Administrator–K&W Expert Sp. z o.o. ul. Hutnicza 11E, 81-061 Gdynia, NIP: 9581687640
Personal Data – all information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, online identifier and information collected through cookies and other similar technology.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Website – a website run by the Administrator at the address www.kwexpert.pl
User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.
2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE
In connection with the User's use of the Website, the Administrator collects data to the extent necessary for commercial contact as well as information about the User's activity on the Website using cookies. Detailed rules and purposes of processing personal data collected during the use of the Website by the User are described below.
3. PURPOSES AND LEGAL BASES OF DATA PROCESSING ON THE WEBSITE
USE OF THE KWEXPERT.PL SERVICE
Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies) and who are not registered Users (i.e. persons who do not have a profile on the Website) are processed by the Administrator:
- in order to provide services by electronic means in the scope of making available to Users the content collected on the Website, providing contact forms – then the legal basis for processing is the necessity of processing for the performance of the contract (art. Article 6 (1) 1 lit.b GDPR);
- for marketing purposes of the Administrator and other entities, in particular related to the presentation of behavioral advertising – the principles of processing personal data for marketing purposes are described in the "MARKETING" section.
- The User's activity on the Website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities regarding the IT system used to provide services by the Administrator). Information collected in logs processed in connection with the provision of services. The administrator also processes them for technical purposes, in particular, data may be temporarily stored and processed in order to ensure the security and proper functioning of IT systems, e.g. in connection with making backup copies, testing changes in IT systems, detecting irregularities or protection against fraud and attacks.
The administrator provides the opportunity to contact him using electronic contact forms. Using the form requires providing personal data necessary to contact the User and respond to the inquiry. The user may also provide other data in order to facilitate contact or handle the inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to provide them results in the inability to handle it. Providing other data is voluntary.
Personal data is processed:
- in order to identify the sender and handle his inquiry sent via the form provided – the legal basis for processing is the necessity of processing for the performance of the contract for the provision of services (Art. Article 6 (1) 1 lit.b GDPR);
The Administrator processes Users' personal data in order to carry out marketing activities, which may consist in:
sending e-mail notifications about interesting offers or content, which in some cases contain commercial information;
conducting other types of activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
In order to carry out marketing activities, the Administrator in some cases uses profiling. This means that thanks to the automatic processing of data, the Administrator evaluates selected factors concerning natural persons in order to analyze their behavior or create a forecast for the future.
5. DIRECT MARKETING
If the User has agreed to receive marketing information via e-mail, SMS and other means of electronic communication, the User's personal data will be processed for the purpose of sending such information. The basis for data processing is the legitimate interest of KW Expert consisting in sending marketing information within the limits of the consent given by the User (direct marketing). The user has the right to object to the processing of data for the purposes of direct marketing, including profiling. The data will be stored for this purpose for the duration of kw expert's legitimate interest, unless the User objects to receiving marketing information.
6. SOCIAL NETWORKS
The Administrator processes personal data of Users visiting the Administrator's profiles conducted in social media (Facebook, YouTube, Instagram). These data are processed only in connection with running a profile, including in order to inform Users about the Administrator's activity and promote various types of events, services and products, as well as to communicate with users via functionalities available in social media. The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest (art. Article 6 (1) 1 lit. f GDPR) consisting in promoting your own brand and building and maintaining a brand community.
7. COOKIES AND SIMILAR TECHNOLOGY
Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information that facilitates the use of the website – e.g. by remembering the User's visits to the Website and the activities performed by him.
- cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
- authentication cookies used for services requiring authentication for the duration of the session (authentication cookies);
- cookies used to ensure security, e.g. used to detect user centric security cookies);
- session cookies of media players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
- persistent cookies used to personalize the User's interface for the duration of the session or slightly longer (user interface customization cookies);
- cookies used to remember the contents of the basket for the duration of the session (shopping cart cookies);
- cookies used to monitor traffic on the website, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze the use of the Website by the User, to create statistics and reports on the functioning of the Website). Google does not use the collected data to identify you or combine this information to enable identification. Detailed information about the scope and principles of data collection in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners.
8. PERIOD OF PERSONAL DATA PROCESSING
The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the provision of the service or the execution of the order, until the consent is withdrawn or an effective objection to the processing of data is submitted in cases where the legal basis for data processing is the legitimate interest of the Administrator.
The period of data processing may be extended if the processing is necessary to establish, assert or defend against possible claims, and after this time only if and to the extent required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
Data subjects have the following rights:
The right to information about the processing of personal data – on this basis, the Administrator provides information about the processing of personal data to the person submitting such a request, including primarily the purposes and legal bases of processing, the scope of data held, entities to which personal data are disclosed and the planned date of their deletion;
The right to obtain a copy of the data – on this basis, the Administrator provides a copy of the processed data concerning the person submitting the request;
Right to rectification – on this basis, the Administrator removes any inconsistencies or errors regarding the processed personal data, and supplements or updates them if they are incomplete or have changed;
The right to delete data – on this basis, you can request the deletion of data whose processing is no longer necessary to achieve any of the purposes for which they were collected;
Right to restriction of processing – on this basis, the Administrator ceases to perform operations on personal data, with the exception of operations to which the data subject has given consent and their storage, in accordance with the adopted retention rules, or until the reasons for limiting data processing cease to exist (e.g. a decision of the supervisory authority authorizing further processing of data is issued);
The right to data portability – on this basis, to the extent that the data are processed in connection with the concluded contract or expressed consent, the Administrator issues data provided by the person to whom they relate in a format that allows them to be read by a computer. It is also possible to request the transfer of this data to another entity – provided, however, that there are technical possibilities in this respect both on the part of the Administrator and this other entity;
The right to object to the processing of data for marketing purposes – the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such an objection;
The right to object to other purposes of data processing – the data subject may at any time object to the processing of personal data on the basis of the legitimate interest of the Administrator (e.g. for analytical or statistical purposes or for reasons related to the protection of property). An objection in this respect should contain a justification and is subject to the Administrator's assessment;
The right to withdraw consent – if the data are processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal of this consent;
Right to complain – if it is considered that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, the data subject may submit a complaint to the President of the Office for Personal Data Protection.
A request for the exercise of the rights of data subjects may be submitted:
- in writing to the following address: K&W Expert Sp. z o.o. ul. Hutnicza 11E, 81-061 Gdynia
- by e-mail to the following address: firstname.lastname@example.org
- what right the person submitting the application wants to use (e.g. the right to receive a copy of the data, the right to delete the data, etc.);
- what processing process the request concerns (e.g. use of a specific service, activity on a specific website, receipt of a newsletter containing commercial information to a specific email address, etc.);
- what purposes of the processing the request concerns (e.g. marketing purposes, analytical purposes, etc.).
If the Administrator is unable to determine the content of the request or identify the person submitting the application based on the submitted application, he will ask the applicant for additional information.
You will be not able to respond to your request within one month of receiving it. If it is necessary to extend this period, the Administrator will inform the applicant about the reasons for such an extension.
The answer will be given to the e-mail address from which the application was sent, and in the case of applications sent by post, by ordinary letter to the address indicated by the applicant, unless the content of the letter indicates a desire to receive feedback to the e-mail address (in this case, an e-mail address must be provided).
10. DATA RECIPIENTS
In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for operating IT systems, entities such as legal entities and entities related to the Administrator.
The Administrator reserves the right to disclose selected information about the User to competent authorities or third parties who submit a request for such information, based on the appropriate legal basis and in accordance with the provisions of applicable law.
11. TRANSFER OF DATA OUTSIDE THE EEA
The Administrator does not transfer the collected data outside the EEA.
12.SECURITY OF PERSONAL DATA
The Administrator conducts risk analysis on an ongoing basis in order to ensure that personal data are processed by him in a secure manner – ensuring, first of all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks performed by them. The Administrator ensures that all operations on personal data are recorded and carried out only by authorized employees and associates.
The Administrator takes all necessary actions to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures in each case when they process personal data at the request of the Administrator.
Contact with the Administrator is possible via e-mail address email@example.com
The policy is constantly reviewed and updated if necessary.