Privacy Policy
General Information
1.1. This Privacy Policy is applicable to the personal data of the users of the online service (hereinafter, the “Users”) at https://www.kochanski.pl (hereinafter the “Service”).
1.2. The Service Users personal data controller is the Service Provider, i.e. Kochański & Partners sp.k. with its seat in Warsaw (00-078) at Plac Piłsudskiego 1, registered in the Register of Business Entities maintained by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under number KRS 0000625481 (hereinafter also referred to as the “Firm”).
1.3. The Service Provider processes the personal data of the Service Users for the purposes of operating the Service and in particular to:
A. ensure the proper functioning of the Service;
B. clarify the circumstances of any unauthorized use of the Service;
C. create internal reports and analyses (including viewing statistics for the Service subpages);
D. enhance Service quality, and
E. enable the Service Provider to send, in electronic format, the newsletter subscribed to by the Users to the indicated email address.
1.4. Contact data of the Data Protection Officer – and if no such officer is appointed – of the person appointed to coordinate the protection of personal data within the Firm: odo@kochanski.pl
1.5. The person referred to above should to be contacted in any matters concerning the protection of personal data processed by the Service Provider.
Exercising of Data Subjects’ Rights
1.6. Any natural person (hereinafter, the “Requesting Party”) may request the Service Provider to: (A) confirm whether the Service Provider is processing their personal data, and to enable them to exercise their right to access the data concerning them; (B) rectify their personal data; (C) erase or restrict processing of their personal data; (D) transfer their personal data, including the right to receive such data and transmit them to another controller, or to request, if technically possible, that the data be transmitted directly to another controller (to the extent that such data are processed automatically and for the purposes of performing a contract or based on consent); (E) object to the processing of personal data (to the extent that such data are processed in the legitimate interests of the Firm).
1.7. The said requests will be carried out by the Requesting Party pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”). This means that in certain cases specified in the GDPR a data subject may not have the aforementioned rights.
1.8. Requests should be made in writing to Kochański & Partners sp.k., pl. Piłsudskiego 1, 00-078 Warszawa or by email at odo@kochanski.pl. In the event that the Service Provider does not process any personal data of the Requesting Party (apart from the processing of such data for the purposes of the request itself), the request will not be carried out, and the data of the Requesting Party will be promptly deleted.
1.9. The Service Provider, upon receipt of the request, will notify the Requesting Party accordingly without undue delay and include the request in its records.
1.10. The Service Provider reserves the right to verify the identity of the Requesting Party. If the identity of the Requesting Party is not effectively verified for reasons due to the Requesting Party, the Service Provider will not carry out the request, while immediately notifying the Requesting Party of this fact.
1.11. The application will be examined in a dedicated unit of the Service Provider without undue delay, no later however than within 10 days following the date of receipt of the request by the Service Provider. The manner of handling the request will be consulted with the Data Protection Officer appointed by the Service Provider, or – if there is no such designated officer – with the personal data protection coordinator within the Service Provider’s organisation.
1.12. The Service Provider will respond to the Requesting Party’s request within no more than three (3) weeks following the date of its receipt. In objectively complicated cases (i.e. requiring a considerable amount of work on the part of the Firm), the said time limit will be extended to two (2) months, of which the Requesting Party will be promptly notified. At the same time, the Service Provider will make every effort to ensure that the time limit is not so extended.
1.13. For the purposes of exercising the Requesting Party’s right of access, the Requesting Party’s data will be provided in the requested scope. The scope of information includes:
- the purpose of the processing,
- categories of personal data to be processed,
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,
- the anticipated period for which the data are to be kept, and if no such information can be provided – the manner of calculating such period,
- if the personal data have not been collected from the data subject – all available information about the source of such data,
- the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject,
- the right to request the Firm to rectify, erase or restrict processing of, personal data and to object to the processing (if the Requesting Party has such right),
- the right to lodge a complaint with a supervisory authority.
1.14. For the purposes of exercising the right of access and the right to data portability, a copy of the personal data concerning the Requesting Party will be attached to the reply, in a commonly used and available machine-readable format.
1.15. Any complaints relating to the implementation of this procedure should be addressed to the Data Protection Officer (DPO) of the Service Provider or the Firm’s personal data protection coordinator (if the DPO has not been appointed by the Firm) at: odo@kochanski.pl. Complaints will be considered immediately, not later however than within 7 days following the date of their delivery, of which the Requesting Party will be promptly notified. The Requesting Party will also be notified of the receipt of the complaint. Information on the complaint shall be included in the records kept by the Firm’s DPO/personal data protection coordinator.
Other Provisions
1.16. If the Service Provider requests consent for commercial information to be sent by electronic means (such as e-mail, SMS, Bluetooth and other), the person who has given such consent has the right to withdraw their consent by sending an e-mail to the address given in section 1.4. above, with the word “unsubscribe” in the title. The above also applies to any other consent that may be obtained by the Service Provider through the Service.
1.17. The Service Provider declares that it will endeavour to ensure a high level of security to the Users during their use of the Service. Any events that may affect data transmission security should be reported by writing to the address given in section 1.4. above.
1.18. The Service Provider reserves the right to disclose selected information concerning Users to the competent authorities or third parties who request such information to be provided, on an appropriate legal basis and in compliance with applicable laws and regulations.
1.19. Except for the disclosures referred to in section 1.18. above, no information concerning Users will be disclosed to any third party or authority without consent of the relevant data subject.
Cookies and system logs
1.20. On connecting to the Service, information about the User’s device serial number, device type and IP address used to connect to the Service, will appear in the Service’s system logs. The Service Provider will also process, in accordance with the applicable law, data concerning the serial number (including IP address), type of device used by the User, time of connection of the abovementioned persons to the Service and other operating data connected with the User’s activity on the Service. These data will be processed in particular for technical purposes and for the collection of general statistical information.
1.21. The Service Provider uses cookies (small text files sent to the User’s device, identifying him/her in a way necessary to simplify or cancel a given operation) in order to collect information relating to the use of the Service by the Users. Cookies allow the Service Provider to: maintain the User’s session; customize the Service to the User’s needs; create the Service’s subpages view statistics.
1.22. The User can change his or her cookie settings at any time. In order to do so, the User should change their browser settings concerning cookies. In particular, the User can alter settings to prevent automatic acceptance of cookies via Internet browser settings, or to be notified each time cookies are placed on his/her device. More detailed information on how to manage cookies can be found in software (web browser) settings.
1.23. Some of the Service’s subpages and other means of communication with Users may contain web beacons (so-called electronic images, also known as empty GIFs). Web beacons enable the receiving of information such as the IP address of the computer on which the website with a web beacon was opened, the URL of the website, the time the website was loaded, the web browser type as well as the information contained in cookies, in order to monitor the effectiveness of our advertisements.
Hosting
1.24. The Service Provider, on the basis of a written agreement, entrusts the processing of all personal data provided by the User as well as other data referred to in this Privacy Policy, to Internet Marketing ‘Adam Iwanowski’, in order for this firm to properly host, administer, maintain and manage the Service.
1.25. This Privacy Policy was last updated on: 24 May 2018.
INFORMATION ABOUT PROCESSING OF PERSONAL DATA BY THE SERVICE PROVIDER:
Purpose of processing of personal data | Legal basis for processing of personal data |
If you are a Service User, your personal data will be processed in the legitimate interest of the Firm, i.e. for the purposes set out in section 1.3 above or on the basis of a consent, where such a consent was requested by the Firm. | Point (f) of Article 6(1) of Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general data protection regulation), hereinafter as “GDPR” with regard to legitimate interest of the Firm.
Point (a) of Article 6(1) of GDPR, where consent was requested by the Firm from the Service User. |
If you are a sole trader intending to conclude an Agreement with the Firm, your personal data will be processed for the purpose necessary to (A) take action prior to the conclusion of the agreement, (B) perform the agreement if it was concluded and pursue possible claims, and (C) perform the obligations resulting from tax and accounting laws and regulations. | Point (b) of Article 6(1) of GDPR Point (c) of Article 6(1) of GDPR Point (f) of Article 6(1) of GDPR |
If you are a contact person of a business partner of the Firm, your personal data will be processed in the legitimate interest of the Firm, to ensure contact with the business partners and verify whether a person contacting the Firm is authorised to act on behalf of the business partner, as well as (A) in order to perform the agreement concluded by and between the Firm and the entity you represent, and (B) in order to fulfil the obligations resulting from tax and accounting laws and regulations.. | Point (c) of Article 6(1) of GDPR Point (f) of Article 6(1) of GDPR |
To whom will personal data be transferred? | |
The Firm’s IT service providers may be recipients of your personal data. | |
For how long will your personal data be stored? | |
If you are a Service User, your personal data will be kept for the period necessary to fulfil the purposes specified in section 1.3 above. | |
If you are a sole trader and intend to conclude an Agreement with the Firm, your personal data will be kept for the period of validity of the agreement concluded between you and the Firm and after that, for the period of limitation of any possible claims. Moreover, your personal data will be kept for the period required by tax law and accounting regulations. |
If you are a representative of the Firm’s business partner, your personal data will be kept for the period of validity of the agreement concluded by the entity you represent and the Firm and following this, for the period of limitation of any possible claims. Moreover, your personal data will be kept for the period required by tax law and accounting regulations. |
What rights do you have with regard to the processing of personal data? | |
If you are a Service User, you have a right to:access your personal data;
|
|
If you are a sole trader and intend to conclude an Agreement with the Firm, you have a right to:
|
If you are a representative of a business partner of the Firm, you have a right to:
|
Is the provision of personal data obligatory? | |
Provision of data concerning Service Users is a voluntary choice. However, the provision of data is required to use the Service. | |
If you are a sole trader, the provision of your personal data is a voluntary choice, however it is necessary to conclude an agreement with the Firm. | If you are a representative of a business partner of the Firm, the provision of your personal data is a voluntary choice, however it is necessary to ensure contact with the Firm. |