# 1: Who is the controller of your personal data?The administrator of your personal data is ASMA Polska Sp. z o.o., Wola Ducka ul. Mostów 10, 05-408 Glinianka k.Warszawy e-mail: email@example.com.
# 2: Who can you contact about the processing of your personal data?As part of the implementation of data protection in our organisation, we have decided not to appoint a Data Protection Officer due to the fact that it is not mandatory in our situation. You can contact us on matters relating to data protection and privacy more broadly at firstname.lastname@example.org.
# 3: What information do we have on you?Depending on the purpose, we may process the following information about you:
- e-mail address
- data contained in e-mail correspondence
- information visible on social media profiles
- VAT number
- phone number
- IP address
- approximate location
- statistics relating to newsletters received
- content of comments/opinions added on the site
- information about your device, operating system and browser
- IP address subject to truncation and anonymisation
- date of site visit
- subpages viewed
- time spent on the site
- transitions between sub-pages
- mouse clicks or screen taps
- clicks on individual links
- the source from which you go to the page
- your age bracket
- Your gender
- Your approximate location limited to
- Your interests determined by your online activities
# 4: Where do we get your personal data from?In most cases, you give them to us yourself. This happens when:
- you sign up to the newsletter
- add your comment or opinion on the product
- you contact us by e-mail
- you follow our social media profiles or interact with content we publish on social media
- the website mechanism collects your IP address
- the mechanism of the newsletter system collects your IP address and information about your activity in relation to the content sent to you within the newsletter, such as opening messages, clicking on links, etc.
# 5: Is your data safe?We care about the security of your personal data. We analyse the risks involved in the various processes of processing your data and then implement appropriate security and personal data protection measures. We monitor the state of the technical infrastructure on an ongoing basis, train our staff, look at the procedures in place and make the necessary improvements. If you have any questions about your personal data, we are at your disposal at email@example.com.
# 8: Who are the recipients of your personal data?We would venture to say that modern business cannot do without services provided by third parties. We also make use of such services. Some of these services involve the processing of your personal data. Third-party service providers that are involved in the processing of your personal data are:
- the hosting provider, which stores the data on the server
- cloud software provider where data processing takes place
- the accountancy office that processes your invoice data
- a maintenance service provider who gains access to the data if the technical work carried out concerns areas where personal data are located
- other subcontractors who gain access to the data if the scope of their activities requires such access
# 9: Do we transfer your data to third countries or international organisations?No, we do not transfer your data to third countries or international organisations.
# 10: Do we use profiling? Do we make an automated decision based on your personal data?We do not make decisions towards you based solely on automated processing, including profiling, which would produce legal effects towards you or similarly significantly affect you. Yes, we do use tools that may take certain actions depending on the information collected through tracking mechanisms, but we consider that these actions do not materially affect you as they do not differentiate your situation as a customer, do not affect the terms of the contract you may enter into with us, etc. Using certain tools, we may, for example, target you with personalised advertising based on previous actions you have taken on the website or suggest products that may be of interest to you. This is known as behavioural advertising. We encourage you to learn more about behavioural advertising, particularly with regard to privacy issues. You will find detailed information, including the possibility of managing your settings with regard to behavioural advertising, here here. We emphasise that within the tools I use I only have access to Anonymous Information. This information is stored on the servers of the providers of the individual tools, and these servers can most often be located around the world.
# 11: What rights do you have in relation to the processing of your personal data?The RODO grants you the following potential rights in relation to the processing of your personal data:
- The right to access and receive a copy of your data,
- The right to rectification (amendment) of your data,
- The right to erasure (if, in your opinion, there are no grounds for us to process your data, you can request that we erase it),
- The right to restrict processing (you can request that we restrict processing to only storing your data or carrying out activities agreed with you if, in your opinion, we have inaccurate data or are processing it unduly),
- The right to object to processing (you have the right to object to processing on the basis of a legitimate interest; you should indicate the particular situation which you think justifies us stopping the processing covered by the objection; we will stop processing your data for these purposes unless we can demonstrate that the grounds for our processing override your rights or that your data is necessary for us to establish, assert or defend our claims),
- The right to data portability (you have the right to receive from us in a structured, commonly used machine-readable format the personal data you have provided to us on the basis of a contract or your consent; you can have this data sent directly to another entity),
- The right to withdraw your consent to the processing of your personal data if you have previously given such consent,
- the right to lodge a complaint with a supervisory authority (if you find that we are processing your data unlawfully, you may lodge a complaint to the President of the Office for Personal Data Protection or any other competent supervisory authority).
# 15: For what purposes do we use our own cookies?Proprietary cookies are used to ensure the correct functioning of the various mechanisms of the website, such as the correct transmission of the forms visible on the website. Own cookies also store information about your consent to cookies.
- the cookie settings of your internet browser
- browser plug-ins supporting cookie management, e.g. Ghostery
- additional cookie management software,
- incognito mode in the web browser
- behavioural advertising settings, e.g. youronlinechoices.com
# 20: What are server logs?The use of the website involves sending requests to the server where the website is stored. Each request made to the server is recorded in the server logs. The logs include, among other things, your IP address, the date and time of the server, information about your browser and the operating system you are using. The logs are saved and stored on the server. The data stored in the server logs are not associated with specific users of the website and are not used by us to identify you. The server logs are only ancillary material for the administration of the site, and their contents are not disclosed to anyone other than those authorised to administer the server.
Annex 1 - Purposes of personal data processing
|Purpose of processing||Legal basis
|Source of acquisition
|Handling the newsletter||Art. 6(1)(f) RODO - legitimate interest pursued by the controller to send messages after receiving prior consent to receive the newsletter.||Identification data. Contact details. Statistical information related to the messages sent.||Until the expiry of the statute of limitations for claims relating to the sending of the newsletter or the statute of limitations for our data protection liability.||Newsletter sign-up form.|
|Handling comments/feedback||Art. 6(1)(f) RODO - legitimate interest pursued by the controller to publish the comment / opinion after the user has submitted it.||Identification data. Contact details. Details of comment/feedback.||Until the comment / opinion is removed.||Form to add comments/feedback.|
|Correspondence handling||Article 6(1)(f) RODO - legitimate interest pursued by the controller to exchange correspondence with the user and its possible archiving.||Identification data. Contact details. Correspondence details.||Not clearly identifiable. Some correspondence may be subject to ongoing deletion and some may be archived if we consider that there is a need to retain it, in particular to ensure future traceability.||Contact form. Incoming message.|
|Social media handling||Article 6(1)(f) RODO - legitimate interest pursued by the controller to operate social media profiles.||Data visible to the public in the user's social media profile. Details of user interactions within social media profiles.||Until the user deletes the data from the social network.||Social media profiles. Content published by the user on social media.|
Annex 2 - List of external tools
|Tool||Supplier||Purpose of use||Explanations from the supplier||Supplier settings|
|Google Analytics||Google LLC||Analysis and statistics related to website visitor behaviour.||See||See|
|reCaptcha||Google LLC||Assessing whether a website visitor is a real human or a bot.||See||See|
|Google Ads||Google LLC||Measurement and targeting of advertising.||See||See|
|Meta Pixel||Meta Platforms, Inc.||Measurement and targeting of advertising.||See||See|
|MailerLite||MailerLite Limited||Embedding newsletter sign-up forms and measuring the effectiveness of these forms.||See||No|