§ 1 DEFINITIONS
1. Administrator - F.H.POLEX based in Kraków, os. Górali 24/3, 31-961 Kraków, NIP: PL6790002840 and e-mail address: firstname.lastname@example.org.
2. Personal data - all information about a natural person that can be identified by selected physical, physiological, mental, cultural factors, IP address of a given device, cookies.
3. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC.
4. Website - run at the website address: www.pfg.com.pl
5. User - any person visiting the www.pfg.com.pl website
1. The administrator of personal data collected via the website www.pfg.com.pl is F.H.POLEX with its registered office in Krakow, os. Górali 24/3, 31-961 Kraków, NIP: PL6790002840 and e-mail address: email@example.com.
2. The personal data of the Service Recipient and the Customer are processed in accordance with the legal requirements regarding the principles of data processing and security, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to processing personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (hereinafter referred to as the GDPR), the Act of May 10, 2018, on the protection of personal data and the Act on the provision of electronic services of July 18, 2002. (Journal of Laws of 2002, No. 144, item 1204, as amended).
3. The administrator of personal data informs that the data collected by him are processed in accordance with the law. They are used to identify people and are designed to carry out a given process.
§ 3 LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
1.Specified purposes of collecting and grounds for processing personal data:
- in order to provide electronic services in the scope of making the content collected on the Website available to Users - then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
- for the marketing purposes of the Administrator and other entities:
- displaying marketing content to the User that is not tailored to his preferences (contextual advertising);
- displaying to the User marketing content corresponding to his interests (behavioral advertising), including profiling;
- directing e-mail notifications with selected content, newsletter, via MMS / SMS or by phone (direct marketing);
- for the purposes of maintaining a profile on social networks, including informing Users about the Administrator's activity and promoting various events, services and products.
§ 4 COOKIES
1. Cookies are small text files installed on the device of the User browsing the Website. They collect information that facilitates the use of the website - e.g. by remembering the User's visits to the Website. More information about cookies can be found at http://pl.wikipedia.org/wiki/Ciasteczko.
2. The administrator uses the so-called cookies for the following purposes:
- generating anonymous statistics and reports on the Website;
- obtaining data from completed forms;
- information on products selected and ordered by the User;
- marketing, incl. in connection with the targeting of behavioral advertising to Users, the use requires the consent of the User, this consent may be withdrawn at any time.
§ 5 DATA RECIPIENTS
1. In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT, financial and logistics marketing systems, including banks, payment operators, couriers and entities related to the Administrator.
2. The Administrator may process personal data of Customers using the Online Store, such as: name and surname; e-mail adress; Phone number; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / seat (if different from the delivery address). In the case of Service Users or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service User or Customer.
3. In the case of payment transactions carried out by Users - in the electronic form or with a payment card, the Administrator provides the collected personal data of the Customer to the selected entity servicing payments in the Online Store.
4. In the case of delivery by post or courier, the Administrator provides the collected personal data of the Customer to the selected carrier or intermediary performing the shipment at the request of the Administrator.
5. Providing personal data may be necessary for the conclusion and implementation of the Sales Agreement or the contract for the provision of Electronic Services in the Online Store. Each time, the scope of data required to conclude a contract is previously indicated on the website of the Online Store and in the Regulations of the Online Store.
6. The Administrator reserves the right to disclose selected information about the User to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
§ 6 TRANSFER OF DATA OUTSIDE EEA
1. The level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when it is necessary and with an adequate level of protection, primarily through:
- cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued;
- the use of standard contractual clauses issued by the European Commission;
- application of binding corporate rules approved by the competent supervisory authority;
- in the case of data transfer to the USA - cooperation with entities participating in the Privacy Shield program approved by the decision of the European Commission.
2. The administrator always informs about the intention to transfer personal data outside the EEA at the stage of their collection.
§ 7 PERIOD OF PROCESSING OF PERSONAL DATA
1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. The period of data processing may also result from regulations, when they constitute the basis for processing. In the case of data processing on the basis of the Administrator's legitimate interest - e.g. for security reasons - the data is processed for a period enabling the implementation of this interest or until an effective objection to data processing is raised. If the processing is based on consent, the data is processed until its withdrawal. When the basis for processing is necessary to conclude and perform the contract, the data is processed until its termination.
2. The data processing period may be extended if the processing is necessary to establish or pursue claims or defend against claims, and after this period - only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
§ 8 USER RIGHTS
1. The data subjects have the following rights: rectification, deletion, processing restrictions, the right to data transfer and the right to object to data processing, as well as the right to lodge a complaint with the supervisory body dealing with the protection of personal data.
2. Consent to the processing of the data it covers may be withdrawn at any time by contacting the Administrator.
3.The User has the right to object to the processing of data for marketing purposes, if the processing takes place in connection with the legitimate interest of the Administrator, and - for reasons related to the specific situation of the User - in other cases where the legal basis for data processing is the legitimate interest of the Administrator ( e.g. in connection with the implementation of analytical and statistical purposes).
§ 9 SECURITY OF PERSONAL DATA
1. The administrator conducts an ongoing risk analysis and monitors the adequacy of the data security applied to the identified threats. If necessary, the Administrator implements additional measures to increase data security.
2. In order to ensure the integrity and confidentiality of data, the Administrator has implemented procedures enabling access to personal data only to authorized persons and only to the extent that it is necessary due to the tasks performed by them. The administrator uses organizational and technical solutions to ensure that all operations on personal data are registered and performed only by authorized persons.
3. The administrator also takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process personal data on behalf of the Administrator.
§ 10 CONTACT DETAILS
1. Contact with the Administrator is possible via the e-mail address firstname.lastname@example.org or to the correspondence address of PFG, Szczygla 29, 30716 Kraków.
§ 11 FINAL PROVISIONS
1. The policy is verified on an ongoing basis and updated if necessary. The current version of the Policy has been adopted and is effective from May 24, 2018.