Note: This is a translation of the original Privacy Policy in Polish. In case of any discrepancies between the English version and the Polish version, the Polish version shall prevail. The original version of the Privacy Policy is available here.
§ 1
GENERAL PROVISIONS
- Subject to point 3 of this paragraph, the controller of personal data collected via the Website and Application is RetJet SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, registered in the Register of Entrepreneurs by the DISTRICT COURT IN BIELSKO-BIAŁA, 8TH COMMERCIAL DIVISION OF THE NATIONAL COURT REGISTER, KRS number: 0001129805, headquarters and correspondence address: ul. 1 Maja 22, 43-340 Bielsko-Biała, NIP: 5472248276, REGON: 529760483, email: [email protected], hereinafter referred to as the “Controller” and also acting as the Service Provider.
- Personal data collected by the Controller through the Service’s website and entrusted by Users are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and the Consumer Rights Act of May 30, 2014.
- The controllers of data entered into the Application, collected and processed in connection with its use, are the Service Users.
- Any words or expressions written in this Privacy Policy with a capital letter should be understood in accordance with their definition contained in the Terms of Service.
§ 2
PURPOSE AND SCOPE OF DATA COLLECTION
- PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data of the Service Users in the following cases:
- Using the Contact Form to send a message to the Controller, based on Article 6(1)(f) GDPR (legitimate interest of the entrepreneur),
- Registering an Account in the Service to create an individual account and manage it, based on Article 6(1)(b) GDPR (performance of a contract for the provision of electronic services in accordance with the Terms of Service),
- Placing an Order to execute the Agreement for the provision of the Digital Service based on Article 6(1)(b) GDPR (performance of a contract),
- Signing up for the Newsletter to receive commercial information by electronic means. Personal data is processed upon separate consent, based on Article 6(1)(a) GDPR,
- Using the License by the Service User and providing all other services related to the Application to the Service User, in order to execute the Agreement for the provision of the Digital Service based on Article 6(1)(b) GDPR (performance of a contract).
- TYPES OF PERSONAL DATA PROCESSED. The Service User provides, in the case of:
- Contact Form: name and surname, email address, phone number,
- Account: name and surname, address, NIP (Tax Identification Number), email address, phone number,
- Order: name and surname, address, NIP, email address, phone number,
- Newsletter: name and surname, email address,
- License: name and surname, NIP, email address.
- RETENTION PERIOD FOR PERSONAL DATA. Personal data of the Service Users is stored by the Controller:
- When the basis for processing is the performance of a contract, for as long as it is necessary to perform the contract, and thereafter for a period corresponding to the statute of limitations for claims. Unless otherwise provided by a specific provision, the statute of limitations is six years, and for claims for periodic benefits and claims related to business activity – three years.
- When the basis for processing is consent, until the consent is revoked, and after revocation of consent, for a period corresponding to the statute of limitations for claims that may be raised by the Controller or against the Controller. Unless otherwise provided by a specific provision, the statute of limitations is six years, and for claims for periodic benefits and claims related to business activity – three years.
- During the use of the Service, additional information may be collected, in particular: the IP address assigned to the Service User’s computer or the external IP address of the Internet provider, domain name, type of browser, access time, type of operating system.
- Upon separate consent, based on Article 6(1)(a) GDPR, data may also be processed for the purpose of sending commercial information electronically or making telephone calls for direct marketing purposes – in connection with Article 10(2) of the Act of July 18, 2002, on the provision of electronic services or Article 172(1) of the Act of July 16, 2004 – Telecommunications Law, including those directed as a result of profiling, provided that the Service User has given appropriate consent.
- Navigation data may also be collected from Service Users, including information about links and references clicked on or other actions taken within the Service. The legal basis for such actions is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in facilitating the use of electronic services and improving the functionality of these services.
- Providing personal data by the Service User is voluntary.
- The Controller takes particular care to protect the interests of persons whose data is being processed and ensures that the data collected by them is:
- Processed lawfully,
- Collected for specified, legitimate purposes and not subjected to further processing inconsistent with those purposes,
- Factually correct and adequate in relation to the purposes for which it is processed and stored in a form that allows identification of the individuals concerned, no longer than is necessary to achieve the purpose of the processing.
§ 3
RECIPIENTS OF PERSONAL DATA
- The personal data of the Service Users is transferred to service providers used by the Controller in the operation of the Website and Application.
- The service providers referred to in point 1 of this paragraph, to whom personal data is transferred, depending on the contractual arrangements and circumstances, either follow the Controller’s instructions regarding the purposes and methods of processing such data (processors) or determine the purposes and methods of their processing independently (controllers).
- The personal data of Service Users is stored solely within the European Economic Area (EEA), subject to § 5 points 5 and 6 of this Privacy Policy.
§ 4
RIGHT TO CONTROL, ACCESS, AND CORRECT PERSONAL DATA
- A data subject has the right to access their personal data, as well as the right to rectify, delete, restrict processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Legal grounds for the Service User’s request:
- Access to data – Article 15 GDPR,
- Rectification of data – Article 16 GDPR,
- Deletion of data (the so-called “right to be forgotten”) – Article 17 GDPR,
- Restriction of processing – Article 18 GDPR,
- Data portability – Article 20 GDPR,
- Objection – Article 21 GDPR,
- Withdrawal of consent – Article 7(3) GDPR.
- To exercise the rights mentioned in point 1, an appropriate email may be sent to: [email protected].
- When the Service User exercises their rights under the above provisions, the Controller shall fulfill the request or refuse to fulfill it immediately, but no later than within one month of receipt. However, if—due to the complexity of the request or the number of requests—the Controller cannot fulfill the request within a month, the Controller shall fulfill it within the next two months, informing the Service User in advance, within one month of receiving the request, about the intended extension of the deadline and the reasons for it.
- If it is found that the processing of personal data violates the provisions of GDPR, the data subject has the right to file a complaint with the President of the Personal Data Protection Office.
§ 5
COOKIES
- The Controller’s website uses “cookies.”
- The installation of “cookies” is necessary for the proper provision of services on the Service’s website. The “cookies” contain information necessary for the proper functioning of the website, and they also allow the creation of general statistics of website visits.
- The website uses two types of “cookies”: “session” and “permanent”:
- “Session” cookies are temporary files stored on the Service User’s end device until logging out (leaving the website),
- “Permanent” cookies are stored on the Service User’s end device for the time specified in the parameters of “cookies” or until deleted by the Service User.
- The Controller uses its own cookies to better understand how the Service Users interact with the content of the website. These cookies collect information on how the Service User uses the website, the type of page from which the Service User was redirected, the number of visits, and the time of the Service User’s visit to the website. This information does not record specific personal data of the Service User but is used to compile statistics on the use of the website.
- The Controller uses external cookies to collect general and anonymous statistical data via analytical tools such as Google Analytics (external cookies administrator: Google LLC based in the USA).
- Cookies may also be used by advertising networks, particularly Google’s network, to display advertisements tailored to how the Service User uses the Service. For this purpose, they may retain information about the user’s navigation path or time spent on a given page.
- The Service User has the right to decide on the access of “cookies” to their computer by adjusting their browser settings. Detailed information on the possibility and methods of handling cookies is also available in the software settings (web browser).
§ 6
ADDITIONAL SERVICES RELATED TO USER ACTIVITY ON THE WEBSITE
- The Website uses so-called social plugins (“plugins”) of social networking sites. By displaying the www.retjet.com page containing such a plugin, the Service User’s browser establishes a direct connection with the servers of Facebook, Twitter (X), Skype, and Instagram.
- The content of the plugin is transmitted by the given service provider directly to the Service User’s browser and integrated into the website. Through this integration, service providers receive information that the Service User’s browser has displayed the www.retjet.com page, even if the Service User does not have a profile with the given service provider or is not currently logged in there. Such information (including the Service User’s IP address) is transmitted by the browser directly to the server of the given service provider (some servers are located in the USA) and stored there.
- If the Service User is logged in to one of the above social networking sites, that service provider can directly assign the visit to www.retjet.com to the Service User’s profile on that social network.
- If the Service User uses a given plugin, e.g., by clicking the “Like” button or the “Share” button, the relevant information is also sent directly to the server of the given service provider and stored there.
- The purpose and scope of data collection, further processing, and use by the service providers, as well as contact options, the Service User’s rights in this regard, and the settings options for protecting the privacy of the Service User are described in the privacy policies of the service providers:
- https://www.facebook.com/policy.php
- https://policies.google.com/privacy?hl=en
- https://help.instagram.com/155833707900388
- https://support.skype.com/en/skype/all/privacy-security/privacy-settings/
- If the Service User does not want social networking sites to assign data collected during visits to www.retjet.com directly to their profile on the given service, they must log out of that service before visiting www.retjet.com. The Service User can also completely prevent plugins from loading on the website by using appropriate extensions for their browser, e.g., script blocking using “NoScript.”
- The Controller uses remarketing tools such as Google Ads on its website, which involves the use of Google LLC cookies related to the Google Ads service. Through the cookie management settings mechanism, the Service User has the ability to decide whether the Service Provider may use Google Ads (external cookie administrator: Google LLC, based in the USA) in relation to them.
§ 7
FINAL PROVISIONS
- The Controller applies technical and organizational measures to ensure the protection of processed personal data appropriate to the risks and category of data protected, and in particular, protects data against unauthorized access, collection by unauthorized persons, processing in violation of applicable laws, and alteration, loss, damage, or destruction.
- The Controller applies appropriate technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.
- Matters not regulated by this Privacy Policy shall be governed by the provisions of GDPR and other applicable provisions of Polish law.