General information
1.1. This Privacy Policy applies to the personal data of users of the Website (hereinafter referred to as the “Users”) available at www.sellpoint.pl (hereinafter referred to as the “Website”) and other categories of persons indicated in this Privacy Policy.
1.2. The Data Controller of Website Users’ personal data is the Service Provider, i.e. Sellpoint Sp. z o.o. with its registered office in Warsaw (00-193) at ul. Stawki 2A. entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under the number KRS 0000011800 (hereinafter also referred to as the “Company”).
1.3. Personal data of the Website Users will be processed by the Service Provider in order to run the Website, and in particular to:
A. ensure the smooth functioning of the Website;
B. explain the circumstances of unauthorized use of the Website;
C. create internal reports and analyses (including statistics of traffic to subpages of the Website);
D. improve the quality of the Website and
E. potentially send the electronic newsletter ordered by the User (newsletter) – in electronic form – to the indicated e-mail address by the Service Provider.
1.4. Contact details of the Data Protection Officer, and in the absence of appointment of the Data Protection Officer, the person designated to coordinate the protection of personal data in the Company: rodo_sellpoint@sellpoint.pl.
1.5. You should contact the above-mentioned person in any matter related to the protection of personal data processed by the Service Provider.
Procedures for the exercise of the rights of the data subjects.
1.6. Each natural person (hereinafter referred to as the “Requesting Party”) has the right to submit a request to the Service Provider for: (A) confirmation that the Service Provider processes personal data of the Data Subject, as well as to exercise the right of access to personal data concerning the Data Subject; (B) rectification of personal data; (C) erasure or restriction of the processing of personal data; (D) personal data portability, including the right to receive the above-mentioned personal data and send personal data to another personal data controller or to request, if technically possible, to send such personal data directly to another personal data controller (to the extent that personal data will be processed in an automated manner and for the performance of a contract or on the basis of expressed consent); (E) objection to the processing of personal data (to the extent that personal data will be processed on the basis of the legitimate interest of the Company).
1.7. The above requests will be processed by the Requested Party taking into account the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter referred to as the “GDPR”). This means that in some cases enumerated in the provisions of the GDPR, the above-mentioned rights will not be available to the Data Subject.
1.8. The request should be submitted in writing to the following address: ul. Stawki 2A, 00-193 Warsaw or send as email to the following address rodo_sellpoint@sellpoint.pl. If the Service Provider does not process personal data of the Requesting Party (apart from the fact of processing personal data for the purposes of the request itself), the request will not be processed, and the personal data of the Requesting Party will be deleted immediately.
1.9. The Service Provider will immediately inform the Requesting Party after receiving the request and will include information concerning the request in its records.
1.10. The Service Provider reserves the right to verify the identity of the Requesting Party. Failure to effectively verify the identity of the Requesting Party for reasons attributable to the Requesting Party means that the Service Provider will not process the submitted request and will immediately inform the Requesting Party about this fact.
1.11. The request will be processed by the Service Provider’s competent department designated for this purpose without undue delay, but not later than within 10 days from the date of receipt of the request by the Service Provider. The manner of proceeding the submitted request will be consulted with the Data Protection Officer appointed by the Service Provider, and in the absence of the Data Protection Officer, with the Data Protection Coordinator working in the Service Provider’s organization.
1.12. The Service Provider will provide the Requesting Party with a reply to the request not later than within three (3) weeks from the date of its receipt. In particularly complicated cases (i.e. requiring a lot of work on the part of the Company), the above deadline will be extended to two (2) months, of which the Requesting Party will be immediately informed. At the same time, the Service Provider will make every effort to ensure that the deadline is not extended, as stated above.
1.13. As a result of exercising the right of access to personal data, the Requesting Party will be provided with his/her personal data to the extent requested by the Requesting Party. The scope of information includes:
• the purpose of processing,
• the categories of personal data subject to processing,
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations,
• the planned period of storage of personal data, and if this is not possible, the method of calculating this period,
• if the personal data has not been collected from the data subject – all available information about its source,
• the use of automated decision-making, including profiling, and relevant information about the principles of its use, as well as the importance and expected consequences of such processing for the data subject,
• the right to request the Company to rectify, erase or restrict the processing of personal data and to object to such processing (if such right exists),
• the right to lodge a complaint with the supervisory authority.
1.14. In the case of exercising the right of access to personal data and the right to transfer personal data, a copy of personal data relating to the Requesting Party in commonly known and accessible machine-readable formats will be attached to the reply provided to the Requesting Party.
1.15. Any complaints related to the performance of this procedure should be sent to the address of the Data Protection Officer (DPO) of the Service Provider or the Data Protection Coordinator (in the absence of a DPO appointed by the Company) at the following address: rodo_sellpoint@sellpoint.pl. The complaint will be considered immediately, but not later than within 7 days from the date of its delivery, of which the Requesting Party will be immediately informed. The Requesting Party is also informed of the fact of receiving the complaint. Information concerning the complaint will be included in the records kept by the DPO/Data Protection Coordinator of the Company.
Other provisions
1.16. If the Service Provider applies for consent to send commercial information by electronic means (e.g. by e-mail, SMS, Bluetooth, and otherwise), the person who has given the above consent has the right to withdraw the consent by sending an e-mail to the address indicated in point 1.4. above by entering the word “resignation” in the subject line. This will also apply to any other consent obtained by the Service Provider via the Website.
1.17. The Service Provider declares that it will use its best efforts to provide Users with a high level of security while using the Website. Any events affecting the information transmission security should be reported to the address indicated in point 1.4. above.
1.18. The Service Provider reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information, in accordance with an appropriate legal basis and in accordance with the provisions of applicable law.
1.19. Apart from the cases indicated in point 1.18. above, the information concerning the User will not be disclosed to any third party or authority without the consent of the data subject.
Cookies and system log files
1.20. The Service Provider informs that when the User connects to the Website, information about the number (including IP) and the type of the User’s terminal device, via which the User connects to the Website, appears in the Website system logs. The Service Provider informs that it will also process data regarding the number (including IP) and the type of the User’s terminal device, as well as the time of connection of the above-mentioned persons with the Website and other operational data regarding the User’s activity in accordance with the provisions of applicable law. Such data will be processed in particular for technical purposes as well as to collect general statistical information.
1.21. The Service Provider will use cookies (i.e. small text files sent to the User’s device, identifying it in a way necessary to simplify or cancel a given operation) to collect information related to the use of the Website by the User. Cookies enable: maintaining the User’s session; adaptation of the Website to the User’s needs; creation of statistics of traffic to subpages of the Website.
1.22. The User can change the cookie settings at any time. To do this, you need to change your web browser’s cookie setting. These settings can be changed in such a way that the automatic handling of cookies is blocked in the settings of the Internet browser or that information is provided whenever a cookie is placed in the User’s device. Detailed information about the possibilities and methods of using cookies is available in the software settings (Web browser).
1.23. Some subpages of the Website and other means of communication with Users may contain the so-called “web beacons” (so-called electronic images, also known as empty GIFs). Web beacons allow you to receive information such as, for example, the IP (Internet Protocol) address of the computer on which the page containing web beacon was downloaded, page URL number, page loading time, browser type, as well as information contained in cookies in order to evaluate the effectiveness of our advertisements.
Hosting
1.24. The Service Provider, on the basis of a written agreement, will entrust the processing of all personal data provided by the User as well as other data referred to in this Policy to Home.pl, with its registered office in Warsaw, for the purpose of the proper performance of activities related to hosting, administration, maintenance, and management of the Website by the above-mentioned company.
1.25. Date of the last update of the Privacy Policy: 8 June 2018.
| INFORMATION ON THE PROCESSING OF PERSONAL DATA | |
| Personal Data Controller | |
| The Data Controller of your personal data is Sellpoint Sp. z o.o. with its registered office in Warsaw (00-193) at ul. Stawki 2A. entered into the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under the number KRS 0000011800 (hereinafter referred to as the “Company”). | |
| Contact person for matters related to the processing of personal data | |
| In matters related to the processing of personal data, you can send email to the following address: rodo_sellpoint@sellpoint.pl | |
| The purpose of personal data processing | The legal basis for personal data processing |
| If you are a User of the Website, your personal data will be processed on the basis of the legitimate interest of the Company, i.e. for the purposes indicated in point 1.3. of the Company’s Privacy Policy http://sellpoint.pl/polityka-prywatnosci/ or on the basis of consent to receive commercial information in the event that the Company has received such consent from you. | Article 6 section 1 letter f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as: the “GDPR” in the case of the legitimate interest of the Company. Article 6 section 1 letter a) of the GDPR in the event that the Company has received your consent to receive commercial information. |
| If you are a natural person running a sole proprietorship aimed at concluding an Agreement with the Company, your personal data will be processed for the purpose necessary to (A) take measures before concluding an agreement with you, (B) to perform the agreement if it has been concluded and any receivables have been claimed and (C) for the purposes of fulfilling obligations under tax law and accounting regulations. | Article 6 section 1 letter b) of the GDPR Article 6 section 1 letter c) of the GDPR Article 6 section 1 letter f) of the GDPR |
| If you are the person representing the contractor of the Company, appointed to contact the Company, your personal data will be processed for the purposes resulting from the legitimate interests pursued by the Company, ensuring contact with the contractor and verifying whether the person who contacts the Company is entitled to take measures on behalf of the contractor, as well as: (A) in order to perform the contract between the Company and the entity represented by you and (B) for the purposes of fulfilling obligations under tax law and accounting regulations. | Article 6 section 1 letter c) of the GDPR Article 6 section 1 letter f) of the GDPR |
| If the contact form is used by persons who are not contractors of the Company or persons representing them, your data will be processed for the purposes resulting from legitimate interests pursued by the Company, i.e. answering the question sent via the contact form and ensuring contact with you. | Article 6 section 1 letter f) of the GDPR |
| Who will receive your personal data? | |
| The recipients of your personal data may include entities cooperating with the Company in the scope of services provided to the Company (e.g. subcontractors) and supporting the Company’s ongoing business processes. | |
| How long personal data will be stored? | |
| If you are a User of the Website, your personal data will be stored for the period necessary to fulfil the purposes indicated in point 1.3. of the Company’s Privacy Policy. | |
| If you are a natural person conducting a sole proprietorship aimed at concluding a contract with the Company, your personal data will be stored for the duration of the contract concluded between you and the Company (if such a contract was actually concluded), and after that period for the limitation period for possible claims. Moreover, your personal data will be stored for the period required by tax law and accounting regulations. | |
| If you are the person representing the contractor, your personal data will be stored for the duration of the contract concluded between the entity represented by you and the Company, and after this period for the limitation period for any claims. Moreover, your personal data will be stored for the period required by tax law and accounting regulations. | |
| Your personal data obtained by the Personal Data Controller in connection with the use of the contact form will be processed for the time necessary to undertake measures aimed at responding to the question sent via the form. | |
| What rights do you have in relation to the processing of your personal data? | |
| If you are a User of the Website, you have the right to: § access your personal data, § rectify your personal data, § erase your personal data, § restrict the processing of your personal data, § transfer your personal data, including the right to receive personal data and send personal data to another personal data controller or to demand, if technically possible, sending such data directly to another personal data controller (to the extent that the data will be processed in an automated manner and for the purpose of performing a contract or on the basis of consent). § You have the right to lodge a complaint with the supervisory authority relating to personal data protection, § object to the processing of personal data (to the extent that the data will be processed in the legitimate interest of the Company). |
|
| If you are a natural person conducting sole proprietorship aimed at concluding an agreement with the Company, you have the right to: § access your personal data, § rectify your personal data, § erase your personal data, § restrict the processing of your personal data, § transfer your personal data, including the right to receive personal data and send personal data to another personal data controller or to demand, if technically possible, sending such data directly to another personal data controller (to the extent that the data will be processed in an automated manner and for the purpose of performing a contract or on the basis of consent). § You have the right to lodge a complaint with the supervisory authority relating to personal data protection, § object to the processing of personal data (to the extent that the data will be processed in the legitimate interest of the Company). |
|
| If you are the person representing the contractor, you have the right to: § access your personal data, § rectify your personal data, § erase your personal data, § restrict the processing of your personal data, § object to the processing of personal data (to the extent that the data will be processed on the basis of the legitimate interest of the Company), § You have the right to lodge a complaint with the supervisory authority relating to personal data protection. |
|
| If you use the contact form, you have the right to: § access your personal data, § rectify your personal data, § erase your personal data, § restrict the processing of your personal data, § You have the right to lodge a complaint with the supervisory authority relating to personal data protection, § object to the processing of personal data. |
|
| Is the provision of personal data obligatory? | |
| Website Users provide their personal data voluntarily. The provision of personal data is necessary if you want to use the Website. | |
| If you are a natural person running a sole proprietorship, the provision of personal data is voluntary but necessary to conclude an agreement with the Company. | |
| If you are the person representing the contractor, the provision of personal data is voluntary but necessary to ensure contact with the Company. | |
| The provision of personal data in the contact form is voluntary, but necessary to send a question and receive a response from the Company. | |