1. ABOUT US
- The owner of msv.com.pl and the administrator of personal data collected via the Website is MSV with the registered legal address: Sympatyczna 2/5 St., 94-014 Lodz, Poland („Administrator")
- The Service Provider operates the Website and is responsible for proper supply of Electronic Services of the Website.
2. GENERAL PROVISIONS
- The Service Provider takes particular care in order to protect the interests of Data Subjects, and in particular to ensure that data collected by the Service Provider are processed according to the law; collected for specified and legitimate purposes and not subjected to further processing incompatible with those purposes; substantively correct and adequate in relation to the purposes for which they are processed and stored in a form which allows the identification of Data Subjects for no longer than it is necessary to achieve the purpose of processing.
- All words, phrases and acronyms appearing on this Website and beginning with a capital letter (e.g. Service Provider, Website, Electronic Service) shall be understood in accordance with their definition, contained in the Terms and Conditions of the Website, available on the Website.
- The Service Recipient’s personal data is processed in accordance with the RODO (eng. GDPR) and the Data Protection Act of 10 May 2018 (hereinafter referred to as the Personal Data Protection Act) and the Act on Providing Electronic Services of 18 July 2002. (Journal of Laws 2002 No. 144, item 1204 as amended).
3. PURPOSE AND SCOPE OF DATA COLLECTION
- Each time the purpose, scope and recipients of data processed by the Service Provider result from the actions taken by the Service Recipient on the Website. For example, if the Service Recipient intends to use the Account, his personal data will be processed in order to conclude and implement the contract for the use of the Account.
- The Administrator processes the personal data of the Service Recipient or his representatives for the following purposes:
- conclusion and implementation of the contract for the use of the Electronic Service,
- performance of obligations resulting from legal regulations, including tax and accounting regulations,
- conducting court, arbitration, administrative, court-administrative, enforcement and mediation proceedings,
- documentation of contractual relations for evidence purposes for the period of limitation of claims related to them,
- conducting direct marketing of services or goods offered by the Administrator, including via e-mail correspondence such as newsletter,
- handling complaints and claims arising from the rights under the warranty
3. The Service Provider may process the following personal data of the Service Recipients using the Website:
- Name and surname of the Service Recipient,
- e-mail address,
- Name of the cooperating Organization
- Name of the Branch of the cooperating Organization.
4. Providing personal data, mentioned in the above point, is not obligatory but it is necessary to conclude and execute the contract for providing Electronic Services on the Website. Each time, the scope of data required to conclude an agreement is indicated previously on the Website, during the use of the Website and in its Regulations.
5. The Service Recipient's personal data may be transferred to public administration organs or to other persons or third parties to the extent and in cases in which the Administrator is obliged to make them accessible due to legal regulation. In addition, the Service Recipient’s personal data may also be transferred to entities, providing accounting, bookkeeping and legal services to the Administrator on the basis of a separate agreement.
6. The Administrator declares that it has been implemented appropriate technical and organizational measures to ensure an adequate level of security referring to the risks related with the processing of entrusted personal data, as referred to in Article 32 of RODO Regulation (eng. GDPR). The Administrator shall regularly verify and update applied technical and organizational measures, so as to ensure an adequate level of protection for the personal data entrusted.
7. The Administrator declares that in order to ensure security of personal data processing there was introduced a Personal Data Protection Policy. The Personal Data Protection Policy is a measure implemented by the Administrator in accordance with Article 24 paragraph 1 and 2 of RODO Regulation (eng. GDPR), which aim is to introduce in the company run by the Administrator a procedure for handling personal data, based on which its processing by the Administrator will take place in accordance with the RODO Regulation (eng. GDPR).
8. The processing of personal data as part of the purposes indicated above in point 3 paragraph 2 includes in particular, its collection, modification, storage, viewing, updating, analyzing and archiving.
9. The Service Provider also processes anonymised data related to the use of the Website (e.g. number of Service Recipients) in order to generate Website usage statistics. This data is collective and anonymous, i.e. it does not contain any identifying characteristics of persons using the Site.
10. Personal data concerning the Service Recipients will be kept by the Administrator for the following period:
- in the case of personal data, in relation to which the legal basis for its processing by the Administrator is the fact that it is necessary for the proper performance of the contract - until statute of limitations of claims arising from this contract,
- in the case of personal data, in relation to which the basis for its processing by the Administrator is a legitimate interest - until this basis for processing expires, in particular until the claims of the Administrator expire and the Service Recipient's claims resulting from the legal relationship between them, termination of the Administrator's legal existence or a legal valid or conclusive arrangement or awarding or satysfying or defense of a claim or other privilege of the Administrator or Service Recipient in any judicial, arbitration, administrative, judicial-administrative, enforcement or mediation proceeding,
- in the case of personal data, in relation to which the basis for its processing is that it is necessary to fulfill the legal obligations incumbent on the Administrator - until that basis for processing expires.
4. COOKIES AND USAGE DATA
- Cookies are small information in the form of text files sent by a server and stored on the Website visitor's side (e.g. on the hard drive of a computer, laptop or smartphone memory card - depending on the device used by the visitor to visit our Website). Detailed information concerning Cookies as well as the history of their creation can be found, among others, here: http://pl.wikipedia.org/wiki/Ciasteczko.
- The Service Provider may process the data contained in Cookies when visitors use the Website for the following purposes:
- implementation of basic functionalities of the Website, such as: identification of Service Recipients as logged and maintaining logging sessions and storing dynamic data, e.g. statistics, summaries;
- adjusting the content of the Website to the individual preferences of the Service Recipient (e.g. regarding the website language);
- remembering the IP location, time zone;
- keeping anonymous statistics showing how the Website is used.
- Standardly, most web browsers available on the market accept the storage of Cookies by default. Everyone has the possibility to determine the conditions of using Cookies by means of settings of their own internet browser. This means that it is possible, for example, partially restrict (e.g. temporarily) or completely disable the storage of Cookies - in this last case, however, this may affect some of the functionalities of the Website.
- Detailed information on how to change the settings for Cookies and how to delete them independently in the most popular web browsers is available in the help section of web browser and on the following websites (just click on the link as below):
- in browser Chrome - https://support.google.com/chrome/answer/95647?hl=pl
- in browser Firefox - https://support.mozilla.org/pl/kb/W%25C5%2582%25C4%2585czanie%20i%20wy%25C5%2582%25C4%2585czanie%20obs%25C5%2582ugi%20ciasteczek
- in browser Internet Explorer - https://support.microsoft.com/en-us/hub/4338813/windows-help
- in browser Opera - https://help.opera.com/pl/latest/web-preferences/
- in browser Safari - https://support.apple.com/kb/PH5042?locale=en_US
- in browser Microsoft Edge - https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
- On the Website, the Administrator uses Google Analytics and Universal Analytics services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The collected data is processed as part of the above services in an anonymised way (these are the so-called exploitation data, which do not allow the identification of a person) to generate statistics to help administer the Website. Detailed information on the operation of the above services is available here: www.google.com/intl/pl/policies/privacy/partners/.
- The Administrator on the Website uses FaceBook Pixel services provided by FaceBook Inc. The collected data is processed as part of the above services in an anonymised way (these are the so-called exploitation data, which do not allow the identification of a person). Detailed information regarding the operation of these services is available here: https://www.facebook.com/business/help/742478679120153?id=1205376682832142.
5. BASIS OF DATA PROCESSING
- Providing personal data by the Service Recipient is voluntary, although failure to provide personal data specified on the Website and in the Website Regulations, which are necessary to conclude and perform the agreement for using Electronic Services, results in lack of possibility to conclude this agreement.
- The legal basis for the processing of personal data for the purpose referred to point 3 paragraph 2 point a, is that it is necessary for the performance of a contract. The legal basis for the processing of personal data for the purposes referred to in point 3, paragraph 2, point b is that it is necessary to fulfill the legal obligations incumbent on the Administrator. The legal basis for the processing of Personal Data for the other purposes indicated in point as above is the legitimate interest pursued by the Administrator.
6. RIGHTS OF THE DATA SUBJECT RELATED TO THE PROTECTION OF PERSONAL DATA
- The right to information
- The administrator, when collecting personal data, is obliged to provide to the Data Subject the following information:
- Administrator's identity and contact details and where applicable, the identity and contact details of Administrator's representative,
- where applicable, the contact details of the Data Protection Inspector,
- the purposes of the processing of the personal data, and the legal basis for the processing,
- information about the recipients of the personal data or categories of recipients, if any,
- where applicable, information about the intention to transfer Personal Data to Third World countries or to an international organisation,
- the period for which the Personal Data will be stored and, if it is this not possible, the criteria for determining this period,
- information whether providing personal data is a statutory or contractual requirement or a condition of entering into a contract and whether the Data Subject is obliged to provide the data and what are the possible consequences of not doing it.
- If the Administrator plans to further process personal data for a purpose other than the purpose for which the personal data were collected, before such further processing, the Administrator is obliged to inform the Data Subject about this other purpose and provide him with any other relevant information.
B. The right to withdraw consent to the processing of personal data
- The Data Subject has the right to withdraw consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
C. The right to access personal data
- The Data Subject shall be entitled to obtain from the Administrator confirmation whether or not Personal Data concerning them is being processed and, if it is, is entitled to access them and the following information:
- purposes of processing;
- the categories of personal data concerned;
- information about the recipients or categories of recipients to whom the personal data have been or will be revealed, in particular recipients in Third World countries or international organisations;
- if possible, the planned period of storage of personal data, and if this is not possible, the criteria for determining this period;
- information about the right to request from the Administrator to rectification, erasing or restricting the processing of personal data and to object to such processing;
- information about making a complaint to the supervisory authorities;
- if the personal data have not been collected from the Data Subject - any available information about its source;
- information about automated decision-making, including profiling as referred to in Article 22, paragraph 1 and 4 RODO Regulation (eng. GDPR), and - at least in these cases - relevant information about the rules for their making, as well as the significance and estimated consequences of such processing for the Data Subject.
- The Administrator is obliged to provide the Data Subject with a copy of the Personal Data. For any subsequent copies requested by the Data Subject, the Administrator may charge a reasonable fee based on administrative costs. If the data subject requests a copy by electronic means and, unless otherwise indicated, the information shall be provided by electronic means.
D. The right to request rectification and deleting of personal data
- The Data Subject has the right to request from the Administrator the immediate rectification of personal data concerning them that are inaccurate. Taking into account the purposes of processing, the Data Subject has the right to request for complementing incomplete personal data, including by providing an additional statement.
- The Data Subject is entitled to demand from the Administrator the immediate deleting of personal data concerning him/her and The Administrator is obliged to delete personal data without delay if one of the following circumstances occurs:
- personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
- the Data Subject has withdrawn the consent on which the processing is based, according to Article 6 paragraph 1 point a or Article 9 paragraph 2 point a RODO Regulation (eng. GDPR), and there is no other legal basis for the processing,
- the Data Subject objects under Article 21 paragraph 1 RODO Regulation (eng. GDPR) against processing and there are no superior legitimate basis for processing or the Data Subject objects under Article 21 paragraph 2 of the RODO Regulation (eng. GDPR) against processing,
- the personal data have been unlawfully processed,
- personal data must be removed in order to comply with a legal obligation provided in the law of the European Union or the law of a Member Country, to which the Administrator is subjected,
- the personal data were collected in connection with the offering of services of information society referring to Article 8 paragraph 1 RODO Regulation (eng. GDPR).
- The rights of the data subject indicated in point 2 as above do not apply to the extent that processing is necessary to exercise the right to freedom of expression and information, to establish, investigate or defend claims, to fulfill a legal obligation requiring processing under the law of the European Union or the law of a Member Country to which the Administrator is subject, or to perform a task carried out in the public interest or as part of the exercise of public authority entrusted to the Administrator, for reasons of public interest in the field of public health in accordance with Article 9 paragraph 2 point h and i RODO Regulation (eng. GDPR) and Article 9 paragraph 3 RODO Regulation (eng. GDPR) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89, paragraph 1 RODO Regulation (eng. GDPR) to the extent that the authorization will prevent or seriously impede the achievement of the purposes of such processing.
- The Administrator is obliged to provide the Data Subject with information about the rectification or deleting of personal data, unless this turns on to be impossible or requires a disproportionate effort.
E. The right to restrict processing of personal data
- The Data Subject has the right to request from the Administrator to limit the processing of personal data in the following cases:
- The Data Subject dispute the accuracy of the personal data - for a period allowing the Administrator to verify the accuracy of the personal data,
- the processing is unlawful and the Data Subject objects to the deleting of the personal data, requesting instead a restriction of its use,
- The Administrator no longer needs the personal data for the purposes of the processing, but the data are needed by the Data Subject to establish, assert or defend a claim,
- The Data Subject has objected to the processing under Article 21 paragraph 1 RODO Regulation (eng. GDPR) - to determine whether the legitimate basis of the Administrator’s side are superior against the basis for objection of the Data Subject.
- The Administrator is obliged to provide the Data Subject with information on the restriction of the processing of personal data, unless this turns on to be impossible or requires a disproportionate effort.
F. The right to transfer personal data
- The Data Subject is entitled to receive, in a structured, commonly used, machine-readable format, personal data concerning him / her provided to the Administrator, and has the right to send these personal data to another administrator without any obstacles on the part of the Administrator, if the processing takes place in an automated manner and
- a) based on the consent of the data subject or
- b) necessary for the performance of the contract.
- When exercising the right specified above, the data subject has the right to request that the personal data be sent by the Administrator directly to another administrator, if technically possible. This right does not apply to processing that is necessary to perform a task carried out in the public interest or as part of the exercise of public authority entrusted to the Administrator. This right may not adversely affect the rights and freedoms of other entities.
G. Right to object and rights related to automated decision making in individual cases.
- The Data Subject has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data based on art. 6 sec. 1 lit. e) or f) GDPR, including profiling based on these provisions. The administrator is no longer allowed to process this personal data, unless he demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the data subject, or the grounds for establishing, investigating or defending claims.
- If personal data is processed by the Administrator for the purposes of direct marketing, the data subject has the right to object at any time to the processing of his personal data for the purposes of such marketing, including profiling, to the extent to which the processing is related to such direct marketing.
- If the Data Subject objects to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.
- If personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 paragraph. 1 GDPR, the data subject has the right to object - for reasons related to his particular situation - to the processing of his personal data, unless the processing is necessary to perform a task carried out in the public interest.
- The Data Subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and has legal effects on him or similarly significantly affects him, unless this decision is necessary for the conclusion or performance of the contract between the data subject and the Administrator; is allowed by the law of the European Union or the law of the Member State to which the Administrator is subject and which provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject or is based on the express consent of the data subject.
7. FINAL PROVISIONS
- The administrator provides the following technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically:
- Securing the data set against unauthorized access;
- Access to the Account only after providing an individual login and password;
- SSL certificate.
- MSV Sympatyczna 2/5 St., 94-014 Łódź, Poland