§ 1 GENERAL INFORMATION
2. All phrases and words capitalized (e.g., Website, User, etc.) shall be understood in accordance with the Terms of Service of the Website.
§ 2 PERSONAL DATA CONTROLLER
1. The Controller of your personal data is The Leader’s Sp. z o.o. with its registered office in Warsaw, at Fryderyka Chopina Street 5a, lok 5, , 00-559 Warsaw Poland, KRS: 0000942218 NIP: 7011065099, REGON: 52082118300000 (hereinafter: Controller).
2. For all data protection issues, we encourage you to contact us at the above address or via email address: email@example.com.
3. You can also send a request to the indicated address for access to information about what personal data we have about you and for what purposes we process it.
4. The Controller informs that it stores correspondence for statistical purposes and for the purpose of improving the support system in the scope of GDPR, as well as for the resolution of complaints and possible decisions on administrative interventions in the indicated cases based on the notifications. Addresses and data thus collected will not be used for communication for any purpose other than the execution of the notification, in particular, they will not be used for marketing purposes and transferred to third parties.
5. When contacting the Controller to perform a specific action, the Controller may again ask the person to provide data, including personal data, such as name, surname, home address, e-mail address, in order to confirm the person’s identity and enable the person to be contacted back on the matter and perform the requested action. Provision of such data is not mandatory, but may be necessary to perform an action or obtain information of interest to the person.
§ 3 DATA ACQUISITION AND PURPOSE OF DATA PROCESSING
1. We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, (hereinafter: GDPR) and other data protection laws currently in force at the time of processing certain data.
2. According to the wording of the legislation indicated, personal data is considered information about an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an Internet identifier or one or more specific factors that determine the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
3. We ensure that the data we obtain from you is confidential, secure and processed only when necessary. We process data in accordance with the law, in a fair and transparent manner for the data subject. We process only such data and only with such content that is necessary for a legitimate purpose, i.e. the reason for processing. Personal data is collected with due diligence and adequately protected against access by unauthorized persons. We use appropriate and adequate security measures and state of the art technology to protect personal data from accidental loss and unauthorized access, use, alteration, or disclosure. We store personal data in a manner that allows identification of the data subject for no longer than is necessary for the purposes for which the data are processed.
4. The Controller obtains information about personal data in the following ways:
a) By voluntary subscription to the Newsletter service;
b) by voluntarily entering information in an email, contact form or Chatbot;
c) by voluntarily entering data to order a phone call;
d) by voluntarily entering data to post an opinion ;
e) by sending a complaint, application, inquiry or letter of any other nature;
f) by voluntarily entering information in an e-mail sent in connection with the desire to establish cooperation;
g) through cookies, pixels or similar Internet technologies.
5. Please be informed that the purpose and scope of the data processed by the Controller is based on the User’s consent or the law, and in selected cases is further specified as a result of the actions taken by these persons on the Website or through other communication channels.
6. Provision of personal data by a Visitor or User of the Website is voluntary, but necessary in order to use certain functionalities of the Website (e.g. use of contact forms).
7. Each time, the scope of data required to conclude a relevant agreement is indicated in advance on the Website (we mark the data whose submission is necessary to conclude an agreement/use a specific functionality). The consequence of not providing personal data may be the inability to effectively use the functionality of the Website.
8. Your personal data is obtained by the Controller for the following purpose:
Purpose of processing
Legally legitimate purpose, if any
Article 6(1)(f) GDPR.
To have information about the statistics of our operations, which allows us to improve our business operations.
Conducting marketing of its own products and services without the use of electronic communications.
Article 6(1)(f) GDPR.
Conducting marketing activities to promote the business.
Conducting marketing of its own products and services using electronic communications.
Article 6(1)(f) of the GDPR, with these actions due to other applicable regulations, in particular the Telecommunications Law and the Law on Provision of Electronic Services, are conducted only on the basis of consents held (Article 6(1)(a) of the GDPR).
Conduct marketing activities to promote the business using email addresses….
Handling requests directed using the contact form, emails, complaints, other requests.
Article 6(1)(a) of the GDPR; Article 6(1)(c) GDPR.
Responding to requests and inquiries made using the contact form or in any other form, including storing sensitive requests and answers provided to maintain accountability. Handling requests, responding to consumer complaints. Investigation of claims, including from third parties, defense by them.
To conclude and perform Service Agreements (Newsletter) or to take action at the request of a future User prior to its conclusion.
Article 6(1)(b) GDPR.
Conclusion and execution of the Service Agreement or taking action at the request of a future User prior to its conclusion.
Article 6(1)(c) GDPR.
Fulfillment of legal obligations under regulations, such as tax and accounting.
Posting an opinion on the Website.
Article 6(1)(a) of the GDPR.
Product Satisfaction Survey.
9. Newsletter. If you wish to subscribe to our newsletter, it is mandatory to provide us with your e-mail address or phone number and check the appropriate checkbox. Providing data is voluntary, but necessary to use the newsletter service.
The data provided to us when signing up for the newsletter is used to send you a newsletter in which we inform you about company activities, promotions and discounts. The legal basis for processing in this situation is your voluntary consent given when signing up for the newsletter.
Your data is processed in this case for the purpose of sending the newsletter periodically, and the basis for processing is Article 6(1)(a) of the GDPR, i.e. your consent resulting from your desire to receive the service.
The data will be processed for the duration of the newsletter, unless you opt out earlier, which will permanently delete your data from the database. In addition, you can correct your data stored in the newsletter database at any time, as well as request its deletion by opting out of receiving the newsletter. You also have the right to data portability, contained in Article 20 of the GDPR.
The newsletter database is properly secured by the Controller. The newsletter as a database is handled through an external entity. The e-mails sent include links to hidden images (the so-called tracking pixel). In addition to its primary function of counting email opens, it is also optionally used to identify the User and conduct marketing activities.
10. Email contact. When you contact us by e-mail, you provide us with your e-mail address as the sender of the message. In addition, you may also include other personal information in the body of the message. Providing data is voluntary, but necessary to contact us.
Your data is processed in this case for the purpose of contacting you, and the basis for processing is Article 6(1)(a) of the GDPR, i.e. your consent resulting from your desire to contact us. The legal basis for post-contact processing is the legitimate purpose of archiving correspondence for internal purposes (Article 6(1)(c) GDPR).
The content of the correspondence may be subject to archiving and we are not able to clearly determine when it will be deleted however, it will be a period of no more than 5 years. You have the right to request the history of the correspondence you have had with us (if it was subject to archiving), as well as to request its deletion, unless its archiving is justified due to our overriding interests.
11. Reviews. Want to add your opinion about our services, you need to fill out the form.
Your data in this case is processed in order to enable you to post Opinions, and the basis for processing is Article 6(1)(a) of the GDPR, i.e. your consent resulting from your desire to post on our website.
The data will be processed for the duration of the opinion’s operation on the website, unless you request the deletion of the opinion beforehand, which will remove your data related to the opinion from the database.
You can correct your data in the feedback at any time, as well as request their deletion. You also have the right to data portability, contained in Article 20 of the GDPR.
§ 4 CATEGORIES OF PERSONAL DATA
1. The controller may process the following categories of personal data:
a) personal data provided for the use of the newsletter, provided when using the contact form, posting opinions and sent via e-mail; or provided when filing complaints, complaints or requests, in particular: name and surname; e-mail address; contact telephone number; address [street, house number, apartment number, postal code, city, country], bank account number;
b) other data, in particular, obtained based on the User’s activity on the Internet, including those obtained through the Website or other channels of communication with the User, using cookies and similar technologies.
§ 5 RECIPIENTS OF PERSONAL DATA
1. Your personal data may be processed by our partners and subcontractors, i.e. entities we use to process data and provide services to you. To the best of our knowledge, all entities to whom we entrust the processing of personal data guarantee the application of appropriate measures for the protection and security of personal data required by law.
2. Your personal data may be transferred by the Controller:
a) to state authorities or other entities authorized under the law, in order to perform the obligations incumbent on us;
b) To a limited extent, the Controller’s partners may be involved in the processing of personal data, in particular those who technically help to run the Website efficiently (e.g., support us in sending e-mails and, in the case of advertising activities, also in marketing campaigns), providers of hosting or ICT services, companies that maintain software, support the Controller in marketing campaigns, as well as providers of legal and consulting services and external accounting;
c) In addition, we may share fully anonymized data (data that cannot identify you) with entities with whom we work.
§ 6 ARCHIVING OF PERSONAL DATA
2. We retain the data for the periods indicated below:
Data for marketing purposes.
In the case of data processing based on consent – until it is withdrawn. In the case of data processing on the basis of a legitimate purpose – until you object.
Data provided using the contact form, e-mail.
For a period of 3 years to maintain accountability.
In the case of data processing on the basis of consent – until it is withdrawn. In the case of data processing on the basis of a legitimate purpose – until you object.
Personal data related to cookies and similar functions.
Until the deletion of these files using the settings of the website / browser / device (while deletion of files is not always the same as deletion of Personal Data obtained through these files – in which case Personal Data will be deleted until you object).
Data provided in the course of complaint and other procedures related to the User’s claims.
The remaining category of data (with the exception of data from cookies, about which more in our Cookies Policy).
3. In any case, personal data will also be stored if legal regulations (e.g. accounting or tax regulations) oblige the Controller to process them; we will keep your personal data longer in case you have any claims against the Controller, in order for the Controller to assert claims, or in order to assert or defend against third-party claims, for the period of limitation prescribed by law, in particular the Civil Code.
4. Thus, depending on the scope of personal data and the purposes for which they are processed, they may be kept for different periods. In each case, the longer term of storage of personal data is decisive.
§ 7 ENTITLEMENTS, ACCESSING AND UPDATING PERSONAL DATA, COMPLAINTS
Pursuant to Article 15 of the GDPR, you have the right to obtain information from the Data Controller as to whether your personal data is being processed.
If the Controller processes your personal data, then you have the right to:
a) access to personal data;
b) obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the intended period of storage of your data or the criteria for determining that period, your rights under the GDPR and your right to lodge a complaint with a supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union;
c) obtain a copy of your personal data.
In addition, you may request that your personal data be corrected (Article 16 of the GDPR), have your personal data deleted (Article 17 of the GDPR), object to the processing of your personal data (Article 21 of the GDPR), and, where technically feasible, request that the personal data provided be transferred to another organization (Article 20 of the GDPR).
In connection with the right to be forgotten, the Controller will update or delete your data, unless it has a legal obligation to retain it for business purposes or to comply with the law. In some cases, you have the right to request the restriction of the processing of your personal data (Article 18 of the DPA). You may also contact the Controller if you have concerns about the collection, storage or use of your personal data.
The Controller shall endeavor to promptly consider all requests regarding the aforementioned operations on your personal data, but no later than within 30 days of receiving the request. Due to the complex nature of the request, the Controller has the right to consider your requests in excess of 30 days, of which it will inform you in advance.
The controller strives for a definitive resolution of complaints, but if you are still dissatisfied with the response you receive, you may file a complaint with the supervisory authority dealing with personal data protection of your local data protection authority. In Poland, the supervisory authority under the GDPR is the President of the Office for Personal Data Protection.
§ 8 PROCESSING OF PERSONAL DATA BY AUTOMATED MEANS,
4. Selected cookies process your personal data. The processing of personal data from cookies or similar technologies on our Website is carried out for the purposes of ensuring the functioning of the Website, customizing the Website to the preferences of Visitors and Users, or analytical purposes. The processing is carried out on the basis of our legitimate interest. The legal basis for the processing of personal data for advertising purposes will be your additional consent, expressed by making a selection and checking the checkbox during the cookie consent process.
5. When a Visitor uses the Website, cookies are used to identify the Visitor’s browser or device – cookies collect various types of information that, in principle, do not constitute personal data. However, some information, depending on its content and use, may be associated with a specific person – attributing certain behaviors to a specific Visitor or User, such as by linking them to a specific e-mail address – and thus be considered personal data.
2. The Controller declares that he has the right to make changes to this document for important reasons, among others:
a) changes in applicable regulations, in particular in the field of GDPR, telecommunications law, electronically provided services and regulating consumer rights, affecting the rights and obligations of the Controller or the rights and obligations of the data subject;