This Privacy Notice (hereinafter referred to as the “Notice”) provides information on how Ignitis Polska Sp. z o.o.with its registered office in Warsaw (02-566) at ul. Puławska 2 building A, entered into the register of entrepreneurs maintained by the District Court for the Capital City of Warsaw, 13th Commercial Department of the National Court Register under no. KRS 0000681577; (hereinafter referred to as the “Company”) processes personal data.
The provisions of the Notice are applicable to natural persons whose personal data is processed by the company:
i) the customers who use, used, expressed willingness to use or are otherwise related to the services provided by the Company (hereinafter referred to as the “Customers”);
ii) the persons who address the Company by submitting their applications, requests directly or by means of distance communication including telephone, e-mail, etc.;
iii) the persons who visit the Company’s website ,etc.
This Notice contains general provisions. Additional information on personal data processing by the Company may be provided in the Company’s contracts, other documents, on the website, self-service website or By remote client service channels (telephone, e-mail, etc.).
The Company will notify of any amendments to this Notice by publishing them on the Company’s website. In certain cases, the Company may inform persons of the amendments by mail, e-mail or otherwise (e.g. publishing them in the press).
For the purposes of this Privacy Notice, the terms and abbreviations have the following meanings:
– “Personal Data” means any information in relation to an identified or unidentified natural person (e.g. name, surname, contact details etc.).
– “Natural person“ (data subject)–person, whose data is processed (for example, Clients of theCompany, persons who apply to the Company by submitting applications or requirements, users of the Company’s website etc.).
– “Data Processing” means any action carried out with personal data (e.g. recording, storage, granting access, transfer etc.).
– “Services” shall mean any goods and services provided by the Company.
Other terms used in this Notice shall have meaning as defined in the legal acts regulating protection of personal data (the General Data Protection Regulation (EU) 2016/679, the Polish Law on Legal Protection of Personal Data and other legal acts.
The Company processes personal data only in certain specific cases on the legal grounds set forth in the legal acts, i.e. where data processing is necessary for conclusion and/or performance of a contract concluded with a person, the person has given his or her consent to processing his or her data for one or several specific purposes, the Company must process personal data with a view to compliance of the requirements of the legal acts or personal data must be processed for the Company’s legitimate interest.
The main purposes sought by the Company by processing personal data:
– Dealing with the enquiries. The Company processes personal data in dealing and resolution of theenquiries for information and enquires or complaints made in accordance with the requirements of the contract, on the basis of the consent or according to the requirements of the legal acts.
– Direct marketing. The Company may process personal data by putting forward offers, news on theprovided Services, information on the events to take place on the basis of the person’s consent.
– Other purposes. The Company may also process personal data for other purposes if it has obtainedthe person’s consent and must process personal data in accordance with the requirements of the legal acts or on the basis of legitimate interests.
In all afore-mentioned cases, the Company processes personal data only to the extent necessary for achievement of the respective clearly defined lawful purposes in accordance with the personal data protection requirements.
The main categories of personal data and data processed by the Company for the afore-mentioned purposes and on the afore-mentioned legal grounds are as follows:
– Identity data: name, surname, personal identification number, date of birth etc.
– Contact details: address, telephone number, e-mail address etc.
– Cookie data: information on the location of the person (city), hobbies of the person, his or herbehavior on the Company’s website, interests etc. (more details in the section “Cookies and use thereof”).
– Other data processed by the Company on the legal grounds provided for in the legal acts.
The Company processes personal data provided by the persons themselves or received by the Company from other sources such as public or private registers to the extent it is necessary on the basis of the contract, consent, legal acts or legitimate interests of the Company.
The Company is entitled to transfer the processed personal data to the recipients of the following categories in accordance with the requirements of the legal acts:
– Service providers. The Company is entitled to transfer the processed personal data to third partiesacting in the name of the Company and/or on the Commission’s instruction and providing the customer service, software support, accounting and other services to the Company with a view to ensuring proper provision, management and development of the Company’s Services. In such cases, the Company assumes all reasonable measures to ensure that the contracted service providers (data processors) processed the provided personal data only for the purposes for which the data was provided ensuring the appropriate technical and organizational security measures in accordance with the Company’s instructions and the requirements of the valid legal acts.
– Authorities and care institutions. The Company may provide the processed personal data to publicauthorities or law enforcement institutions, police or supervisory authorities where this is obligatory according to the valid legal acts or with a view to ensuring the Company’s rights or the security of the Company’s customers, employees and property.
– Other third parties. The Company may provide personal data to other recipients on the lawful groundsdefined in the legal acts.
The Company processes personal data not longer than necessary for the indicated data processing purposes or provided for in the applicable legal acts if they set forth a longer data storage period.
To set the data storage period, the Company applies the criteria which correspond to the obligations provided for in the legal acts taking into account the person’s right, for example, set such data storage period during which the requirements related to performance of the contract (if any) may be provided etc.
The Company ensures confidentiality of personal data according to the requirements of the legal acts and implementation of the appropriate technical and organizational measures aimed at protecting personal data against unlawful access, disclosure, accidental loss, alteration or destruction or other unlawful processing.
The person who contacts the Company in righting and whose identity is established by the Company is entitled:
a) to access his or her personal data processed by the Company;
b) to rectify his or her incorrect, incomplete, inaccurate personal data;
c) to request to destroy personal data or suspend personal data processing actions except for storage if this is done in violation of the requirements of the applicable legal acts;
d) to receive the personal data concerning him or her, which he or she has provided in a structured, commonly used and machine-readable format;
e) to request to delete the personal data processed by the Company where the personal data is processed in violation of the applicable legal acts or the personal data is not necessary any longer to implement the purposes for which the data is collected or otherwise processed;
f) to restrict processing of own personal data according to the applicable legal acts, for example, for the period during which the Company will assess is the person is entitled to request that his or her data was deleted;
g) to disagree with the processing of your Personal Data and / or in the case of the Processing of Personal Data by Consent – to revoke the consent given to the processing of your Personal Data, without prejudice to the consent of the processing of data until the withdrawal of consent is lawful.
Persons may apply for this Notice or personal data processing by the Company in writing by e-mail [email protected], writing at the address:
Puławska 2 building A
In the event of a failure to deal with the issues concerning processing of personal data by the Company and/or the person’s rights, the person is also entitled to apply, lodge a complaint to the State Data Protection Inspectorate.
00-193 Warsaw, Poland
Tel: 22 531 03 00
Email: [email protected]
By providing their personal data to the Company the persons certify that they have properly familiarized themselves with the terms and conditions of processing of personal data set out in this Notice, does not object that the Company processed personal data provided by the persons, the data and information provided by the persons are accurate and correct and the Company is not responsible for provision and processing of superfluous data if such data is provided by the person to the Company through negligence.
The person undertakes to notify the Company of any changes in the provided data or other related information.
The Policy is prepared pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) and the Law on Electronic Communications of the Republic of Lithuania.
COOKIES, WHAT ARE THEY
Cookies are small blocks of data which are saved by a website while a user is visiting it using a web browser (e.g., Internet Explorer, Firefox, etc.) and placed on the user’s device (e.g., computer, mobile device, tablet).
Depending on duration of the cookies, they can be either persistent cookies or session cookies. Persistent cookies stay in the user’s device until the user’s browser deletes them based on their duration period or until the user deletes them manually. Session cookies are temporary cookie files, which are erased when the user closes the browser (ends the session).
TYPES OF COOKIES
Necessary (functional) cookies are used to provide Website’s services properly so the user could browse and use the functions of the Website, i.e., they are used to ensure basic functions of the Website.
Statistics or analytics cookies are used to collect and report information anonymously which help Website owners understand how visitors interact with the Website.
Marketing or advertising cookies are used to collect information on how visitors interact with the Website, ensure that the offers (ads) that are the most relevant for the user are displayed.
Preference or technical cookies enable a website to remember user preferences and settings (e.g., preferred language or time zone). These cookies make sure users don’t have to set their preferences every time they visit the Website.
The list of cookies offered by the Website is provided in the Policy.
WHAT IS THE PURPOSE OF COOKIES
Cookies do not store information which could be used to identify the user directly, however, cookies contain information that could be used to link to the user to their device, browsing history and other information received and stored by cookies.
LEGAL BASIS FOR USING COOKIES
Legal basis for necessary cookies is the legal interest of the data controller (Article 6 (1) (f) of General Data Protection Regulation).
Legal basis for using cookies which require consent shall be the user’s consent (Article 6 (1) (f) of General Data Protection Regulation).
Necessary (functional) cookies are installed automatically, and they do not require the consent of the user. The user is informed about the use of the necessary cookies.
Unless the effective legal acts permit otherwise, all other (analytical, marketing, if used) cookies are activated on the website only after the user consents to it to the use of such cookies, i.e., only after the user selects his or her choice on the window that automatically pops up on the Website where information is provided about the use of the cookies.
Data controller shall ask for a separate consent for each type of cookie, which shall be given by the user by ticking the desired cookies and pressing the button “Accept the selected cookies”. After pressing the button “Accept all cookies”, it shall be deemed that the user accepts all listed cookies to be installed and used.
If the user does not opt into collecting and managing statistical, marketing cookies, but presses “Accept all cookies”, in that case, no cookies, except for necessary (functional) cookies, which will be used to ensure the functionality of the Website, shall be used.
The user can revoke his or her consent at any time by changing his or her browser settings and deleting the installed cookies.
If the user does not select cookies, cookies will not be installed (except for necessary cookies), but the notification about cookie use will be presented every time the user visits the Website.
PERIOD FOR STORING COOKIES
Most cookies are session cookies and disappear after the users ends his or her session (i.e., closes the browser). Other cookies (for example, statistical, marketing) are persistent cookies and are stored on the computer for a specific duration. Periods for storing persistent cookies are provided in Art. 6 of the Policy.
Session cookies are installed from the moment the user opens the browser and are stored until he or she closes it. After the browser is closed, such cookies are deleted automatically.
Persistent cookies are stored on the user’s computer until the user deletes them using the browser or their duration expires.
All browsers (for example, Internet Explorer, Microsoft Edge, etc.) provides an option to manage, delete cookies. More detailed instructions depend on the browser the user is using.
If several browsers are being used, settings need to be changed in all browsers.
Information on how to change settings of the browser or how to delete cookies can be found on www.aboutcookies.org.
If the user wants that Google Analytics stop using his or her browsing data in all websites, the user can find the information about the provisions by visiting website https://tools.google.com/dlpage/gaoptout.
CONTACTS OF THE DATA CONTROLLER
Ignitis Polska sp. z o.o.
Puławska 2, Pastatas A, 02-566, Warsaw
+48 22 4187350
Contacts of Personal Data Protection Officer: dap@greta