1. GENERAL PROVISIONS
- Personal data collected via www.ksmvision.pl is controlled by the KSM Vision Sp. z o.o. company entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register, place of business and address for service: ul. Sokołowska 9/117 , 01-142 Warszawa, VAT No.: 5272682660, REGON (National Official Business Register): 146277926 , e-mail address: firstname.lastname@example.org, hereinafter referred to as the “Data Controller”, while being the “Service Provider”.
- Personal data collected by the Data Controller via the website are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR.
2. TYPE OF PROCESSED PERSONAL DATA, PURPOSE AND SCOPE OF THE PROCESSING
- PURPOSE AND LEGAL BASIS OF THE PROCESSING. The Data Controller processes the personal data of the www.ksmvision.pl Users when they:
a) use the contact form (quote form), pursuant to Art. 6(1)(b) GDPR (performance of a contract for the provision of services electronically),
b) place an order on the website, in order to perform a sales contract, pursuant to Art. 6(1)(b) GDPR (performance of a sales contract).
- RODZAJ PRZETWARZANYCH DANYCH OSOBOWYCH. In the case of:
a) an Order, the Customer provides:
– Name and surname,
– Company name,
– VAT No.,
– E-mail address,
– Phone number.
b) a quote or other inquiry, the Customer provides:
– E-mail address.
- PERIOD OF PERSONAL DATA STORING. Personal data of Customers are stored by the Data Controller:
a) if the data are processed on the basis of performance of a contract, for no longer than is necessary for the performance of the contract, and after that time, for a period corresponding to the limitation period. Unless a special provision says otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business activity - three years.
b) if the data are processed on the basis of a consent, as long as the consent is not revoked, and after the consent is revoked: for a period of time corresponding to the limitation period that may be brought by the Data Controller and that can be made against it. Unless a special provision says otherwise, the limitation period is six years, for claims for periodic benefits and claims related to running a business – three years.
- When customers use the Website, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
- If the Customer has given consent, pursuant to Art. 6(1)(a) GDPR, the data may also be processed for sending commercial information by electronic means or making phone calls for direct marketing purposes – pursuant to Art. 10(2) of the Act of 18 July 2002 on Providing Services by Electronic Means or Art. 172(1) of the Act of 16 July 2004 – Telecommunications Law, respectively, including those provided as a result of profiling, provided that the Customer has given a proper consent.
- Navigational data, including information about links they decide to click or other Website activity, may also be collected from the Customer. The legal basis for that type of activity is the legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) in facilitating the use of services provided by electronic means and improving the functionality of those services.
- Providing any personal data by the Customer is voluntary.
- Personal data will also be processed in an automated manner in the form of profiling, provided that the Customer gives consent pursuant to Art. 6(1)(a) GDPR. As a result of profiling, a given person will be assigned a profile in order to make related decisions or analysis or predict their preferences, behaviours, and attitudes.
- The Data Controller exercises due diligence to protect the interests of data subjects, and in particular ensures that the collected data are:
a) processed in accordance with the law,
b) collected for specified and legitimate purposes and not further processed in a manner that is incompatible with those purposes,
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed and kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
3. DATA SHARING
- Personal data of Customers are transferred to service providers used by the Data Controller when running the Website. Depending on contractual arrangements and circumstances, service providers the personal data are transferred to are subject to the Data Controller’s instructions as to the purposes for which and the means by which those data are processed (data processors) or determine the purposes for which and the means by which those data are processed (data controllers).
- Personal data of Customers are stored only within the European Economic Area (EEA).
4. RIGHT TO CONTROL, RIGHT OF ACCESS, AND RIGHT TO RECTIFICATION OF YOUR OWN DATA
- The data subject has the right to access their personal data and the right to request from the Data Controller rectification or erasure of personal data or restriction of processing, the right to data portability, the right to object, the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Legal grounds for the Customer’s request:
a) Right of access – Art. 15 GDPR.
b) Right to rectification – Art. 16 GDPR.
c) Right to erasure (‘right to be forgotten’) – Art. 17 GDPR.
d) Restriction of processing – Art. 18 GDPR.
e) Data portability – Art. 20 GDPR.
f) Right to object – Art. 21 GDPR
g) Right to withdraw consent – Art. 7(3) GDPR.
- In order to exercise the rights referred to in point 2, you can send an appropriate e-mail to the following address: email@example.com.
- If the Customer wishes to exercise (one of) their rights referred to in point 2, the Data Controller shall immediately grant the request or refuse to grant it, but not later than within a month after receiving the request. If, however, due to the complex nature of the request or the number of requests ,the Data Controller is unable to grant the request within a month, it will grant it within the next two months after informing the Customer within a month of receiving the request about the intention to extend the deadline and the reasons for that.
- If it is found that personal data are processed in violation of the GDPR provisions, the data subject has the right to bring a complaint to the President of the Personal Data Protection Office.
- Installation of cookies is necessary for the provision of Website services. Cookies contain information necessary for the website to work properly and allow the Data Controller’s to compile general statistics of website visits.
- The website uses two types of cookies: “session” and “persistent”.
a) Session cookies are temporary files that are stored on the User’s device until they log off (leave the website).
b) Persistent cookies are stored on the User’s device for the period specified in their parameters or until they are erased by the Customer.
- The Data Controller uses its own cookies to better assess how the Customer interacts with the content of the website. The files gather information on how the Customer uses the website, the type of website the Customer was redirected from and the number of visits and the duration of the Customer’s visit on the website. That information does not register specific personal data of the Customer, but is used to compile statistics on the website use.
- The Data Controller uses third-party cookies to gather general and anonymous static data using Google Analytics analytical tools (third-party cookies are controlled by Google Inc. headquartered in the U.S.).
- The Customer has the right to choose whether cookies can be placed on their computer by selecting them in the window of their browser. Detailed information on the possibilities and methods of handling cookies is available in the software (web browser) settings.
6. FINAL PROVISIONS
- The Data Controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk and categories of data protected, and in particular, protects the data against unauthorized disclosure, removal by an unauthorized person, unlawful processing and alteration, loss, damage, or destruction.
- The Data Controller provides appropriate technical measures to prevent unauthorized persons from acquiring and altering the personal data sent electronically.