Privacy Policy

The Privacy Policy is not a fully universal document and needs to be adapted depending on the tools and solutions used by the Administrator, as well as on the purposes of processing

I General provisions

This Privacy Policy sets forth the manner of collecting, processing, and storing personal data necessary to provide services electronically through the website in the domain (hereinafter: the Website).

The administrator of Users’ personal data is DSZ IT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, 81-006 Gdynia 230 Morska Street III (hereinafter: Administrator).

Personal data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: RODO).

The data collected by the Administrator will be:

processed in accordance with the law,

processed for clearly defined purposes and not subjected to further processing incompatible with those purposes,

substantively correct and adequate in relation to the purposes for which they are processed,

kept no longer than necessary to achieve the purpose of processing.

II. Purpose and legal basis of data processing

The Administrator processes personal data necessary for the provision and development of the offered services available through the Website and its individual functionalities.

Personal data will be processed for the following purposes:

a. Account registration, verification of the User’s identity, and execution of the agreement on the provision of services by electronic means in accordance with the Act of 18 July 2002 on the provision of services by electronic means, including in particular by ensuring the possibility of using the User’s account – on the basis of acceptance of the terms and conditions of the Regulations (Article 6(1)(b) RODO);

b. communication with the User in order to provide him/her with the necessary information and to build positive and reliable relations with him/her, which constitutes the Administrator’s legitimate interest (Article 6(1)(f) RODO);

c. to promote the Administrator’s own products and/or services and those of its Partners by directing marketing information (newsletters) via e-mail, provided that the User has consented to receive such notifications via e-mail (Article 6(1)(a) RODO);

d. to provide access to information about news in the industry directly related to the Administrator’s business, provided that the User has consented to receive such notifications via e-mail (Article 6(1)(a) RODO),

e. for analytical and statistical purposes on the basis of the Administrator’s legitimate interest consisting in conducting verification of Users’ activity and preferences for optimization of services and products and applied functionalities of the Service (Article 6 (1)(f) RODO);

f. possible establishment, assertion or defense against claims on the basis of the Administrator’s legitimate interest in protecting its rights (Article 6(1)(f) RODO).

In each of the aforementioned cases (paragraph 2), providing data is voluntary, but necessary to conclude a contract or use other functionalities of the Service.

III. Period of processing of personal data

Personal data will be processed for the period during which a person remains an active User of the Website (as a User account), and after that time for the period necessary for compliance with the law, investigation, or defense against possible claims, but no longer than 3 years counted from the date of termination of the agreement on provision of electronic services.

Data processed on the basis of consent will be processed until the withdrawal of the granted consent, with the proviso that the withdrawal of this consent does not affect the compliance of the data processing performed before this withdrawal.

IV. Information about processing

Personal data, depending on the purpose of processing, may be disclosed to:

a. entities affiliated with the Administrator

b. entities cooperating with the Administrator,

c. subcontractors, in particular entities providing and operating selected IT systems and solutions,

d. entities handling online payments,

e. entities providing courier and postal services,

f. law firms.

Personal data processed by the Administrator, will not/will not be transferred outside the European Economic Area or to international organizations.

V. Rights of data subjects

The Service User has the right to:

access to the content of their personal data

rectification of data

deletion of data

restriction of data processing

data portability

object to processing taking place on the basis of the controller’s legitimate interest

withdrawal of consent at any time without affecting the legality of the processing carried out on the basis of such consent before its withdrawal

The user has the right to lodge a complaint to the President of the Office for Personal Data Protection in a situation where he/she considers that the processing violates his/her rights and freedoms.

Automated decision-making, including profiling, does not occur in data processing.

VI. Final provisions

The Administrator reserves the right to make changes to this Privacy Policy while ensuring that the Users’ rights under this document will not be restricted.

The User will be informed about any changes in the Privacy Policy through a notice available on the Website.