The owner of the website assures that its superior objective is to provide the persons using the website with the protection of privacy on the level that is at least compliant with the requirements of the commonly governing provisions of law, in particular with the GDPR provisions and with the Act of 18 July 2002 on electronic services.
The owner of the website can collect personal data of other character. The collection of those data is performed, according to their character, automatically or as a result of activities of persons visiting the website.
I. General information, cookies
- The owner and operator of the website is REHSIP SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ SPÓŁKA KOMANDYTOWA with its registered office in Ożarów, address: Gliniany, ul. Polna 3, 27-530 Ożarów, entered to the register of entrepreneurs of the National Court Register kept by the District Court, Commercial Division of the National Court Register, under KRS [National Official Register] number: 0000654580, NIP: 8631700432, REGON [National Official Business Register]: 365472288. Pursuant to GDPR provisions, the owner of the website is also the Personal Data Controller of the website users (‘Controller’).
- Website conducts the function of obtaining information on the website users and their behaviour in the following manner:
3.1 website collects data included in cookies automatically
3.2 through the volitional entering of data by website users to the forms available on the website pages
3.3 through the automatic collection of www server’s logs by the hosting operator.
- Cookies are IT data, especially text files, that are stored in the end device of the website user and are intended for the use of the Website Internet pages. Cookies usually contain the name of the page they originate from, storage time in the end device, and a unique number.
- During the visit on the website, the data of the users concerning a given visit of the user on the website, can be collected automatically. They include: IP address, type of web browser, name of domain, number of page views, type of operating system, visits, display resolution, number of display colours, addresses of pages from which the entrance to the website took place, time of using the website. These data are not personal data and do not allow to identify the person using the website.
- The entity placing the cookies in the end device of the website user and gaining access to them is the Website operator.
- Cookies are used for the following purposes:
8.1 adjustment of the content of website Internet pages to the user’s preferences as well as optimisation of use of Internet pages; in particular, these files allow for identification of the website user’s device and properly display the website adjusted to their individual needs;
8.2 creation of statistics, which help to understand how the users of the website use Internet pages, which allows to improve their structure and content;
8.3 maintenance of the website user session (upon logging) due to which the user does not have to provide the login and password on each subpage of the website.
- There are following types of cookies used within the scope of the Website:
9.1 ‘necessary cookies’, allowing the user to use services available on the website, e.g. authorising cookies,
9.2 cookies used for the provision of security, e.g. used for the detection of abuse,
9.3 ‘performance’ cookies, used for gathering the information on the manner of using Internet pages of the website by the website users,
9.4 ‘advertising’ cookies providing website users with advertising content more suited to their interests,
9.5 ‘functional’ cookies, allowing to ‘remember’ the chosen settings by the website user and adjust the website to the website user, e.g. in the scope of the chosen language.
- There are two principal types of cookies used within the scope of the website: ‘session cookies’ and ‘persistent cookies’. Session cookies are temporary files that are stored in the end device of the users until they leave, log out the website or switch off the software (Internet browser). Persistent cookies are stored in the end device of the user for a time set in the cookies parameters or until the user removes them.
- Restriction of use of the cookies can influence certain functionalities available on the pages of website.
- The cookies stored in the end device of the website user and can be used by the advertisers and partners cooperating with the website operator.
II. Personal Data Processing, information of forms
- Personal data of the website users can be processed by the Controller:
1.1 in case when the website user provides consent for it in the forms included on the website in order to undertake actions that the forms concern (Art. 6 section 1 letter a GDPR) or
1.2 when the processing is necessary for the performance of the agreement, the Party of which is the website user (Art. 6 section l letter b GDPR), in case when the website allows the conclusion of the agreement between the Controller and the website user.
- Data processing occurs in the scope of website. The data is provided by the website users of their own record only. The Controller processes the personal data of the website users in the scope necessary for the purposes determined in point 1 letters a and b above, and during the period necessary for the implementation of objectives, or until the withdrawal of permit by the website user only. The lack of providing data by the user shall not result in the impossibility of implementing objectives for which the provision of data is indispensable.
- In the scope of the forms published on the website or in order to perform the agreements possible to be concluded in the scope of the website, the following personal data of the website user can be collected: first name, surname, address, email address, telephone number, login, password.
- Data included in forms, provided to the Controller by the website user, can be provided by the Controller to the third entities that cooperate with the Controller due to the implementation of its objectives determined in point 1 letters a and b above.
- Data provided in the forms included on the website are processed for the purposes pursuant to the function of a given form. Moreover, they might be used by the Controller also for the purpose of record-keeping and statistics. The consent of the person that the data concerns is expressed by deselecting a given box in the form.
- If the website possesses such functionalities, the website user, by selecting the proper box in the registration form, can reject or consent to receive commercial information by means of electronic communication, pursuant to the Act of 18 July 2002 on electronic services (Journal of Laws of 2002, No. 144 item 1024 as amended). If the website user consents to receive the commercial information by means of electronic communication, it may submit the withdrawal of the consent at any time. The application of the right of withdrawal of the consent is executed by sending an email to the website owner with the proper demand along with the provision of name and surname of the website user.
- The data in forms can be provided to the entities technically performing certain services - in particular it pertains the transfer of information of the owner of the registered domain to the entities being the operators of the Internet domain (in particular Research and Academic Computer Network R&D units - RACN), websites handling Internet payments, or other entities with whom the Controller cooperates in such scope.
- Personal data of the website users are stored in a database in which the technical and organisational measures providing the protection of the processed data pursuant to the requirements determined in relevant provisions were applied.
- In order to prevent the subsequent registration of persons the participation of whom was completed due to the forbidden use of website services, the Controller can refuse to erase personal data necessary in order to block another registration. Art. 19 section 2 point 3 in connection with Art. 21 section 1 of the Act of 18 July 2002 on electronic services (i.e. of 15 October 2013, Journal of Laws of 2013, item 1422) constitutes legal basis for the refusal. The refusal to erase personal data of website users by the Controller can also occur in other cases provided by the provisions of law.
- In cases provided by law the Controller can make available the part of personal data of the website users to the third persons for the purposes associated with the protection of third parties rights.
- The Controller reserves the right to send emails to all website users with the notification on important changes on website as well as the changes of this Private policy. The Controller may send emails of a commercial character, particularly advertisements, as well as other content of the character of a commercial information, if the website user provided its consent. The advertisements and other content of a character of commercial information can be attached to the inbound and outbound letters that are managed in the system account.
III. Powers of the website users concerning their personal data.
Pursuant to Art. 15 - 22 GDPR, any website user shall enjoy the following rights:
- Right of access by the data subject (Art. 15 GDPR)
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: Pursuant to Art. 15, the Controller shall provide the data subject with the copy of personal data being processed.
- Right to data rectification (Art. 16 GDPR)
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
- Right to data erasure (‘right to be forgotten’) (Art. 17 GDPR)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based
c) the data subject objects to the processing pursuant to Article 21 section 1 and there are no overriding legitimate grounds for the processing
- Right to restriction of processing (Art. 18 GDPR)
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a) When the data are inaccurate - for the time of their rectification
b) the data subject has objected to processing pursuant to Article 21 section 1 pending the verification whether the legitimate grounds of the controller override those of the data subject.
c) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- Right to data portability (Art. 20 GDPR)
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. The data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The right referred to in this paragraph shall not adversely affect the rights and freedoms of others.
- Right to object (Art. 21 GDPR)
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
The performance of the aforementioned powers of the website users may acquire a fee in cases when the relevant law provisions provide that.
In case of the breach of the aforementioned powers or the provision of the statement by the website user that its personal data are processed by the Controller unlawfully with the commonly governing law, the website user has right to lodge a compliant with a supervisory authority.
IV. Server logs
- Pursuant to the common practice of the majority of web servers, the website operator stores http enquiries directed to the website operator server (information on certain behaviour of the website users is subject to logging in the server layer). The reviewed resources are identified by the URL addresses. The detailed list of information stored in the files of www server logs reads as follows:
1.1 public IP address of a computer from which the enquiry was sent,
1.2 customer’s station name - identification performed by the HTTP protocol,
1.3 the name of the website user provided in the process of authorisation (logging),
1.4 time of receipt of the enquiry,
1.5 list of HTTP status codes,
1.6 number of bytes sent by the server,
1.7 URL address of the page previously visited by the user (referer link) - if transfer to the website occurred through a hyperlink,
1.8 information on the user’s browser,
1.9 information on errors occurring during the HTTP transaction,
The above data are not associated with particular persons browsing the pages in the scope of the website. In order to provide the highest quality of the website, the website operator occasionally analyses the files with logs in order to determine which pages in the scope of the website are most frequently visited, which web browsers are used, and whether the structure of pages includes mistakes, etc.
- The logs collected by the operator are stored for the indefinite period of time as the auxiliary material used for the proper website administration. Information included in them shall not be disclosed to any other entities than the operator or the entities related with the operator in person, by means of capital, or agreement. Under the information included in those files, the statistics constituting an assistance in the administration of the website can be generated. The summaries including such statistics do not include the features identifying the persons visiting the website.