- The Personal Data Administrator for personal data gathered via the website www.neiko.pl is Witold Szozda, conducting business activity as the printhsop Neiko Print & Publishing Witold Szozda, listed in the CEIDG of the Republic of Poland, with the operational location and contact address of ul. Piłsudskiego 20, 39-400 Tarnobrzeg, Poland, VAT PL6451515761, e-mail: email@example.com, further referred to as ‘Administrator’.
- The personal data gathered by the Administrator via the website are processed in accordance with the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) further known as GDPR.
Types of personal data processed, goal and range of data gathered
- Goal of processing and legal basis. The Administrator processes personal data via the website www.neiko.pl in the case when the User makes use of a contact form. Personal data are processed as a legally justified interest of the business owner, on the basis of art. 6(1)(f) GDPR.
- Types of personal data processed. In the case of the contact form, the user provides the following information: a) first and last name; b) email adress.
- Period of archiving personal data. Personal data of the user are archived by the Administrator: a) in the case that the basis for data processing is the fulfillment of an agreement, so long as is necessary to fulfill the agreement, and after this time through a period corresponding to the limitation period for bringing actions for damages. If a legal regulation does not state otherwise, this limitation period is six years, and for damages for benefits and damages related to running a business – three years. b) in the case that the basis for data processing is acceptance, for as long as the acceptance is not repealed, and after its repeal over the period of time related to the limitation period for bringing actions for damages regarding the Adminstrator. If the particular regulation does not state otherwise, the period of limitation is six years, and for benefits claims and damages related to running a business – three years.
- During use of the website additional information may be gathered, in particular: the IP address for the user computer or the external IP adress for the internet supplier, the domain name, the type of internet browser, period of access, type of operating system.
- User data gathered may include navigation data, including links that the user decides to click or other activities undertaken on the website. The legal basis for this type of activity is the legally justified interest of the Administrator (art. 6(1)(f) GDPR), based on facilitating the use of electronically provided services as well as the improvement in the functionality of these services.
- Providing personal data is voluntary by the User.
- Personal data will also be processed in an automated fashion in the form of profiling when the user formally accepts this on the basis of art. 6 (1)(a) GDPR. At this time no such profiling takes place on our website. The consequence of the profiling will be assigning a given person a profile with the goal of taking a decision or analysis or predicting their preferences, behaviour and attitudes.
- The Administrator takes special care to protect the interest of individuals whose data has been provided and in particular guarantees that the data gathered are:
- a) processed in keeping with the law;
- b) gathered for specific, legally justified goals and not given further processing not in accordance with these goals;
- c) correct in content and adequate in relation to the goals for which they are processed and maintained in a form whereby individuals may be identified no longer than is necessary for the processing goal.
Access to personal data
- The personal data of users are made available to service providers of the Administrator. Depending on the agreements and circumstances, service providers with access to personal data are either under the direction of the Administrator regarding the goals and means of this data processing or they are independent administrators who define the goals and means of the processing.
- Personal data of the users are maintained only on the grounds of the European Economic Area (EEA).
The right to control, access and correct content of personal data
- The individual whose data this relates to has the right to access the content of their personal data and the right to correct, delete, limit its processing, the right to transfer data, the right to raise a complaint, the right to rescind acceptance in any given moment without influencing the legally-based processing which took place on the basis of the acceptance before its rescinding.
- Legal bases for user claims: a) Access to data – art. 15 GDPR b) Correction of data – art. 16 GDPR c) Removal of data (the right to be forgotten) – art. 17 GDPR d) Limitation of processing – art. 18 GDPR e) Transferal of data – art. 20 GDPR f) Objection – art. 21 GDPR g) Rescinding acceptance – art. 7(3) GDPR.
- In order to fulfill the rights mentioned in point 2, the user may send an appropriate email to the address: firstname.lastname@example.org.
- In the case that the user raises a claim based on the above regulations, the Administrator will fulfill the demand or else immediately refuse to do so, no later than one month after its receipt. If, however – due to the complicated nature of the demand or demands – the Administrator is not able to fulfill this demaind during one month, he will do so during the following two months, informing the user beforehand within a month’s time of receiving the demand – of the planned extension of the deadline and the reason for it.
- In the case that it is determined that processing of the personal data has compromised GDPR regulation, the individual whose data is concerned has the right to raise a complaint to the Head of the Personal Data Protection Office In Poland (UODO).
- The Administrator’s website uses ‘cookie’ files.
- Installation of cookie files is necessary for the proper website service provision. The information in cookie files is necessary for the proper website service provision. Cookies also allow for creation of general statistics regarding website visitors.
- There are two kinds of cookie files: session and persistent cookies.
- Session cookies are temporary files that are kept on the end-line user device until the user closes their browser.
- Persistent cookies are kept on the end-line user device for a period of time in the cookie parameter files until their deletion by the user.
- The Administrator uses their own cookies in order to better understand users’ use of website content. Files contain information on the method of use fo the webpage by the user, the type of webpage from which the user was directed, and the umber of visists and the time of the user visit on the website. These information do not register the concreto personal data of the user, but rather serve to develop website user statistics.
- The user has the right to decide re the access to cookie files on their computer via their prior choice in the browser window. Detailed information about the means of cookie file service are available in the internet browser program settings.
- The Administrator uses the technical and organizational means to guarantee the protection of personal data processed that is appropriate to the threat and category of protected data, and in particular secures data from access by unauthorized individuals, collection by unauthorized individuals, illegal processing and change, loss, damage or destruction.
- The Administrator takes the appropriate technical steps to prevent the collection and modification of personal data gathered in electronic form by unauthorized individuals.
- The user may not use the services performed by the Printshop anonymously or under a pseudonym.