tel.: +48 42 215 10 68
fax: +48 48 203 20 31
95-200 Pabianice,
ul.Piłsudskiego 23
E-mail adress:
oxyline@oxyline.eu

INFORMATION ON PERSONAL DATA PROCESSING

Full text

Brief summary

1. Data Controller

1.1. The Data Controller is OXYLINE Spółka z ograniczoną odpowiedzialnością with its registered office in Pabianice, ul. Piłsudskiego 23, 95-200 Pabianice, entered with No. 0000299083 in the Register of Entrepreneurs of the National Court Register, court of registration: District Court for Łódź-Śródmieście in Łódź, 20th Commercial Division of the National Court Register, registered VAT payer, NIP No. 7692143818, REGON No. 100482830, share capital: PLN 2,325,000.

1.2. From 25 May 2018, the Controller may be contacted regarding any personal data protection matters at: daneosobowe@oxyline.eu

If you have any questions, comments or requests, please contact us at: daneosobowe@oxyline.eu

2. Purpose and legal basis of data processing

2.1. From 25 May 2018, the legal basis for the processing of personal data by the Data Controller is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), and other applicable provisions of law.

2.2. Legal grounds for personal data processing:

a) Article 6(1)(b) and Article 6(1)(c) of the GDPR for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract, and for compliance with a legal obligation to which the Data Controller is subject.

b) Article 6(1)(f) of the GDPR for the purposes of the legitimate interests pursued by the Data Controller or by a third party which processes the data under authorisation of the Data Controller.

c) Article 6(1)(a) of the GDPR for direct marketing of products and services of entities collaborating with the Data Controller.

2.3. Direct marketing referred to in Clause 2.2 may be pursued by the Data Controller with the use of electronic communication means, telecommunications terminal equipment and automated calling systems (once relevant consent has been obtained).

From 25 May 2018, new provisions on personal data protection apply.

The Controller collects and processes personal data solely on the basis of applicable provisions of law.

Some of the Controller’s activities are based on the User’s explicit request, others are connected with the Controller’s obligations and legitimate interests.

3. Legitimate interests pursued by the Data Controller or by a third party which processes the data under authorisation of the Data Controller.

3.1. The Data Controller or a third party processes personal data on the basis of the following legitimate interests:

3.1.1. Ensuring safety of personal data protection;

3.1.2. Direct marketing of own products and services;

3.1.3. Transfer of personal data between the Data Controller and related entities for internal administrative purposes;

3.1.4. Fraud prevention;

3.1.5.  Securing of claims of the Data Controller;

As part of the legitimate interests pursued by the Data Controller or a third party, data will be processed to prevent fraud, to do direct marketing of own products and services, to pursue administrative purposes within the group of related entities, and to secure claims of the Data Controller.

4. Data recipients

4.1. Collected personal data will be available to the Controller’s counterparties used by the Controller for provision of its services, providers of tools, providers of services supporting the Data Controller’s marketing activities and business, and other recipients, if so required under legal provisions.

Personal data provided to the Controller will be processed only by specific categories of entities, always as part of authorised activities.

5. Transfer of personal data to a third country or international organisation

5.1. Personal data may be transferred to recipients in countries outside the European Union in the following cases:

5.1.1. If necessary for the performance of a contract or in order to take steps prior to entering into a contract;

5.1.2. As part of technical solutions used by the Controller (cloud computing, e-mail, hosting);

5.1.3. With the User’s consent.

Personal data are transferred outside the European Union only in justified cases, in accordance with appropriate GDPR-compliant standards of protection, in particular the Standard Contractual Clauses or the Privacy Shield regulations approved by the European Commission.

6. Period of personal data storage

6.1. Personal data provided to the Controller will be stored for the following periods:

6.1.1. Personal data processed for the entering into and performance of a contract and for compliance with a legal obligation to which the Controller is subject will be stored for the term of the contract and thereafter for a period connected with commercial warranty to which the Users are entitled and the Controller’s right to secure or pursue claims against the User, and for compliance with a legal obligation to which the Controller is subject (e.g. tax settlements).

6.1.2. Personal data processed for the purposes of marketing of the Controller’s own products and services in accordance with the legitimate interests pursued by the Controller or by a third party will be processed until the data subject objects thereto.

6.1.3. Personal data processed on the basis of separate consent will be processed until consent is withdrawn.

The Controller will store personal data only for periods required for ensuring compliance with its obligations and, in the case of consent given by the User, until consent is withdrawn.

7. Rights of the User

7.1. The User has the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing (applies to personal data referred to in Clause 2.2(b)) as well as the right to data portability (e.g. transfer to another data controller).

7.2. If the Controller does not take action on the request of the data subject, the Controller will inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority (President of the Office for Personal Data Protection) and seeking a judicial remedy.

7.3. Where the processing of personal data is based on consent referred to in Clause 2.2(c), the User has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

7.4. Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the provisions on personal data protection.

7.5. Without prejudice to any other administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority in accordance with Clause 7.4, each data subject has the right to an effective judicial remedy if the data subject considers that the processing of personal data relating to him or her infringes the provisions on personal data protection.

The Users have a number of rights connected with the provided personal data. The User has the right to request information on how data are processed, the right to access or rectify data, to request erasure or restriction of processing of data, and to transfer data to another entity.

If you wish to exercise your rights or have any questions in this respect, contact the Controller as specified in Clause 1.

In Poland, the supervisory authority is the President of the Office for Personal Data Protection.

8. Information about cookies

8.1. The Website uses cookies.

8.2. Cookies are IT data, in particular text files, stored on the end device of the Website User and intended for use of the Website pages. Usually, cookies contain the name of the website they come from, the period of storage on the end device, and a unique identifier.

8.3. Cookies are placed on the end device of the Website User and accessed by the Website Operator.

8.4. Cookies are used for the following purposes:

8.4.1. to produce statistics which help us understand how the Website Users use web pages, which allows for improving their structure and content;

8.4.2. maintaining the Website User’s session (after logging in); as a result, the User does not have to enter the login and password again on each Website page;

8.4.3. to profile the User with a view to displaying to him or her adapted materials in advertising networks, in particular Google network.

8.5. The Website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files stored on the User’s end device until logging out, leaving the web page or switching off the software (web browser). Persistent cookies are stored on the User’s end device for a period specified in cookies settings or until they are deleted by the User.

8.6. Usually, software for browsing web pages (web browser) allows for storage of cookies on the User’s end device by default. The Website Users may change settings in this respect. Cookies may be deleted through a web browser. Cookies may also be automatically blocked. You will find detailed information in the help section or documentation of the web browser.

8.7. Limitations on use of cookies may affect certain functionalities available on Website pages.

8.8. Cookies placed on the Website User’s end device may also be used by advertisers and partners collaborating with the Website Operator.

8.9. Cookies may be used by advertising networks, in particular Google network, for displaying advertisements adapted to how the User uses the Website. For this purpose, they may save information about the User’s navigation path or time spent on a given web page.

8.10. In respect of information about the User’s preferences gathered by Google advertising network, the User may browse and edit information originating from cookies with the use of the following tool: https://www.google.com/ads/preferences/

Principles governing the use of cookies.

9. Server logs.

9.1. Information about certain user behaviours is server-logged. Such data are used solely for administering the website and ensuring that hosting services are provided as efficiently as possible.

9.2. Browsed resources are identified through URLs. Furthermore, the following may be saved:

9.2.1. time of enquiry,

9.2.2. time of response,

9.2.3. client station name – identification through HTTP protocol,

9.2.4. information about errors during HTTP transaction,

9.2.5. URL of the website previously visited by the user (referrer link) – if the Website was accessed from a link,

9.2.6. information about the user’s web browser,

9.2.7. information about IP address.

9.3. The above-mentioned data are not matched to specific visitors.

9.4. The above-mentioned data are used for server administration purposes only.

Information relating to data used by server logs.

10. Cookies management – how to give and withdraw consent in practice?

10.1. If the user does not wish to receive cookies, he or she may change browser settings. Please note that disabling of cookies necessary for authentication, safety, user preference maintenance processes may hinder and, in extreme cases, prevent any use of web pages.

10.2. In order to manage cookies settings, select browser settings and follow the instructions.

How to withdraw consent for use of cookies by the Controller?

quanmedia