an objection at any time – for reasons related to yours a special situation – in relation to the processing of your personal data based on indicated in art. 6 sec. 1 lit. f) GDPR, including profiling based on this provision (if applicable).
In such a situation, we will not process your personal data for these purposes, unless that there will be compelling legitimate grounds for such processing that override your interests, rights and freedoms, or there are grounds for determination, investigation or defence claims. You also have the right to object to processing at any time your personal data, when your personal data is processed for the purposes direct marketing – in this case we will not process your personal data for such purposes.
You have the right to withdraw your consent at any time. Withdrawal of consent has no effect for the lawfulness of the processing of your data, which was made on the basis of the granted consent before its withdrawal.
You also have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates the provisions of the GDPR. The supervisory authority in Poland is President of the Personal Data Protection Office (PUODO) with its registered office in Warsaw, ul. Rates 2 with which you can contact:
▪ by post: ul. Stawki 2, 00-193 Warsaw, Poland;
▪ using the electronic inbox available on the website
▪ by phone: +48 22 531 03 00, Hotline: +48 606-950-000.
Other information regarding data processing
Personal data may be disclosed to employees or associates of Over Group Spółka z ograniczoną odpowiedzialnością Spółka Komandytowa, contractors and clients of the administrator, such as also entities providing support to the administrator on the basis of outsourced services and in accordance with concluded entrustment agreements.
Personal data will not be processed in an automated manner, including profiling.
Personal data will not be transferred to third countries within the meaning of the GDPR or to other international organizations.
How to obtain information about data processing
All correspondence regarding matters related to the processing of your personal data should be directed to the administrator’s address with the note “Personal data” or by e-mail to the inbox firstname.lastname@example.org
Our website uses statistical tools, which is why they save on your device harmless cookies. We use them to better adjust the system to your requirements.
We can also run a number of marketing campaigns using Google AdWords and Facebook Ads, which require saving cookies on the device you use. Your easy identifiable personal data is not transferred to third parties in any way.
Identification is based on the general data stored in cookies. Statistical data is not transferred or analysed by entities other than the data owner / administrator.
Users of our website may stop providing this information at any time on our website by deleting cookies stored on their end devices through our service. To do this, change the settings of the currently used browser website.
You have the right to refuse to save and read cookies on your device (computer, phone). To do this, you must select the appropriate settings in the browser options website or to disagree if the application contained on the website, will ask you about it.
Configuring the browser in a way that will block the installation of cookies for specific, user-selected websites or for all websites, may result in loss in certain functionalities and hinder or prevent the full use of its capabilities. According to the requirements of the Telecommunications Law and the GDPR for confirming consent to the use of files cookie, is the configuration of the browser that allows the installation of cookies on computer.
How we secure your personal information
Communication between your computer and our server when we collect your personal information, is encrypted using the SSL (Secure Socket Layer) protocol. Additionally, our databases are protected against access by third parties.