Privacy Policy

GENERAL PROVISIONS

This privacy policy of the Website available at www.data-pal.eu (hereinafter referred to as: “Website” or “Website”) is for informational purposes, which means that it does not constitute a basis for obligations for users of the Website. The privacy policy primarily contains the rules regarding the processing of personal data by the Controller on the Website, including the basis, purposes and period of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools on the Website.

The Controller of the personal data collected via the Website shall be the company DATA PAL SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (limited liability company) based in Cracow, Poland, registered in the register of entrepreneurs of National Court Registry under the number: 0001040916; register court which holds the company’s documentation: District Court for Krakow – Śródmieście in Krakow, XI Commercial Department of National Court Registry; HQ address and office address: Lipowa 3D, 30-702 Cracow, Poland; share capital in the amount of: 5 000,00 PLN; tax ID no. NIP/VAT UE: PL6793268946, National Economy Register No. REGON 525518963; e-mail address: contact@data-pal.eu and telephone number: +48 514 005 859 (the call is charged as for a regular phone call, according to the Owner’s tariff package) – hereinafter referred to as “Controller” and being simultaneously the Owner of the Website.

 

How to quickly contact us:

  • General inquiries: contact@data-pal.eu
  • Privacy inquiries: privacy@data-pal.eu
  • Phone: +48 514 005 859 (the call is charged as for a regular phone call, according to the Owner’s tariff package)

 

Personal data on the Website shall be processed by the Controller in accordance with the binding legal regulations, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ­ hereinafter referred to as “GDPR” or “GDPR Regulation”. The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.

Using the Website is voluntary. Similarly, providing personal data by the service user using the Website is voluntary, with an exception, that failure to provide the personal data necessary for the use of electronic services on the Website (i.e., contact form) shall result in no possibility of using such services by the user. Providing personal data in such a case is a required for the purposes resulting from the legitimate interests of the Controller and if the data subject is willing to use the contact form and receive the response for their request from the Controller, they shall be obligated to provide the required data. The scope of the data required to use the Website’s electronic services is each time specified in advance on the Website by the Controller (e.g. before filling out the contact form).

The Controller assures due diligence to protect the interest of persons being data subjects, in particular being responsible and liable for and assuring that the data collected are: (1) processed in accordance with the law, including in particular the GDPR Regulation; (2) collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes; (2) collected for specific, legal purposes and not subject to further processing inconsistent with the purposes; (3) correct as regards the subject matter and adequate as regards the purpose of the processing; (4) stored in a form making it possible to identify the people they apply to, no longer than it proves necessary to attain the purpose of processing and (5) processed in a manner ensuring security of the personal data, including the protection against illicit or illegal processing or accidental loss, damage or destruction, with the use of appropriate technical and organisational measures.

Taking into account the nature, scope, context and purpose of processing as well as the risk of breaching the rights or freedoms of natural persons with varied likelihood and degree of threat, the Controller is implementing appropriate technical and organisational measures so that the processing takes place pursuant to the GDPR Regulation and it is possible to show it. The measures are reviewed and updated, as necessary. The Controller applies technical measures preventing the acquisition and modification of personal data sent electronically by unauthorised persons.

 

LEGAL DISCLAIMER

This Website is for information purposes and allows you to learn about the products and services of the Website Owner and contact him, among others: by submitting an inquiry using the contact form / booking an online meeting using the calendar available on the Website. A newsletter may also be available on the Website, the subject of which will be information about the activities of the Website Owner, news and new products and services of the Website Owner. The law applicable to the Website, these Regulations and contracts concluded on their basis is Polish law.

The Website is not an online store and it is not possible to conclude a sales contract through it (this means, m.in other things, that advertisements, price lists and other product information posted on the Website should not be treated as an offer, or possibly as an invitation to conclude a contract). The conclusion of a sales agreement may take place as a result of an inquiry addressed to the Website Owner and only after the parties have agreed on the detailed terms and conditions of such an agreement – the conclusion and terms of such an agreement are regulated, however, by a separate sales agreement or separate general terms and conditions of sale of products by the Website Owner, which will be made available by the Website Owner.

 

BASIS FOR THE PROCESSING OF DATA

The Controller is authorised to process the personal data in cases, and to the extent, when at least one of the following conditions is met: (1) the data subject consented to the processing of their data to one or more specified ends; (2) processing is necessary for contract performance the data subject is a party to, or to take actions to the request of the data subject, prior to contract conclusion; (3) processing is necessary to meet the legal obligation of the Controller; or (4) processing is necessary for the needs resulting from the legally justified interests of the Controller or third party, except for situations when the interests or basic rights and freedoms of the data subject override such interests and they require personal data protection, especially when the data subject is a child.

The processing of personal data by the Controller each time requires having at least one basis indicated above. Specific bases for processing personal data of the service users of the Website by the Controller are specified in the following point of the privacy policy – as regards the specific goal of processing personal data by the Controller.

 

PURPOSE, BASIS, AND PERIOD OF PROCESSING DATA ON THE SITE

Each time, the purpose, basis, period, and scope as well as the recipients of personal data being processed by the Controller result from actions undertaken by a given service user on the Website.

The Controller may process the personal data on the Website for the purposes, on the bases and within the periods as follows:

Purpose of data processing

Legal basis for processing the data

Period of data storage

Executing a contract for the provision of Electronic Services or acting at the request of a data subject, before concluding a contract

Article 6 par. 1 letter b) of the GDPR Regulations (performance of the contract) – processing is necessary to perform the contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract

The data shall be stored for the period necessary for the performance, termination, or expiry of the contract for the performance of services concluded with the Controller.

Direct marketing

Article 6, par. 1, point f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is required for achieving the goals based on the legitimate interest of the Controller which includes upholding interests and strengthening reputation of the Controller and the Website as well as aiming to sell services and products

The data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims as regards the data subject under the business activity of the Controller. The period of limitation shall be specified by legal provisions, in particular the Civil Code (the basic limitation period for claims related to running a business is three years, and for a sales contract – two years).The Controller may not process the data for the needs of direct marketing in the case of expressing clear objection in this field by the data subject.

Marketing

Article 6, par. 1, point a) of the GDPR Regulation (consent) – the data subject expressed the consent to process its personal data for marketing purposes by the Controller

The data are stored until the data subject withdraws the consent to further process their data to that end.

Determining, pursuing or defence of claims on the side of the Controller, or ones that may arise as regards the Controller

Article 6, par. 1, point f) of the GDPR Regulation – the processing is required for the purposes resulting from the legitimate interests of the Controller which includes determining, pursuing or defence of claims on the side of the Controller, or ones that may arise as regards the Controller

The data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims against the Controller. The period of limitation shall be specified by legal provisions, in particular the Civil Code (the basic period of limitation in the case of claims against the Controller amounts to six years).

Use of the Website and ensuring its proper functioning

Article 6, par. 1, point f) of the GDPR Regulation (legitimate interest of the Controller) – the processing is required for the purposes resulting from the legitimate interests of the Controller which includes operating and maintenance of the Website

The data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims as regards the data subject under the business activity of the Controller. The period of limitation shall be specified by legal provisions, in particular the Civil Code (the basic period of limitation in the case of claims related to business activity amounts to three years).

Preparing statistics and analysing the manner of the data subject conduct on the Website

Article 6, par. 1, point f) of the GDPR Regulation (legitimate interest of the controller) – the processing is required for the purposes resulting from the legitimate interests of the Controller which includes preparing statistics and analysing the manner of the data subject conduct on the Website in order to improve the functioning of the Website

The data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims as regards the data subject under the business activity of the Controller. The period of limitation shall be specified by legal provisions, in particular the Civil Code (the basic period of limitation in the case of claims related to business activity amounts to three years).

 

DATA RECIPIENTS ON THE WEBSITE

For the needs of proper Website functioning, it shall be necessary for the Controller to make use of external companies’ services (e.g., software provider). The Controller uses solely the services of such processing entities which ensure sufficient guarantee to implement appropriate technical and organisational measures so that the processing meets the requirements set out in the GDPR Regulation and protects the rights of data subjects.

Providing data by the Controller does not take place in every case and not to all the recipients or categories of recipients defined in the privacy policy – the Controller provides the data only in the case it proves necessary to attain a given purpose of personal data processing and solely within the necessary scope.

The Controller may provide personal data to a third country, while the Controller ensures, that it shall only be a third country which is considered to provide adequate level of protection – in accordance with the GDPR Regulation, and in the case of other countries that the transfer will take place on the basis of standard data protection clauses. The Controller ensures that the data subject has a right to get a copy of their data. The Controller provides personal data to a third country only in case and scope necessary to execute a certain purpose of data processing consistent with this privacy policy.

Personal data of the Website users may be provided to the following recipients or categories of recipients:

 – service providers rendering for the Controller technical, IT or organisational solutions, making it possible for the Controller to conduct a business, inclusive of the Website and electronic services provided via it (in particular computer software providers for the Website, e-mail companies and hosting providers as well as software providers for company management and technical aid for the Controller) – the Controller makes the collected personal data of the service user available to the selected provider operating to their order only in the case and to the extent necessary for attaining a given purpose of data processing in accordance herewith.

 – legal and counselling services providers rendering for the Controller legal, accounting or consulting services (in particular a law firm) – the Controller makes the collected personal data of the service user available to the selected provider operating to their order only in the case and to the extent necessary for attaining a given purpose of data processing in accordance herewith.

 

PROFILING ON THE WEBSITE

The GDPR Regulation requires the Controller to inform about the automated decision-making process, including profiling referred to in Article 22, par. 1 and 4 of the GDPR Regulation, and – at least in those cases – the vital information concerning the decision-making process as well as the meaning and foreseeable consequences of processing for the person being the data subject. Bearing in mind the above, the Controller specifies in this point of the privacy policy the information concerning the possible profiling.

The Controller may use profiling on the Website for direct marketing purposes, yet the decisions made on its basis by the Controller do not concern the conclusion or rejection to conclude the contract, or the possibility to make use of electronic services.

Profiling on the Website consists in automatic analysis or forecast of the conduct of a given person on the Website of the Website, e.g., by viewing the page of a specific Product on the Website. The condition for such profiling is for the Controller to have the personal data of the person, so that they can later send them e.g., a discount code.

The data subject shall have the right not to depend on the decision, which is only based on automated processing, including profiling, and has some legal effects on the person or similarly affects them.

 

THE RIGHTS OF THE DATA SUBJECT

The right to access, rectify, restrict, erase or transmit – the data subject shall have the right to demand the Controller to have access to their personal data, rectify, erase (“the right to be forgotten”) or restrict the processing and shall have the right to object to the processing and transmit their data. Detailed conditions of the above rights shall be indicated in Articles 15­22 of the GDPR Regulation.

The right to withdraw the consent at any time – the person whose data are being processed by the Controller on the basis of the consent given (pursuant to Article 6, par. 1, point a) or Article 9, par. 2, point a) of the GDPR Regulation), they shall have the right to withdraw their consent at any time without any impact on the compatibility with the right to process made based on the consent prior to the withdrawal.

The right to lodge a complaint with a supervisory body – the person whose data are being processed by the Controller shall have the right to lodge a complaint with a supervisory body in a manner and mode specified in the provisions of the GDPR Regulation and the Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland shall be the President of the Office for Personal Data Protection.

The right to object – the data subject shall have the right, at any time, to lodge a complaint – for reasons related to their particular situation – as regards the processing of their personal data based on Article 6, par.  1, point e) (public interest or official authority) or f) (legitimate interest of the controller) in the case of profiling based on the provisions. The Controller in such a case must stop processing the personal data, unless they show the existence of legally significant and justified bases for the processing, overriding the interests, rights and freedoms of the data subject, or the bases for determining, pursuing, or defending the claims.

The right to object as regards direct marketing – in the case the personal data are being processed for the needs of direct marketing, the data subject shall have the right, at any time, to lodge a complaint as regards the processing of their personal data for the needs of such marketing, including profiling, to the extent to which the processing is related to direct marketing.

To perform the rights mentioned in this point of the privacy policy, one may contact the Controller by sending them an appropriate message in writing or via e-mail to the address of the Controller indicated at the beginning of the privacy policy.

 

COOKIES ON THE WEBSITE AND ANALYTICS

Cookies are small pieces of text files sent by the server and saved on the side of the person visiting the Website (e.g., on the hard disk of a computer, laptop, or smartphone’s memory card – depending on the type of device used by the Website’s visitor). Detailed information on cookies as well as the history of their origin can be found e.g. at: https://en.wikipedia.org/wiki/HTTP_cookie.

The Controller may provide a tool on the Website for easy and active management of Cookies – available after first entering the Website and then available in the Website footer. Active management allows, among other things, to check what cookies are or can be saved when using the Website, as well as to select and later change the scope and purposes of using cookies in relation to the device and the person visiting the Website. When starting to use the Website, the visitor will be asked to select cookie settings. They can be changed later by changing the settings in this tool available on the Website, and if it is not available, read the information below regarding, among others: managing cookies from the browser level.

In the privacy policy, the Controller provides several information regarding the use of Cookies on the Website, their types, and purposes, as well as their management using e.g., web browser settings and/or the Cookie management tool available on the Website. The Controller encourages you to use the Cookie management tool available on the Website, which allows you to manage Cookies while using the Website easily and actively.

Cookies, which can be sent via the Website, can be divided into several types, according to the following criteria:

With regard to the provider:

1)    own (created by the Controller’s Website) and

2)    belonging to other persons/third parties (other than the Controller)

With regard to the period of their retention on the appliance of the Website’s visitor:

1)    session cookies (stored till the moment of closing of the Website or a browser) and

2)    persistent cookies (having some expiration period, defined by parameters of each file or until they are removed by hand)

With regard to the purpose of their usage:

1)  strictly necessary cookies (enabling proper functioning of the Website),

2)  functional/preferential cookies (enabling adjustment of the Website to the visitor’s preferences),

3)  analytical and performance cookies (collecting information on the use of the Website)’

4)  marketing, advertising and social media (collecting information about a person visiting the Website in order to display advertisements to that person, personalize them, measure effectiveness and conduct other marketing activities, including on websites separate from this Website, such as social networking sites or other websites belonging to the same advertising networks as the Website).

 

The Controller may process information contained in Cookies during visiting of the Website for the following particular reasons:

Purposes of using Cookies on the Controller’s website

Saving data from the filled-in forms on the Website (strictly necessary Cookies and/or functional/preferential Cookies)

Adjustment of the Website contents to individual preferences of the visitor (e.g., colours, font size, layout) and optimisation of the use of the Website (functional/preferential Cookies)

Keeping anonymous statistics presenting the visitor’s behaviours on the Website (analytical and performance Cookies)

Displaying and rendering of advertisements, limiting the number of ad views and ignoring advertisements that the user does not want to see, measuring the effectiveness of advertisements and personalization of ads, namely evaluating the conduct of visitors of the Website through anonymous analysis of their activities (e.g. repeated visits on particular pages, key words etc.) to create their profile and provide them with adverts matching their interests, also when they visit other websites in the advertising network of Google Inc. and Meta Platforms Ireland Ltd. (marketing, advertising and social Cookies)

 

Checking in the most popular internet browsers, which Cookie files (including the expiry period of Cookies and their provider) are being sent in a given moment by the Website can be done, as follows:

In Chrome browser:
(1) in the address bar, click the ’locked’ icon on the left, (2) go to the benchmark „Cookie files”.

In Firefox browser:
(1) in the address bar, click the ’shield’ icon on the left, (2) go to the benchmark „Allowed” or „Blocked”, (3) click the button „Tracking cookies between websites”, „Tracing elements of social networks or „Content with tracing elements”

In Internet Explorer browser:
(1) Click „Tools” menu, (2) go to „Internet options” benchmark, (3) go to „General” benchmark, (4) then go to „Settings”, (5) click the button „Display files”

In Opera browser:
(1) in the address bar, click the ’locked’ icon on the left, (2) go to the benchmark „Cookie files”.

In Safari browser:
(1) click menu „Preferences”, (2) go to „Privacy” benchmark, (3) click the button „Manage website data”

Independent of the browser used, you can apply tools available e.g., at: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/

 

As a standard, most internet browsers on the market accept saving Cookies by default. Every person has the possibility to specify the conditions of using Cookies in the browser settings. It means that one may, e.g., partially restrict (e.g. temporarily) or fully disable saving Cookies – in the latter case it may have an impact on some functionalities of the Website.

The browser settings concerning Cookies are essential as regards the consent to use Cookies by the Website – in accordance with the law, such consent may also be expressed in the browser settings. In view of lack of such consent, change the browser setting accordingly as regards Cookies. Detailed information concerning the change in Cookies settings and their individual removal in the most common browsers is available in the help section of the browser and the following websites (click the link):

 

The Controller may use Google Analytics, Google Ads services on the Website, which are provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The services help the Controller to analyse the frequency of visits on the Website. The data collected are processed in order to generate statistics helpful while administering the Website. The data are of collective nature. Using the above services on the Website, the Controller collects such data as the sources and medium of acquiring visitors of the Website and the manner of their conduct on the Website of the Website, information concerning their devices and browsers used to visit the Website, IP and domain, geographical data and demographic data (age, sex) and interests.

It is possible to easily block sharing information with Google Analytics as regards the activity on the Website – install to that end an opt-out add-on made available by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=en.

Due to the possibility of the Controller using the advertising and analytical services provided by Google Ireland Ltd on the Website, Controller indicates that full information on the principles of data processing of visitors to the Website (including information stored in Cookies) by Google Ireland Ltd. is included in the privacy policy of Google services available at the Website address: https://policies.google.com/technologies/partner-sites.

 

EXTERNAL LINKS

The website may contain links to other websites. The Controller encourages you to read the Regulations and privacy policy established there after going to other websites. These Regulations apply only to this Website.

 

CONTACT US

In case of any issues or questions regarding the use of our Website or any other questions, please contact the Owner of the Website:

  • General inquiries: contact@data-pal.eu
  • Privacy inquiries: privacy@data-pal.eu
  • Phone: +48 514 005 859 (the call is charged as for a regular phone call, according to the Owner’s tariff package)