1.1. Controller – Wojciech Górzny, conducting business activity under the business name of “HYDROPRESS” Wojciech Górzny, ul Rawska 19B, 82-300 Elbląg, NIP 5782167833, REGON 170372942. Postal address: ul. Rawska 19B, 82-300 Elbląg, phone number: 55 625 51 00, e-mail address: email@example.com.
1.2. Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including a device IP, location data, an online identifier and information collected through cookies and other similar technology.
1.3. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.5. GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
1.6. Website means the website maintained by the Controller at https://hydropress.pl.
1.7. User means any natural person entering the Website or using one or more services or functionalities described in the Policy.
2.2. The principles set out below are in line with the legal norms in force in Poland and in the European Union, including but not limited to the General Data Protection Regulation (GDPA).
2.5. The Visitor’s and User’s personal data are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) / GDPR) and the Act on the provision of services by electronic means of 18 July 2002 (Journal of Laws of the Republic of Poland of 2002, No 144, item 1204, as amended).
2.6. The Controller takes special care to protect the interests of data subjects, and in particular ensures that the data it collects are processed lawfully; collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes; substantially accurate and adequate in relation to the purposes for which they are processed and stored in a form which permits the identification of data subjects for no longer than it is necessary for the processing purposes.
3. PURPOSE AND SCOPE OF DATA COLLECTION AND RECIPIENTS OF DATA
3.1. Each time the purpose, scope and recipients of data processed by the Controller result from actions taken by a Visitor or Website User.
3.2. Possible purposes of collecting personal data of Visitors or Users by the Controller:
3.2.1. providing services and ensuring appropriate User service,
3.2.2. concluding and implementing the Electronic Services Agreement (e.g. concerning the Account),
3.2.3. direct marketing of the Controller’s own products or services.
3.2.4. accepting and processing Users’ objections and inquiries,
3.3. Possible recipients of personal data of Website Users and Visitors:
3.3.1. In the case of a Customer who submits an inquiry regarding the products and services offered by the Controller, the Controller makes the collected personal data of the User available to a selected Controller’s representative as part of the network of Hydropress Branches and Sales Offices.
3.4. The Controller may process the following personal data of Website Users or Visitors: first and last name; e-mail address; contact telephone number; delivery address (street, house number, house unit number, postal code, town, country), address of residence/business/registered office (if different from the delivery address). In the case of Users or Visitors who are not consumers, the Controller may additionally process the company name and tax identification number (NIP) of the User or Visitor.
3.5. If the User consents to the processing of his or her personal data for marketing purposes (by accepting the relevant Clause), the User’s data will then be collected and used by the Service Provider or companies of the “Hydropress” group of companies in Poland – in the event of consent to making the data available for the purposes of presenting offered products and services and other marketing activities.
3.6. If the User consents to the processing of his or her personal data in order to receive commercial information in the form of a newsletter in accordance with Article 172(1) of the Act of 16 July 2004 Telecommunications Law (i.e. Journal of Laws of the Republic of Poland of 2014, item 243), the User’s data will be collected and used by the Service Provider or will be made available to companies of the “Hydropress” group of companies in Poland – only in the case of giving appropriate consent for this purpose. The User’s consent to the processing of his or her personal data for the purpose of receiving commercial information means the User’s consent to the processing of his or her personal data for marketing purposes.
3.7. Data collected through direct User’s contact with an employee/consultant of the Service Provider or the Controller shall be used only to contact the User and provide assistance to the User.
4. COOKIES AND OPERATIONAL DATA
4.2. Cookie files are IT data, in particular text files, which are stored on the User’s end device and are intended the Website use. Cookies usually contain the name of the website from which they originate, their retention time on the end device and a unique number. Cookies are used to create statistics, allow automatic recognition of the computer’s IP address on the next visit and enable maintaining a logged-in User’s session.
4.3. Cookies referred to in 4.2. are files sent to the User’s computer or other device while browsing the Website.
4.4. Cookies do not change the device configuration or software installed on the User’s device.
4.7. A user who wants to delete existing cookies should select the appropriate settings in the web browser used by him or her or delete cookies manually. The process of deleting cookies differs depending on the browser used by the User.
4.8. The Service Provider advises that blocking or deleting cookies may cause difficulties in using the Website, and in some cases prevent the use of some of its options.
4.9. The Controller may process the data contained in Cookies when visitors use the Website for the following purposes:
4.9.1. identifying Service Recipients as logged in to the Website and showing that they are logged in,
4.9.2. storing in memory the Products added to those viewed by the User when visiting the Website.
4.9.3. storing in memory data from completed Contact Forms, product inquiries, surveys.
4.9.4. adjusting the Website content to the individual preferences of the Service Recipient (e.g. regarding colours, font size, page layout) and optimisation of the use of the Website pages,
4.9.5. keeping anonymous statistics on how the Website is used.
4.11. Detailed information on changing cookies settings and their removal by the User in the most popular web browsers is available in the web browser help section and on the following pages (click the link for more information)
4.12. The Controller also processes anonymised operational data on the use of the Website (IP address, domain) to generate statistics helpful in administering the Website. Such data are aggregate and anonymous, i.e. it does not contain features which identify Website visitors. These data are not disclosed to third parties.
5. BASIS FOR DATA PROCESSING
5.1. Providing personal data by the Service Recipient or the User is voluntary, but failure to provide the personal data indicated on the Website’s page as necessary for the conclusion and implementation of the agreement for the provision of Electronic Services shall prevent concluding such agreement.
5.2. The basis for the processing of personal data of the Service Recipient or User is the necessity to perform the agreement to which he or she is a party or to take action on his or her request before its conclusion. In the case of processing data for direct marketing of the Controller’s own products or services, the basis for such processing is (1) the prior consent of the Service Recipient or User or (2) the fulfilment of legitimate purposes accomplished by the Controller in accordance with the GDPR.
6. THE RIGHT TO CONTROL, ACCESS, AND CORRECT PERSONAL DATA
6.1. The Service Recipient, Visitor or User has the right to access his or her personal data and correct them.
6.2. Each person has the right to access his or her personal data, supplement them, update them, rectify them, request the cessation of processing, delete personal data if they are incomplete, no longer up to date, untrue or have been collected in violation of applicable law or are no longer necessary to achieve the purpose for which they were collected.
6.3. The consent given by the Service Recipient, Visitor or User to data processing for the purposes of direct marketing of the Controller’s own products or services may be withdrawn at any time.
6.4. In the event that the Controller intends to process or processes the data of the Service Recipient, Visitor or User for the purpose of direct marketing of Controller’s own products or services, the data subject is also entitled to (1) submit a written, legitimate request to stop processing his or her data due to data subject’s specific situation or to (2) object to the processing of his or her data.
7. PERSONAL DATA PROTECTION
7.1. The Service Provider and third parties as personal data controllers apply technical and organisational measures necessary to protect data as required by the GDPR (appropriate to the threats and categories of data protected), in particular, they protect Users’ personal data against unauthorised disclosure, loss or damage.
7.2. The User shall properly protect the password against disclosure to third parties on its own.
7.3. The User shall bear sole responsibility and risk related to disclosing the password to third parties (also as a result of inadequate protection of the password against access by third parties) or allowing them to use his or her Account otherwise.
7.4. The User shall immediately notify the Service Provider about any unauthorised use of his or her Account or about any other breaches of security rules related to the use of the Website found by the User.
7.5. The Controller shall provide the following technical measures to prevent unauthorised acquisition and modification of personal data sent by electronic means:
7.5.1. Protecting the filing system against unauthorised access.
7.5.2. Access to the Account only after providing a unique login and password.
7.6. The Controller shall perform risk analysis on an ongoing basis to ensure that personal data are processed securely – ensuring, in particular, that only authorised persons have access to the data and only to the extent that it is necessary for the tasks they performed. The Controller shall make sure that all operations on personal data are recorded and carried out only by authorised employees and associates.
7.7. The Controller shall undertake all necessary actions so that its subcontractors and other cooperating entities guarantee that appropriate security measures are applied whenever they process personal data at the request of the Controller.
8. FINAL PROVISIONS