The controller of personal data collected through the website https://novagra.com.pl is Novagra Sp. z o.o. registered office address: ul. Stanisława Staszica 21/2, 05-825 Grodzisk Mazowiecki, address for service: ul. Wierzbowa 7, 05-870 Błonie, entered into the register of entrepreneurs under KRS number: 0000701678, NIP (VAT identification number): 1182156807, REGON number: 368619757, holding share capital in the amount of 5000, e-mail address: firstname.lastname@example.org, hereinafter referred to as the “Controller”, who is also the Service Provider. place of business: ul. Stanisława Staszica 21/2, 05-825 Grodzisk Mazowiecki, address for service: ul. Wierzbowa 7, 05-870 Błonie, NIP (tax identification number): 1182156807, REGON number: 368619757, e-mail address (e-mail): email@example.com, hereinafter referred to as the “Controller”.
Personal data collected by the Controller via the website are processed under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals concerning the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR and the Personal Data Protection Act of 10 May 2018.
TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data through the website https://novagra.com.pl in case of:
the use of the contact form. Personal data shall be processed based on Article 6(1)(f) of the GDPR to fulfil a legitimate interest of the Controller.
THE TYPE OF PERSONAL DATA BEING PROCESSED. The Controller processes the following categories of the user’s personal data:
- Name and surname,
- E-mail address,
- The phone number,
- THE ARCHIVING PERIOD FOR PERSONAL DATA.
Users’ personal data is stored by the Controller:
- where the processing is based on the performance of a contract, for as long as is necessary for the performance of the contract and thereafter for a period corresponding to the period of limitation of claims. Unless otherwise specified in a special provision, the limitation period shall be six years and, for claims for periodic benefits and claims connected with conducting a business activity, three years.
- where consent constitutes the basis for the processing of data, until the consent is revoked, and after revoking the consent for a period of time corresponding to the statute of limitations for claims that may be made by the Controller and that may be made against him. Unless otherwise specified in a special provision, the limitation period shall be six years and, for claims for periodic benefits and claims connected with conducting a business activity, three years.
When using the website, additional information may be downloaded, in particular: the IP address assigned to the user’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
Navigation data may also be collected from users, including information about the links and references they choose to click on or other actions taken on the website. The legal basis for this type of activity is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided by electronic means and improving the functionality of these services.
Providing personal data by the user is voluntary.
Personal data will also be processed automatically in the form of profiling, provided that the user gives his or her consent pursuant to Article 6(1)(a) of the GDPR. As the consequence of profiling, a profile will be assigned to a person to make decisions about them or to analyse or predict their preferences, behaviour and attitudes.
The Controller shall take particular care to protect the interests of the data subjects and shall ensure, in particular, that the collected data are:
- processed lawfully,
- collected for designated, legitimate purposes and are not subject to further processing incompatible with those purposes,
substantially correct and appropriate concerning the purposes for which they are processed and kept in a form which permits identification of the persons concerned for no longer than it is necessary to achieve the purpose of the processing.
SHARING PERSONAL DATA
Users’ personal data are passed on to the service providers used by the Controller to run the website. Service providers to whom personal data are transferred, depending on the contractual arrangements and circumstances, are either subject to the Controller’s instructions as to the purposes and methods of processing these data (processors) or they determine the purposes and methods of processing them themselves (administrators).
Your personal data is stored exclusively in the European Economic Area (EEA).
THE RIGHT TO CONTROL, ACCESS AND CORRECT OWN DATA
The data subject has the right to access to his or her personal data and the right to rectify, delete, restrict the processing, the right to transfer data, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out based on consent before its withdrawal.
The legal basis of the user’s request:
- Access to data – Article 15 GDPR
- Correction of data – Article 16 of the GDPR.
- Deletion of data (the so-called right to be forgotten) – Article 17 of the GDPR.
- Restriction of processing – Article 18 of the GDPR.
- Data transfer – Article 20 GDPR.
- Objection – Article 21 GDPR
- Withdrawal of consent – Article 7(3) of the GDPR.
To exercise the rights referred to in point 2, an appropriate e-mail may be sent to firstname.lastname@example.org.
If a user exercises their right resulting from the above rights, the Controller shall comply with the request or refuse to comply with it immediately, however, no later than within one month after receiving it. However, if – due to the complexity of the request or the number of requests – the Controller will not be able to comply with the request within one month, he will comply with it within the next two months, informing the user in advance within one month of receiving the request – about the intended extension of the deadline and its reasons.
If it is found that the processing of personal data violates the rules of the GDPR, the data subject has the right to lodge a complaint with the President of the Office for Personal Data Protection.
The Controller’s website uses “cookies”.
The installation of “cookies” is necessary for the proper provision of services on the website. Cookies contain information necessary for the proper functioning of the website, and they also provide an opportunity to compile general statistics on website visits.
The site uses the following types of “cookies”: persistent
“Persistent” cookies are stored in the user’s terminal equipment for a period of time specified in the parameters of cookies or until the user removes them.
The Controller uses his own cookies to better understand how the user interacts with the site content. The files collect information about the user’s use of the website, the type of website from which the user was redirected, the number of visits and the time the user visits the website. This information does not record the user’s specific personal data but is used to compile statistics on website usage.
The user has the right to decide on the access of “cookies” to his computer by selecting them in the window of his browser. Detailed information about the possibilities and ways of handling “cookies” are available in the settings of the software (Internet browser).
The Controller shall apply technical and organisational measures ensuring the protection of the processed personal data appropriate to the threats and categories of data subject to protection, and in particular, it shall protect the data against unauthorised access, taking away by an unauthorised person, processing in breach of the applicable regulations and alteration, loss, damage or destruction.
The Controller shall make available appropriate technical means to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.