I. General provisions
1. The operator of the www.jesionova.pl website (the “Website”) is Fracthon Jesionowa Sp. z o.o. Sp. k. of Kraków, ul. Kamiennej 21, 31-403 Kraków, entered into the Register of Businesses, a part of the National Court Register (KRS), under number 0000699899, NIP (tax identification number): 6762537919, REGON (statistical number): 368550132 (the “Website Operator,” the “Operator,” or the “Company”) e-mail address: [email protected], telephone number: 510-160-003.
2. The Website obtains information about users and their behaviors in the following ways:
a) when you upload data yourself, e.g. through a contact form;
b) by gathering data when you are using the Website, e.g.:
- by means of storing cookies on end devices;
- by means of collecting server logs.
II. Information about cookies
1. Cookies are IT data (mainly in the form of text files) that are collected and stored on your end device when you use the Website. Cookies allow for recognizing your device and adjusting the Website to your preferences. Cookies contain a unique number, information about the name of the website from which they come, and information about how long they will be kept on the end device. The Website Operator is responsible for placing cookies on your end device and has access to them.
2. Cookies are used to:
a) gather data and compile statistics, allowing the Website Operator to precisely investigate how users brows the webpages comprising the Website. In this respect, we use Google Analytics and Hotjar. The data collected in this way also makes it possible to improve the functioning of the particular elements of the Website;
b) produce user profiles in order to display personalized ads, which mainly come from the Google network. Google AdWords and other Google tools use the cookies technology in order to remember which websites you viewed on your device. Google stores on its servers the data obtained from cookies and uses this data to display ads on the websites you visit. The Website Operator, as an advertiser using Google services, has no access to the cookies stored in this way on your device, but may request that ads be displayed to selected recipients, e.g. all users that visited the Website within the last seven days;
c) produce user profiles in order to display personalized ads on Facebook. The Website uses the so-called “Facebook conversion pixel.” This pixel tracks visits by users and their behaviors when they navigate around the Website. This allows us to request Facebook to display ads to the users who visited the Website (remarketing) or the particular webpages of the Website. Afterwards, the Operator receives from Facebook statistical data that concerns exclusively ads efficiency, with no references to specific persons. This way, we can check the efficiency of ads on Facebook and Instagram for statistical purposes and for purposes related to market research. If you have a Facebook or Instagram account, you can find information about data protection at https://www.facebook.com/about/privacy/ and at https://help.instagram.com/155833707900388.
3. The Website uses the following types of cookies:
a) “session cookies,” which are temporary files. Your end device stores them until you close the browser, leave the Website, or log out;
b) “persistent cookies,” which are permanent. Unlike session cookies, they are stored on your end device for the time specified in their parameters or until they are deleted.
4. Cookies that are stored on your end device may be used both by the Website Operator and the entities cooperating with the Operator.
5. If the Website contains links to other websites, the Website Operator shall not be liable for the privacy policies of other websites and recommends that you read them after being redirected to the given website.
6. Deleting and blocking cookies.
a) By default, every kind of software intended for browsing websites allows for placing cookies on the user’s end device. However, you can change the browser’s settings so that it blocks cookies. At any time, you can also delete the cookies stored on your device. Detailed information concerning the blocking and deleting of cookies is available in the settings of your browser. Google Analytics can be blocked by using the following add-on: https://tools.google.com/dlpage/gaoptout?hl=en.
III. Personal data protection
1. The controller of your personal data is Fracthon Jesionowa Sp. z o.o. Sp. k. of Kraków, ul. Kamiennej 21, 31-403 Kraków, entered into the Register of Businesses, a part of the National Court Register (KRS), under number 0000699899, NIP (tax identification number): 6762537919, REGON (statistical number): 368550132 (the “Controller”). In matters concerning personal data protection, the Controller may be contacted at [email protected]
2. Purposes and bases of personal data processing
a) In order to respond to inquiries made using the contact form, by e-mail, or by telephone, we process the following personal data:
- first and last name,
- e-mail address,
- telephone number.
The legal basis for the processing of the above data is Article 6.1.b of the GDPR, which provides that processing is lawful if it is necessary for the performance of a contract to or in order to take steps prior to entering into a contract; if your inquiry does not directly concern our offer and you ticked the field below the form saying that you agree to the processing of personal data, then the basis of such processing is Article 6.1.a of the GDPR, which permits the processing of personal data on the basis of voluntary consent of the data subject.
b) For analytical purposes, i.e. to investigate and analyze user activity on the Website, the following data is processed: date and time of visit, type of operating system, approximate location, type of browser used, time spent on the Website, and the webpages visited on the Website. The basis for the processing of the above data is Article 6.1.f of the GDPR, which permits the processing of personal data for the legitimate interests pursued by the Controller (in this case, the Company’s legitimate interest is to learn about user activity on the Website).
c) In order to administer the Website, the following personal data is processed: IP address, server date and time, information concerning the browser, information concerning the operating system—this data is saved automatically in the so-called server logs in each case of a website visit. Administering the Website without the use of a server and the above automatic saving of data would be impossible. The legal basis for processing data for the above purpose is Article 6.1.f of the GDPR, which permits the processing of personal data for the legitimate interests pursued by the Controller (in this case, the Company’s legitimate interest is to administer the Website).
3. Personal data recipients
a) The personal data processed by the Company may be shared with public authorities under the generally applicable legal regulations or a decision of the relevant authority.
b) The personal data is shared with the companies cooperating with the Company, i.e. the hosting company, the company managing the Website, and, via cookies, the companies whose advertising services we employ (Google, Facebook). Personal data may also be shared with entities providing legal or accounting services.
4. Transferring data to third countries
a) The Company uses services and technologies offered by entities such as Google that are based outside of the European Union and therefore are treated as third party entities under the GDPR.
b) The GDPR provides for limitations in transferring personal data to third countries. Since, in principle, European regulations do not apply in third countries, the protection of European Union citizens may unfortunately be insufficient. This is why every data controller is obliged to specify the legal basis for such transfers of personal data.
c) The Company guarantees that in connection with using services and technologies, it transfers personal data exclusively to US-based entities that have joined the Privacy Shield program in line with the European Commission Implementing Decision of 12 July 2016 (details are available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).
d) The entities that have joined the Privacy Shield program guarantee that they will comply with high personal data protection standards in force in the European Union. As a result, using their services and technologies in the process of personal data processing is lawful.
e) At any time, the Company is ready to provide you with additional explanations concerning personal data, especially if you have any doubts in this respect.
f) At any time, you have the right to receive a copy of the personal data that has been transferred to a third country.
5. Personal data processing periods
a) In accordance with the applicable legal regulations, we process your personal data exclusively for as long as this is necessary to achieve the purpose of processing. After that period, your personal data will be irreversibly deleted or destroyed.
b) Personal data is processed for the following periods:
- for the duration of the contract—with respect to the personal data processed in order to execute and perform the contract and take take steps prior to entering into a contract at the request of the data subject;
- until consent is withdrawn or the purpose of processing is achieved—with respect to personal data processed on the basis of consent from the data subject;
- until an effective objection is made or the purpose of processing is achieved, not longer, however, than for 5 years—with respect to the personal data processed on the basis of a legitimate interest of the Controller;
6. Rights of data subjects
a) the right to access your data: this rights covers the following elements: confirming/denying permission to process your personal data, providing the information required under to obligation to inform, granting access to data, providing copies of data;
b) the right to rectify your data: this right consists in your entitlement to rectify incorrect data and supplement incomplete data;
c) the right to erasure (the right to be forgotten): this rights consists in the obligation to delete personal data if this data is no longer necessary for the purposes for which it has been collected or otherwise processed;
d) the right to have the processing of your data restricted: this right consists in labeling personal data in order to restrict its future processing—where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State;
e) the right to transmit your data: this right consist in your entitlement to receive the personal data concerning you, in a structured, commonly used and machine-readable format and in the subsequent transfer of this data to another controller without hindrance from the controller to which the personal data have been provided;
f) the right to object: the right to object results in the prohibition of further processing of your personal data if the legal basis for this processing was a legitimate interest. The Controller shall no longer process the personal data unless the he demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise, or defense of legal claims;
g) the right to withdraw your consent: with respect to the personal data the provision of which is voluntary, you may exercise the right to withdraw your consent to the processing of this data at any time, without this affecting the lawfulness of the processing carried out on the basis of this consent before consent withdrawal. The representation on consent withdrawal has to be made in writing or in an electronic form to [email protected];
h) the right to file a complaint with the Personal Data Protection Office if you believe that the your personal data is being processed in violation of legal regulations.
7. The requirement to provide personal data
a) Whether you provide any personal data is entirely up to you. However, in certain cases, it is necessary to provide specific items of personal data in order for us to meet your expectations in terms of our services.
b) To be able to contact you by telephone or e-mail in order to respond to an inquiry you made via the contact form, you have to provide a telephone number and an e-mail address—without them, we are unable to contact you.
IV. Final provisions