§ 1 GENERAL PROVISIONS
- The controller of personal data of clients and website visitors left voluntarily during the visit on our website, Facebook page, as part of provision of electronic services by the Seller or other circumstances expressly specified in the Regulations is Clean Power Technology S.A., Al. Jerozolimskie 424A, 05-800 Pruszków, NIP (tax identification number): 6783172423, KRS (National Court Register) No.: 0000716971, e-mail: email@example.com, hereinafter referred to as the “Data Controller”.
- Clients’ personal data is processed in accordance with the general Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”) and national provisions of law concerning personal data protection, including the Act on Personal Data Protection and the Act on the Provision of Electronic Services of 18 July 2002 (Journal of Laws [Dz.U.] 2017.1219 consolidated text as amended).
- The Data Controller exercises due diligence to protect interests of data subjects and in particular ensures that the data collected by it is processed in accordance with law, is collected for specified lawful purposes and is not subject to further processing non-compliant with these purposes; it is substantively correct and adequate to the purposes of processing and stored in the form which enables the identification of data subjects, no longer than necessary for achieving the purpose of processing.
- The Data Controller has not appointed the Personal Data Protection Officer.
- There is an option of visiting the Data Controller’s Web page without giving personal data identifying a natural person. Such personal data is stored upon the completion of browser session and is used, for example, during the subsequent visit on the Web page. Personal data is given voluntarily but it may be necessary for the purpose of concluding an agreement or for any other purpose to which the data subject consents.
§ 2 PURPOSE, SCOPE AND BASIS OF DATA COLLECTION
- The following are the purposes of personal data collection by the Data Controller:
- establishing, determining the content, modifying, performing or terminating a contractual relationship between the Service Provider and the Service Recipient which involves the provision of services via the website;
- direct marketing of Data Controller’s own products or services;
- analysis using cookies
- The Data Controller processes the following personal data of Service Recipients: first and last name; e-mail address; telephone number. In the case of Service Recipients who conclude agreements to provide services related to fitness improvement, the Service Provider may request that other data, including on health status, should be given. The provision of data may be necessary for the purpose of avoiding a hazard to Service Recipient’s health and life. The data is never sent electronically, it is not provided via the website or stored in Data Controller’s customer service software.
- The data referred to in section 2 is given voluntarily but in specific situations it may be necessary to conclude an Agreement to render services related to improved fitness or Agreement to provide services electronically. The scope of required data is given in the Regulations of Impact Clean Power Technology S.A.
- The basis of the processing of Service Recipient’s personal data is the necessity to hold this data for purposes arising out of legitimate interests of the data controller, consent or need to perform an agreement to which the client is a party or undertaking any activities by the data controller prior to or after the conclusion of the agreement, as well as direct marketing of Data Controller’s own products or services.
- The personal data provided by clients shall not be disclosed to any entities except for those which hold the relevant legal basis, including based on data processing agreements in a manner which is less restrictive than as provided by the Data Controller.
§ 3 OPERATIONAL DATA
- The Data Controller may process the following data which characterises the method of using Services by the Service Recipient with the use of the proper software (operational data):
- The markings which identify the terminals of the telecommunications network or ITC system used by the Service Recipient;
- Information on the commencement, completion and scope of each use of electronic services by the Service Recipient;
- Information on the use of electronic services by the Service Recipient
- Operational data is aggregate and anonymous, i.e. it does not contain identification data of visitors of the Website and is not disclosed to third parties.
§ 4 RIGHT TO CONTROL, ACCESS AND RECTIFY DATA
- The client has a right to access his/her data and have it rectified, erased, its processing restricted, the right to transfer his/her data, to object, to withdraw his/her consent at any time without an influence on the lawfulness of processing based on consent prior to its withdrawal; the possibility of exercising Client’s rights depends, for example, on the legal basis of processing and its purpose.
- Each person has a right to control the processing of data included in the Data Controller’s personal data file in which the person’s data is kept, especially the right to request that the data be supplemented, updated, corrected, its processing suspended temporarily or permanently or data removed, especially if it is incomplete, outdated, false or has been collected with the breach of the act or is redundant for the purpose for which it has been collected.
- In the case of data processing for the purposes of direct marketing of the Data Controller’s own products or services, the data subject is also authorised to request in writing that the processing of its data should be terminated and to object to the processing of its data.
- For the purpose of exercising rights referred to above, the relevant request should be sent via e-mail to the address: firstname.lastname@example.org or in writing to the Data Controller’s registered office.
- Each data subject has a right to complain to the President of the Personal Data Protection Office (former General Inspector for Personal Data Protection) if he/she finds that the processing of his/her personal data breaches the provisions of the General Data Protection Regulation of 27 April 2016.
- Personal data shall not be transferred to a third country/international organisation.
- Personal data shall be stored for the term of the agreement and for the period required in accordance with legal obligations, including 5 years of the issue date of the last invoice/bill in accordance with the Accounting Act, and in the event of non-payment or other claims for the period necessary for the lodging of such claims (statute of limitations). Personal data given based on the consent shall be processed until the withdrawal of consent.
- The data shall not be processed in an automated way, including through profiling, i.e. no decisions with legal consequences for an individual or with a similar material influence on the individual will be based exclusively on automated personal data processing or will be associated with such an automated decision. However, it should be remembered that Partners cooperating with the data controller who are mentioned in § 5 of this Policy process data collected via the website for the purpose of addressing advertising based on Client’s interests. The data to be provided includes, in particular: IP (Internet Protocol), geolocation data retrieved from client’s IP address, mobile advertising ID (MAID) (which allows developers of mobile applications to define the users of mobile applications), mobile application ID, browser type, browser language, type of operating system, date and time when the client visited the website, behaviour on the website such as time spent and interest shown, the relevant URL address and the method of Web searching by the client in order to locate and visit the website, information on the use of tools by the client (e.g. for searching specific content on the website) offered by the Data Controller’s Partners which may be made available on the website. This data allows for creating marketing profiles of the recipients of advertising and analysis of website functionality for the purpose of adapting it to clients’ preferences.
- Cookies are small text and numeric files saved on the User’s computer when visiting the Web page/website. Cookies allow Web pages to identify the computer user. In most cases, they do not enable the identification of Web user. They cause no damage to User’s computer and contain no viruses.
- Two types of cookies are most frequently used: session cookies and persistent cookies. Session cookies are temporary files which remain on the user’s device until the user has logged off the Web page or the browser has been closed. Persistent cookies are saved in user’s device memory in the parameters for a specific time or until they are manually removed.
- The Data Controller may use its own Cookies in particular for the purpose of correctly configuring the Web page, for processes necessary for its full functionality, for client authentication in the website and for ensuring the continuity of client’s session on the website, for saving client location, for the purpose of analyses and tests, and website traffic audit, and for providing advertising services.
- The Data Controller may use third-party cookies, in particular in the scope of the use of analytical tools, provision of advertising services, including for the purpose of identifying groups of clients who share specific interests, for the purpose of making it possible for them to make available the website content on other Web pages.
- The Data Controller uses the following third-party cookies:
- In order to like the Data Controller’s page or go directly to Facebook page of Impact Clean Power Technology S.A. via Facebook Connect, irrespective of whether you have a Facebook account or are logged on to Facebook, the controller of third-party cookies: Facebook Inc based in the USA or Facebook Ireland based in Ireland – details and FB Cookies policy https://www.facebook.com/policies/cookies
- For the purpose of locating Google Maps and Google Earth services via Google (the controller of third-party cookies: Google Inc based in the USA): https://privacy.google.com/intl/pl/businesses/mapscontrollerterms/
- Below you can give your consent to the use of third-party cookies installed via our Web pages and websites for profiling for marketing purposes or see your previous choice which may be modified at any time.
Source Name of cookie domain Type of cookies Cookies policy Facebook.com Profiling https://www.facebook.com/policies/cookies Google.com Location https://privacy.google.com/intl/pl/businesses/mapscontrollerterms/
The Data Controller bears no liability for any defective functioning of third-party websites mentioned on this page.
- By modifying Web browser settings where in security settings it is possible to enable or disable temporarily or permanently saved cookies independently. Details concerning the possibility and ways of handling cookies are available in the Help section in the menu of each browser.
- By visiting websites mentioned in section 5 to disable the use of third-party cookies, including cookies used to display interest-based advertising (if this is enabled by the supplier of the website or advertising network).
- Through specially designed tools for handling consumer choices which are used for managing cookies employed to display advertising, based on Users’ interests, available e.g. here: http://www.youronlinechoices.eu/ or here http://www.aboutads.info/choices/ .
- If cookies are disabled using the methods specified in this section, there is a risk that certain functionalities on our Web page will be unavailable and certain Web pages will be displayed incorrectly.
§ 7 FINAL PROVISIONS
- The Data Controller uses technical and organisational measures to ensure the protection of personal data processed, adequate to risks and categories of protected data; in particular, it protects data from disclosure to unauthorised persons, from being taken by an unauthorised person, processing with the breach of applicable provisions of law, modification, loss, damage or destruction in accordance with applicable provisions.