The document in question (hereinafter referred to as the “Policy”) contains information on processing by:
AUVENTO Sp. z o.o. with headquarters in Tyczyn, ul. Mickiewicza 18, 36 – 020 Tyczyn, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Rzeszów, XII Commercial Division of the National Court Register under the KRS number: 0000781811, NIP: 8133810601, with share capital of PLN 5,000.00 using the platform available on the website: www.arsolutions.pl (hereinafter referred to as: the Platform). The policy is made available in order to provide persons whose personal data are processed by the Administrator with the widest possible information on the scope of data processed, methods and principles of data processing and the rights of these persons. The basic legal regulation regarding the protection of personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / WE (hereinafter referred to as “GDPR”).
I. GLOSSARY OF TERMS
- Browser: IT program used to display websites (e.g. Chrome, Firefox, Safari).
- Cookies: text files placed by the server on the device on which the Browser operates. Cookies are IT data, in particular text files, which are stored on the User’s end device (e.g. in the computer memory) and are intended for the use of Platform.
- Third country: a country outside the European Economic Area.
- Personal data: any information about an identified or identifiable natural person, in particular on the basis of an identifier such as name and surname, identification number, location data, internet identifier or one or more specific factors determining the physical, physiological, genetic, mental , economic, cultural or social identity of a person.
- Profiling: any form of automated processing of personal data that involves the use of personal data to evaluate certain personal factors of a natural person, in particular to analyze or forecast aspects related to the effects of work of that natural person, his economic situation, health, personal preferences, interests, reliability, behavior, location or movement.
- Services/Products: services provided by the Administrator and products offered for sale and sold by the Administrator via the Platform for Users.
- Processing: any operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, organizing, storing, adapting or modifying, downloading, viewing, using, disclosing by sending, disseminating or otherwise sharing , matching or combining, limiting, deleting or destroying.
- Users: persons using the Services provided by the Administrator and making purchases, as well as persons interested in purchasing or services via the Platform.
This Policy applies to the processing of Personal Data in connection with the use of the Platform and the Services provided by the Administrator, available to Users, via the Platform, described in detail below.
The Administrator collects selected elements or all of the following Personal Data of Users:
- IP address,
- using the website (i.e. the type of User’s activity on the Administrator’s website);
- first name and last name,
- e-mail address,
- data on the type and version of the web browser and the types and versions of plugins used by Browsers,
- operating system and advertising ID.
These data are obtained by the Administrator, in particular via cookies and other technologies.
III. LEGAL BASES, PURPOSES, RULES AND TIME OF DATA PROCESSING ON THE WEBSITE
- Users’ personal data are processed by the Administrator in order to:
a) exercise the rights and obligations resulting from the contract concluded between the User and the Administrator (Article 6 (1) (b) of the GDPR) as well as providing the User with information and the Services and Products ordered by him, which is necessary to perform mutual contractual obligations and in the purpose of considering complaints and complaints related to concluded contracts (processing is necessary to fulfill the legal obligation incumbent on the Administrator – Article 6 (1) (c) of the GDPR) – for the time necessary to perform the contract, and after its completion, the data will be stored for a period necessary to demonstrate the correct performance of obligations under the contract until the expiry of the deadlines specified in the provisions on archiving and the expiry of the deadlines for pursuing claims under the contract;
b) for analytical and statistical purposes (processing is necessary due to the legitimate interest of the Administrator – Article 6 (1) (f) of the GDPR), Personal data will be processed until there is an additional legal basis (e.g. allowing for their processing in for the purpose of performing the contract) – when the Administrator loses this basis, Personal data will be anonymized;
c) providing the User (in a manner consistent with applicable regulations) of marketing materials as well as information, instructions and tips necessary to improve the implementation of Services and the sale of Products – the processing of the User’s Personal Data takes place then with his consent (Article 6 (1) (a) of the GDPR) and / or in the legitimate interest of the Administrator, which is the improvement of the Services provided and direct marketing (Article 6 (1) (f) of the GDPR) for the time necessary to implement the legitimate interest of the Administrator or until the User submits a justified objection, and in the case of marketing direct, no longer than until the objection is expressed;
d) ensuring the security of using the Platform, which is necessary to perform mutual contractual obligations, drawing up, exercising or defending claims arising from the contract (Article 6 (1) (b) of the GDPR), and fulfilling the statutory obligations of the Administrator (Article 6 (1) of the GDPR) 1 letter c) of the GDPR), as well as in the legitimate interest of the Administrator (to ensure the security of the Services provided) (Article 6 (1) (f) of the GDPR) – for the time necessary to perform the contract, and after its completion the data will be kept for the period necessary to demonstrate the correctness of the performance of obligations under the contract until the expiry of the deadlines specified in the provisions on archiving; if the Administrator fulfills statutory obligations, the processing of Personal Data will be carried out for the time necessary to perform the statutory obligations of the Administrator; in the case of ensuring security for the time necessary to implement the legitimate interest of the Administrator or until the User submits a justified objection;
e) performance of other statutory obligations of the Administrator, in particular tax and reporting (Article 6 (1) (c) of the GDPR) – for the time necessary to perform the statutory obligations of the Administrator, in particular until the expiry of the limitation period for tax obligations;
f) in the case of voluntary and optional consents (art. 6 sec. 1 letter a) GPDR and art. 10 of the Act of July 18, 2002 on the provision of electronic services and art. 172 of the Act of 16.07.2004 – Telecommunications Law) the data will also be processed for marketing purposes consisting in providing information about products sold / services provided by the Administrator, also on the basis of separate consents expressed via e-mail or during a telephone conversation – until the consent is withdrawn.
g) related to the conduct of electronic correspondence pursuant to art. 6 sec. 1 letter f) GDPR, which is the Administrator’s legitimate interest – until the consent is withdrawn.
- Personal data will be disclosed to external recipients, i.e.: the Administrator’s business partners, the Administrator’s service providers (in particular in the field of technical issues, payments), persons cooperating with the Administrator and state authorities, the prosecutor’s office, the police (when required by law).
- The Administrator informs that the transfer of Personal Data to external recipients will take place when:
a) it is necessary to use the services of an external entity,
b) it is necessary for contracts concluded with external entities,
c) it is necessary for the proper performance of the contract;
d) it is necessary for analytical purposes;
e) it results from the provisions of generally applicable law;
f) it is necessary to defend the Administrator’s claims or rights, including in connection with the ongoing process;
g) a circumstance has occurred that constitutes a threat to life, health, property or safety.
- In accordance with applicable regulations and if required, after obtaining the User’s consent, the Administrator may develop any combination of information about the User, including his Personal Data and data obtained using cookies, which may also be sent to the Administrator’s business partners or may be obtained from them. The administrator may use this information and their combinations for the purposes specified in this Policy.
- The Administrator does not transfer Personal Data to a third country or an international organization outside the European Economic Area.
- In accordance with applicable regulations, and if required, after obtaining the User’s consent, the Administrator may use the information provided by the User for the purposes of direct marketing using electronic means of communication (e.g. sending information, invitations to events organized by the Administrator or other Users or other messages that the Administrator thinks may be of interest to the User or sending advertisements addressed to a specific User).
- With regard to marketing messages sent via electronic means of communication: The User may at any time withdraw his consent by sending an e-mail to the address email@example.com
After the expiry of the processing period, Personal Data is immediately deleted or anonymized.
The scope of the indicated data complies with the adequacy principle. Failure to provide the above data may prevent the use of the Services and / or the purchase of the Product.
IV. AUTOMATIC PROCESSING OF PERSONAL DATA
The Administrator uses Personal Data for automated decision making, including profiling, taking into account the information contained in cookies. Profiling will affect the functionality and quality of the Platform, the content of the profile of a specific User, the content of the offer dedicated to a given User, as well as proposing to the User activities that increase his activity in the Platform. In addition, profiling is carried out to achieve the above-mentioned goals described in section III of the Policy.
Profiling has an impact on the User’s use of the Platform, because on this basis the Administrator will be able to improve the quality of using the Platform, as well as assess the personal preferences and interests of Users. Therefore, profiling also includes monitoring and tracking of individual Users’ behavior.
V. USER RIGHTS
- In accordance with the provisions of the GDPR, the User has the following rights related to the control of the processing of Personal Data:
a) the right to access the content of Personal Data (including obtaining information about what kind of Personal Data are processed by the Administrator, receiving a copy of your Personal Data);
b) the right to request correction, updating or rectification of Personal Data;
c) the right to request the removal of Personal Data if they are incomplete, out of date, untrue or were collected in violation of the law or are unnecessary to achieve the purpose for which they were collected; notwithstanding the foregoing, the User has the option to delete the Account on the Platform (however, it is not equivalent with the deletion of Personal Data);
d) the right to lodge a complaint with the supervisory body dealing with the protection of personal data – the President of the „Urzędu Ochrony Danych Osobowych” / Office for Personal Data Protection (e.g. if it is considered that the processing of Personal Data violates the provisions of the GDPR or other provisions regarding the protection of Personal Data);
e) the right to request the restriction of the processing of Personal Data;
f) the right to object to the processing of Personal Data if the processing is based on the Controller’s legitimate interest or for direct marketing.
If Personal Data is processed on the basis of consent, the User is entitled to:
g) the right to withdraw consent at any time;
h) the right to transfer Personal Data.
- In order to exercise their rights, the User may contact the Administrator via the communication channels indicated in Section VIII: “Contact Details”.
- The platform uses information contained in cookie files.
- Cookies are used for the following purposes:
a) Optimizing the Platform;
b) enabling Users in navigating on the website and using its basic functions;
c) recognizing the User during next visit on the website;
d) personalizing and improving functions offered to the User;
e) maintaining the User’s session;
f) determining the number of people using the Platform and obtaining information on how they use it;
g) conducting marketing activities (sending advertisements);
h) remembering login details on the Platform;
i) adjusting content of the Platform to the individual preferences of the User (e.g. page layout);
j) keeping anonymous statistics allowing the Administrator to improve the functionality of the Platform.
- The Platform uses the following types of cookies: essential cookies, functional cookies, analytical and performance cookies, advertising and targeting cookies.
- Cookies may also be used by advertisers and partners cooperating with the Administrator.
- 7. In accordance with applicable regulations and if required, after obtaining the User’s consent, the Administrator may develop any combination of information about the User, including his Personal Data and data obtained using cookies, which may also be sent to our business partners or obtained from them.
- 8. Detailed information on cookies and their independent selection in the most popular web browsers are available in the “help” (or other similar) section of the internet settings used.
VII. SECURITY OF PERSONAL DATA
The Administrator provides appropriate security measures to ensure that Personal Data is processed in a safe manner, ensuring, above all, that only authorized persons have access to the data and only to the extent necessary due to the tasks performed by them. The Administrator takes all steps to ensure that the entities cooperating with him guarantee the application of appropriate security measures, whenever they process personal data on behalf of the Administrator.
In particular, these are the following security measures:
- securing data against unauthorized access;
- updating the software through frequent updates;
- encryption of Personal Data in the database;
- SSL certificate.
VIII. CONTACT INFORMATION
In case of any questions or requests regarding Personal Data or a desire to exercise a specific right, the User may contact the Administrator in one of the following forms:
phone number: +48 666 976 913
The Administrator aims to keep this Policy up-to-date and update it in the event of changes in the law, judicial decisions, guidelines of authorities responsible for supervising the processing of Personal Data, introduction of Codes of Good Practice (if the Administrator is bound by such codes), changes in technology, methods, goals or legal basis for the processing of Personal Data.