WEBSITE PRIVACY POLICY

 

www.matusiakteam.pl

 

  1. GENERAL PROVISIONS

    1. The controller of personal data collected via the www.matusiakteam.pl website is Tomasz Matusiak Usługi; registered office address: ul. Karolewska 3/1, 90-560 Łódź, NIP: 7291114260, REGON: 100215157, e-mail address: tomek@matusiakteam.pl hereinafter referred to as the “Controller”, who is also the Service Provider. Place of business, delivery to: ul. Karolewska 3/1, 90-560 Łódź, e-mail address (e-mail): tomek@matusiakteam.pl, hereinafter referred to as the “Controller”.
    2. Personal data collected by the Controller via the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR and the Personal Data Protection Act of 10 May 2018.
  2. TYPE OF PROCESSED PERSONAL DATA, PURPOSE AND SCOPE OF DATA COLLECTION

    1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data via the www.matusiakteam.pl website when:
      1. the user uses the contact form. Personal data are processed under Article 6(1)(f) of the GDPR as a legitimate interest of the Controller.
    2. TYPE OF PROCESSED PERSONAL DATA. The controller processes the following categories of the user’s personal data:
      1. First and last nameo,
      2. E-mail address,
      3. Telephone number,
    3. PERSONAL DATA ARCHIVING PERIOD. Personal data of users are stored by the Controller:
      1. if the basis for data processing is the performance of the contract, as long as it is necessary to perform the contract, and after that time for a period corresponding to the period of limitation of claims. Unless otherwise specified in a special provision, the limitation period is six years, or three years for claims for periodic benefits and claims related to running a business.
      2. if the basis for data processing is consent, so long as the consent is not revoked, and after the withdrawal of consent for a period corresponding to the period of limitation of claims that may be raised by the Controller and may be raised against the Controller. Unless otherwise specified in a special provision, the limitation period is six years, or three years for claims for periodic benefits and claims related to running a business.
    4. Additional information may be downloaded when using the website, in particular: IP address assigned to the user’s computer or external IP address of the ISP, domain name, type of browser, access time, type of operating system.
    5. Navigation data may also be collected from users, including information about links they decide to click or other actions taken on the website. The legal basis for such activities is the legitimate interest of the Controller (Art. 6(1)(f) of the GDPR), consisting in facilitating the use of electronic services and improving the functionality of such services.
    6. Providing personal data by the user is voluntary.
    7. Personal data will also be processed in an automated manner in the form of profiling, provided that the user gives their consent under Art. 6(1)(a) of the GDPR. The consequence of profiling will be assigning a profile to a given person in order to make decisions about them or to analyse or anticipate their preferences, behaviours and attitudes.
    8. The controller will exercise due diligence to protect the interests of data subjects, and in particular will ensure that the data it collects are:
      1. processed lawfully,
      2. collected for specified, lawful purposes and not processed further contrary to those purposes,
      3. substantively correct and appropriate in relation to the purposes for which they are processed, and stored in a form that allows the identification of the data subjects no longer than it is necessary to achieve the purpose of processing.
  3. TRANSFER OF PERSONAL DATA

    1. The personal data of users are transferred to providers of services used by the Controller when running the website. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are either subject to the Controller’s instructions as to the purposes and methods of data processing (processors) or independently define the purposes and methods of data processing (controllers).
    2. Personal data of users are stored only within the European Economic Area (EEA).
  4. RIGHT TO INSPECT, ACCESS AND RECTIFY THE USER’S DATA

    1. The data subject has the right to access their personal data and the right to rectify and erase data or restrict its processing, the right to data portability, the right to object and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
    2. Legal grounds for user’s request:
      1. Access to data – Art. 15 of the GDPR.
      2. Data rectification – Art. 16 of the GDPR.
      3. Data erasure (the so-called right to be forgotten) – Art. 17 of the GDPR.
      4. Restriction of processing – Art. 18 of the GDPR.
      5. Data portability – Art. 20 of the GDPR.
      6. Objection – Art. 21 of the GDPR
      7. Withdrawal of consent – Art. 7(3) of the GDPR.
    3. In order to exercise the rights referred to in par. 2, a relevant e-mail can be sent to the following address: tomek@matusiakteam.pl
    4. If the user exercises one of the above rights, the Controller fulfils the request or refuses to fulfil it immediately, but not later than within one month of receiving the request. However, if, due to the complicated nature of the request or the number of requests, the Controller is unable to fulfil the request within a month, it will meet them within the next two months, informing the user about the intended extension of the period and reasons for it within one month of receiving the request.
    5. If it is found that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.
  5. COOKIES

    1. The Controller’s website uses cookies.
    2. The installation of cookies is necessary for the proper provision of services on the website. Cookies provide the information necessary for the proper functioning of the website and enable the compilation of general statistics of website visits.
    3. The following types of cookies are used on the website:
    4. The Controller uses its own cookies to better understand how the user interacts with the content of the website. The files collect information about how the user uses the website, the type of website from which the user was redirected and the number and duration of the user’s visits to the website. This information does not record specific personal data of the user, instead being used for compiling statistics of website use.
    5. The user has the right to decide whether cookies are allowed access to their computer by previously selecting them in their browser window. Detailed information on how to handle cookies can be found in the software (web browser) settings.
  6. FINAL PROVISIONS

    1. The Controller applies technical and organisational measures ensuring the protection of the processed personal data appropriate to risks and categories of data under protection, in particular to protect the data against their disclosure to unauthorised persons, takeover by an unauthorised person, processing contrary to the applicable law, modification, loss, damage or destruction.
    2. The Controller provides appropriate technical measures to prevent the acquisition and modification by unauthorised persons of personal data sent electronically.
    3. The provisions of the GDPR and other relevant provisions of Polish law apply accordingly in matters not governed by this Privacy Policy.