Privacy Policy for Platinium Promotion s.c. Customers
Personal Data Controller
We would like to inform you that your Personal Data Controller is Platinium Promotion s.c. M. Jurkiewicz, P. Hoffmann with its registered office in Poznań (61-615) at ul. Swarożyca 14 A, NIP No.: PL9721205984, REGON No.: 301249330, hereinafter the “Controller”.
If you have any questions concerning personal data protection, please contact us via email: biuro@arpp.pl , or telephone: +48 515 999 335.
Purposes of personal data processing
In order to provide services in accordance with our business profile, we (the Controller) process your personal data for various purposes, always in line with the provisions of law. Below you can find the purposes of data processing listed with the underlying legal bases.
Your personal data are processed for the following purposes:
- Pricing and provision of services – the legal basis for the processing is Article 6.1.b GDPR which allows personal data processing when they are necessary for the execution or conclusion of an agreement; if you decide to provide your name, we will assume that you have given us your consent to process your name as well – then, the legal basis is Article 6.1.a GDPR which allows personal data processing upon the data subject’s free consent;
- Considering complaints – the legal basis for the processing is Article 6.1.b GDPR which allows personal data processing when they are necessary for the execution or conclusion of an agreement; if you decide to provide your name, we will assume that you have given us your consent to process your name as well – then, the legal basis is Article 6.1.a GDPR which allows personal data processing upon the data subject’s free consent;
- Sending commercial offers via email to inform your about offers, promotions and new products – the legal basis for the processing is Article 6.1.a GDPR which allows personal data processing upon the data subject’s free consent;
- Sending commercial offers to inform you about the offers, promotions and new products – the legal basis for the processing is Article 6.1.a GDPR which allows personal data processing upon the data subject’s free consent;
- Contact via telephone to discuss service related matters – the legal basis for the processing is Article 6.1.a GDPR which allows personal data processing upon the data subject’s free consent;
- Invoicing and fulfilling other obligations resulting from tax laws, e.g. storing accounting records for 5 years – the legal basis for the processing is Article 6.1.c GDPR which allows the processing of personal data when the processing is necessary for the Controller to fulfil its legal obligations;
- Creating GDPR related registers and records, including, for example, a register of customers who objected to processing in accordance with GDPR – the legal basis for the processing is, firstly, Article 6.1.c GDPR which allows to process personal data if the processing is necessary for the Controller to fulfil its legal obligations; secondly, Article 6.1.f GDPR which allows the processing of personal data if the processing is necessary for the purposes of the legitimate interests pursued by the Controller (in this case the legitimate interest is gathering knowledge about persons who exercise their rights resulting from GDPR);
- Establishment and pursuit of or defence against claims – the basis for the processing of personal data is Article 6.1.f GDPR which allows the processing of personal data if the processing is necessary for the purposes of the legitimate interests pursued by the Controller (in this case the legitimate interest is storing personal data which may be significant in the establishment and pursuit of or defence against claims, including claims regarding customers and third persons);
- Archiving and storing evidence – to protect information which may be potentially useful when proving facts of legal significance. The basis for the processing of personal data is Article 6.1.f GDPR which allows the processing of personal data if the processing is necessary for the purposes of the legitimate interests pursued by the Controller (in this case the legitimate interest is storing personal data which may prove certain facts connected to the provision of services, e.g. when requested by an authority);
- Using cookies on the website – the Company processes such data (cookies are discussed in a separate section). The legal basis for the processing is Article 6.1.a GDPR which allows the processing of personal data upon the data subject’s free consent (a request to consent to the use of cookies will pop up when you visit the website for the first time);
- Administering the website – personal data are saved automatically in the server logs each time you use the Company’s website. It is impossible to administrate a website without the use of a server and automatic saving. The basis for the processing of personal data is Article 6.1.f GDPR which allows the processing of personal data if the processing is necessary for the purposes of the legitimate interests pursued by the Controller (in this case the legitimate interest is the administration of the website).
Consent withdrawal
- If the processing of personal data is based on consent, you may withdraw your consent at any time.
- If you want to withdraw your consent to data processing:
- send an email directly to the Controller: biuro@arpp.pl.
- When the processing of your personal data is based on your consent, the fact that you have withdrawn it does not imply that up to that point the processing was illegal. In other words, we have the right to process your personal data until you withdraw your consent and your withdrawal does not affect the lawfulness of the processing based on your consent before withdrawal.
Required provision of personal data
The provision of any personal data is your free choice. However, please note that in some cases we will need your personal data to fulfil your expectations towards our services.
Automated decision-making and profiling
Your personal data will not be subject to automated decision-making, including profiling. The content of a query is not evaluated automatically by any IT system.
Personal data recipients
- Similarly to the majority of other companies, our Company is supported by other entities, which often necessitates the sharing of personal data. For the above reason, when required to do so, we transfer your personal data to IT service suppliers, legal firms, companies handling prompt payment services, accountancy firms, hosting companies or insurance companies who work with us and the processing is always based on an agreement concluded with data controllers and exclusively according to the controllers’ instruction.
- At times we are obliged by a provision of law or a decision of a competent authority to make data available to another state or private entity. This is why it is extremely difficult to predict who might request your personal data. Still, we assure you that we analyse all requests for personal data carefully and thoroughly to prevent transferring the data to an unauthorised person.
Transfer to third countries
- Similarly to the majority of other companies, our Company uses popular services and technologies offered by such entities as: Google, Google AdWords, and GoogleAnalytics. These companies are registered outside the EU and, therefore, are treated as third countries in light of GDPR.
- GDPR imposes certain limitations on the transfer of personal data to third countries, since, as the European regulations are not in force there, the protection of personal data of EU citizens may be insufficient. For this reason, all data controllers are obliged to provide the legal basis for such transfers.
- We assure you that in our use of the above mentioned services and technologies we transfer personal data only to US-based entities who have joined Privacy Shield on the basis of the Commission Implementing the Decision of 12 July 2016 – more information on this subject may be found on the European Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_pl. Entities which have joined Privacy Shield guarantee that they will comply with all high standards regarding personal data protection implemented in the EU and therefore the use of the technologies they offer is lawful in terms of personal data protection.
- If you feel unsure about this matter, please feel free to contact us and ask for additional information about personal data transfers.
- You are entitled to receive a copy of your personal data transferred to a third party.
Period of data processing
- In accordance with the applicable laws, we do not process your personal data infinitely but only for the time necessary to achieve a certain objective. After this time, your personal data are permanently erased or destroyed.
- In cases where we do not need to perform operations other than the storage of your personal data (e.g. when storing an order for the purpose of defence against claims), the data are additionally protected by pseudonymisation until they are permanently erased or destroyed. Pseudonymisation consists in encrypting personal data or a filing system to prevent access without an additional key and in this way ensure that such data are useless to an unauthorised person.
- With regard to particular periods of personal data processing, your personal data will be processed:
- for the term of an agreement – in the case of personal data processed for the conclusion and execution of an agreement;
- 3for 3 years or 10 years + 1 year – in the case of personal data processed for the establishment and pursuit of or defence against claims (the length of the period depends on whether the parties are entrepreneurs or not);
- for 12 months – in the case of personal data collected for the purposes of service pricing not followed immediately by the conclusion of an agreement;
- for 5 years – in the case of personal data necessary for the fulfilment of duties arising from tax laws;
- until the withdrawal of a consent or achievement of an object of processing, not longer than for 5 years – in the case of personal data processed on the basis of consent;
- until an effective objection is made or until the achievement of an object of processing, not longer than for 5 years – in the case of personal data processed on the basis of a legitimate interest of the Controller or for marketing purposes;
- until the validity or usefulness of the data expires, not longer than for 3 years – in the case of personal data processed mainly for analytic purposes, the use of cookies and website administration.
- To facilitate the process of erasing or destroying personal data, we assume that a given period starts at the end of the year in which the data processing began. Assuming a different time frame for each concluded agreement would entail significant organisational and technical difficulties and considerable financial expense, which is why setting one date for erasing or destroying personal data helps us manage the process more efficiently. Certainly, if you wish to exercise your right to be forgotten, your case will be considered individually.
- An additional year for the processing of personal data collected for the execution of an agreement is due to the fact that, in theory, a claim may be filed shortly before the final date of the limitation period, a request may be delivered with a delay or the final date of the limitation period may be interpreted incorrectly.
Rights of the Data Subject
- You have the right to:
- access to your personal data;
- rectification of your personal data;
- erasure of your personal data;
- restriction of processing of your personal data;
- object to the processing of your personal data;
- data portability.
- We respect your rights resulting from the General Data Processing Regulation and strive to simplify the procedures connected with their execution.
- Please note that the above mentioned rights are not absolute and we may refuse to recognise them on certain occasions. However, our refusal is always preceded by a thorough analysis and justified by reasonable conditions.
- As regards the right to object to processing, you have the right to object to the processing of your personal data on the basis of a legitimate interest of the Controller at any time due to your specific situation. You should remember, however, that we may refuse to accept your objection if we prove that:
- there is a legitimate basis for the processing which is of paramount significance compared to your interests, rights and freedoms, or
- there is a basis for the establishment, pursuit of or defence against claims.
- Moreover, you may object to the processing of your personal data for marketing purposes at any time. In such a case, we will discontinue processing of your data for this purpose after the receipt of your request.
- You can exercise your rights by:
- sending an email directly to the Controller:biuro@arpp.pl
Right to file a complaint
If you believe that your personal data is processed unlawfully, you have the right to lodge a complaint with the President of the Office for the Protection of Personal Data.
Cookies
Platinium Promotion s.c. (the Operator of the website) is the only owner of the information collected on www.platiniumpromotion.pl and has no intention of selling, sharing or leasing this data to third persons against the principles given below:
- Cookies are the only data the website collects in an automated manner.
- Cookies are text files stored in the website user’s device. They are intended for the use of the website. They contain the name of the original website, a unique number and the time of storage in a device.
- The Operator of the website (www.platiniumpromotion.pl) is an entity which may place cookies in the user’s device and has access to them.
- The Operator of the website uses cookies for the following purposes:
- adjusting the content of the website to individual preferences of the user; these files are used primarily to recognise a device and display the website in accordance with the user’s preferences;
- prepare statistics which help recognise users’ preferences and behaviours; the analysis of the statistics is anonymous and enables the adjustment of the content and layout of the website to the current trends as well as to assess the popularity of the website;
- enable logging in;
- keep the user logged in on consecutively visited subpages.
- Our users remain anonymous. Platinium Promotion s.c. reserves the right to use the information for purposes connected with collecting statistical demographic data. We do not use cookies to collect personal data such as your first name, surname or email address.
- The website employs two basic types of cookies – session and persistent cookies. Session files are temporary, stored only until the user leaves the website (by entering another website, logging out or closing the browser). Persistent files are stored in the user’s device until they are deleted by the user or erased after a certain time pre-set in their settings.
- You can change your browser settings at any time to block cookies or choose to see a pop-up informing about the storage of cookies in your device each time you visit the website. You can also access other available options in your browser settings. Please note that most browsers are set to accept cookies by default.
- Changes in the user’s browser settings may lead to restricted access to particular website options.
- Cookies used by the website (sent to the user’s device) may be shared with website partners and advertisers. The website uses and allows other third parties (Google AdWords, GoogleAnalytics) to use cookies for statistical and marketing purposes.
- Information about the settings of your browser are available in your browser’s menu (help) or on the website of your browser’s producer.
Final provisions
- Matters not regulated by this Privacy Policy are governed by regulations on personal data protection.
- Please note that the principles of this Privacy Policy may be changed.
- All changes will be published on the website at www.arpp.pl or sent to you via email.
- This Privacy Policy comes into force on 25 May 2018.