In relation to the entry into life, as of 25 May 2018, of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, we hereby ask you to read the information on personal data storage by REFSYSTEM Sp. z o.o. with its registered office in Grudziądz.
I.GENERAL PROVISIONS
1.1 This privacy policy is informative. The privacy policy contains primarily rules regarding the processing of personal data by the Administrator, including legal grounds, purposes and scope of personal data processing and the rights of data subjects.
1.2 Your personal data is processed based on the necessity of processing for purposes resulting from legitimate interests pursued by the Administrator or by a third party. Personal data are processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such and the repeal of Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation”, as well as the provisions of the Act on the Protection of Personal Data of May 10, 2018 (Journal of Laws 2018.1000 of as amended).
1.3 The administrator of your personal data is the Iglotech Group, which consists of entities related by ownership structure:
IGLOTECH Spółka z o.o. with its registered office in Kwidzyn,
Refsystem Spółka z o.o. based in Grudziądz,
Neovent Spółka z o.o. Spółka k. with its registered office in Kwidzyn,
Refrigas Spółka jawna with its registered office in Kwidzyn.
(hereinafter referred to as the “Iglotech Group”, “Administrator”), where these entities are co-administrators of personal data within the meaning of art. 26 GDPR.
The data subject may exercise his or her rights under the GDPR with respect to each of the above-mentioned entities. entities.
1.4 In accordance with the division of duties agreed between the entities of the Iglotech Group, the entity responsible for the processing of personal data is Iglotech Sp. z o. o. with its registered office in Kwidzyn, ul. Toruńska 41, 82-500, KRS: 0000530922, NIP: 581-00-07-574, REGON: 170174567. Contact with the administrator is possible by traditional mail to the address: 82-500 Kwidzyn, ul. Toruńska 41 or by e-mail at: daneosobowe@iglotech.com.pl
1.5 The Administrator takes special care to protect the interests of persons to whom the personal data processed by him relates, and in particular is responsible and ensures that the data collected by him are processed in accordance with the law; collected for specified, lawful purposes and not subjected to further processing inconsistent with these purposes; factually correct and adequate in relation to the purposes for which they are processed; stored in a form enabling identification of the persons they concern, no longer than it is necessary to achieve the purpose of processing and processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical and organizational measures.
1.6 Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with varying likelihood and severity, the Administrator implements appropriate technical and organizational measures to ensure that the processing is carried out in accordance with this regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The administrator uses technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.
II. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING ON THE WEBSITE
2.1 Each time, the purpose, basis, period and scope as well as recipients of personal data processed by the Administrator result from actions taken by a given Customer on the Website.
2.2 The administrator processes personal data of natural persons who:
- a) are users of the website and communicate via the website using the application form;
- b) are entrepreneurs whose data come from publicly available sources, including public registers;
- c) are potential customers, contractors or suppliers of the Company;
- d) are customers, contractors or suppliers of the Company;
- e) act as persons authorized to represent legal persons or other organizational units;
- f) are a party to applications, complaints, complaints or other letters addressed to the Company;
- g) may, in accordance with the applicable law, be the addressees of marketing correspondence.
2.3. The administrator will process the following data: name and surname, e-mail address; contact phone number; delivery address (street, house number, apartment number, postal code, city, country), address of residence/business/registered office; company name and NIP number, website address, bank account number, F-GAZ number.
2.4 The Administrator may process personal data for the following purposes:
- a) performance of the Sales Agreement or contract for the provision of Services or taking action at the request of the data subject before concluding the above-mentioned contracts – the basis of Art. 6 para. 1
lit. b) GDPR (performance of the contract) – processing is necessary to perform the contract to which the data subject is a party, or to take action at the request of the data subject before concluding the contract. The data is stored for the period necessary to perform, terminate or expiry of the Sales Agreement or the contract for the provision of Electronic Services concluded in a different way;
- b) direct marketing – Art. 6 par. 1 lit. f) GDPR (legitimate interest of the administrator) – processing is necessary for purposes arising from the legitimate interests of the Administrator – consisting in taking care of the interests and good image of the Administrator and striving to sell Products;
- c) marketing – Art. 6 par. 1 lit. a) GDPR (consent) – the data subject
concern, she consented to the processing of her personal data for marketing purposes by the Administrator;
- d) keeping accounting books – Art. 6 par. 1 lit. c) GDPR in connection with joke. 74 sec. 2 of the Accounting Act, i.e. of January 30, 2018 (Journal of Laws of 2018, item 395) – processing is necessary to fulfill the legal obligation incumbent on the Administrator;
- e) Determining, investigating or defending claims that may be raised by the Administrator or
which may be raised against the Administrator – Art. 6 par. 1 lit. f) GDPR (legitimate interest of the administrator) – processing is necessary for the purposes of the legitimate interests of the Administrator – consisting in establishing, pursuing or defending claims that may be raised by the Administrator or that may be raised against the Administrator;
- f) using the Website and ensuring its proper operation – Art. 6 para. 1 lit. f) GDPR (legitimate interest of the administrator) – processing is necessary for purposes arising from the legitimate interests of the Administrator – consisting in running and maintaining the Website;
- g) Keeping statistics and analyzing traffic on the Website – Art. 6 sec. 1 lit. f) GDPR (legitimate interest of the administrator) – processing is necessary for purposes arising from the legitimate interests of the Administrator – consisting in keeping statistics and analyzing traffic in order to improve the functioning of the website and increase the sale of Products;
- h) Expressing an opinion on the concluded Sales Agreement or the Product – Article 6 para. 1 lit. a) GDPR – the data subject has consented to the processing of his personal data in order to express an opinion;
- i) Carrying out the recruitment process – Art. 6 par. 1 lit. c) GDPR (consent) in the scope of data required under the Labor Code and Art. 9 sec. 2 lit. a) GDPR in the scope of personal data of a special category contained in recruitment documents – in order to select a candidate for work.
III. GENERAL PROVISIONS OF THE RECIPIENT OF PERSONAL DATA
3.1 For the proper functioning of the Website, including the implementation of concluded Agreements, it is necessary for the Administrator to use the services of external entities (such as, for example, an entity servicing payments, entities keeping subscriber registers, entrepreneurs in the marketing industry, legal services, accounting, auditors, couriers) . The administrator uses only the services of such processing entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.
3.2 The transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator provides data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
3.3 Customers’ personal data may be transferred to the following recipients or categories of recipients:
- carriers / forwarders / courier brokers – in the case of a Customer who uses the method of delivery of items by post or courier, the Administrator provides the Customer’s collected personal data to the selected carrier, forwarder or intermediary performing shipments at the request of the Administrator to the extent necessary to complete the delivery of the Product to the Customer,
- entities servicing electronic payments or by payment card – in the case of a Customer who uses electronic payments or by payment card, the Administrator provides the Customer’s collected personal data to the selected entity servicing the above payments at the request of the Administrator to the extent necessary to handle the payment made by the Customer,
- service providers supplying the Administrator with technical, IT and organizational solutions, enabling the Administrator to conduct business activity – the Administrator provides the collected personal data of the Customer to a selected supplier acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
- providers of accounting, legal and advisory services providing the Administrator with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company) – the Administrator provides the collected personal data of the Customer to a selected supplier acting on his behalf only in the case and to the extent necessary to complete a given purpose of data processing in accordance with this privacy policy.
IV. PROFILING
4.1 The GDPR Regulation imposes on the Administrator the obligation to inform about automated decision-making, including profiling, referred to in art. 22 sec. 1 and 4 of the GDPR Regulation, and – at least in these cases – relevant information about the rules for taking them, as well as about the significance and expected consequences of such processing for the data subject. With this in mind, the Administrator provides information on possible profiling in this section of the privacy policy.
4.2 The Administrator may use profiling on the Website for direct marketing purposes, but decisions made on its basis by the Administrator do not concern the conclusion or refusal to conclude the Agreement. The effect of using profiling may be, for example, granting a given person a discount, sending them a discount code, sending a Service proposal that may correspond to the interests or preferences of a given person, or offering better conditions compared to the standard offer on the Website. Despite profiling, it is the person who freely decides whether he or she will want to take advantage of the discount received in this way or better offer conditions.
4.3 Profiling consists in the automatic analysis or forecasting of a given person’s behavior on the Website, e.g. by selecting a specific Service, viewing the description of a specific Service, or by analyzing the history of previously purchased Services. The condition for such profiling is that the Administrator has the personal data of a given person in order to be able to send him, for example, a discount code.
4.4 The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
V. ONLINE MARKETING – GOOGLE ADS
5.1 The administrator uses the Google Ads advertising program operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA to conduct advertising campaigns, including remarketing. Activities in this area are carried out on the basis of a legitimate interest consisting in the marketing of own products or services.
5.2 When visiting a website, a Google remarketing cookie file is automatically left on the device of a given person, which, with the help of a pseudonymous identifier (ID) and based on the pages visited by a given person, enables the display of interest-based advertisements. Further processing of information takes place only when the person concerned has consented to Google linking the history of browsing and application use with the account and the use of information from the Google account to personalize advertisements that are displayed on websites.
5.3 In this case, if the data subject is logged in while visiting a website on Google, Google will use the data together with Google Analytics data to create and define lists of target groups for cross-device remarketing. For this purpose, Google temporarily combines the information collected with Google Analytics data to create target groups.
5.4 When using Google Ads, the administrator does not collect any data that would allow for the identification of a person. Using Google Ads, the administrator is only able to define the groups of recipients to whom he would like his ads to reach. On this basis, Google decides when and how to present an advertisement to a given person.
5.5 In order to use Google Ads, a special Google Ads conversion pixel has been implemented in the website code. Pixel uses Google LLC cookies for the Google Ads service. From the level of the Administrator’s website, using the mechanism used to manage cookies, you can disable these cookies. It is possible to manage ad settings directly on the Google website: https://adssettings.google.com/.
VI. INTERNET MARKETING – META
6.1. In order to conduct effective marketing campaigns and promote products and services, the Administrator uses the “Meta Pixel” option, which is provided by the Meta platform operated by Meta, 1601 S California Ave, Palo Alto (California), USA or, for users who are EU residents – Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”).
6.2. A Meta pixel is a piece of code placed on a website. It allows Meta to identify people visiting Internet content as a target group for displaying advertisements on portals and products within the Meta platform on their social profiles or applications (e.g. as part of sponsored advertisements), which is understood as a legitimate interest (Art. 6(1)(f) GDPR).
6.3 As part of the Meta Pixel function, it is therefore possible to display advertisements published by the Administrator on the Meta platform only to users of the Meta platform products who have shown interest in the services or who have certain common factors (such as interests in certain topics or products determined on the basis of visited tabs on the website, viewed products) that are transmitted to Meta.
6.4 The Meta Pixel feature helps to understand the effectiveness of advertising on Meta products for statistical and market research purposes by showing whether users were redirected to services after clicking on an ad within Meta products (so-called conversion, allowing to determine on which devices the user performs an action ), in order to create the so-called similar audiences and obtain comprehensive statistics on website usage.
6.5 During the user’s visit to the website, the Meta Pixel function establishes a direct connection with the Meta servers. In this way, the Meta server is notified that the user has visited the website, and Meta assigns this information to the personal user account of the respective Meta product
6.6 Further information on the collection and use of data by Meta and your rights and options regarding the protection of privacy can be found in Meta’s data protection policy at: https://www.facebook.com/privacy/policy/
6.7 Specific information and details about the Meta Pixel feature and how it works are available in the help section at:
https://pl-pl.facebook.com/business/help/742478679120153?id=1205376682832142
6.8 This feature can be turned off as shown on the page:
https://www.facebook.com/settings?tab=ads.
To do this, log in to Facebook.
VII. TRANSFER OF DATA OUTSIDE THE EEA
In certain situations, some technical solutions used for the purpose indicated in point V and VI are provided by entities outside the European Economic Area (EEA). Personal data may be made available to the countries of the supplier’s seat – also in the USA. Google and Meta declare to ensure an adequate level of protection of processed data by adopting and applying standard EU clauses.
VIII. RIGHTS OF THE DATA SUBJECT
8.1 The right to access, rectify, limit, delete or transfer – the data subject has the right to request the Administrator to access his personal data, rectify it, delete it (“the right to be forgotten”) or limit processing and has the right to raise objections against processing, and has the right to transfer his data. Detailed conditions for the exercise of the above-mentioned rights are indicated in art. 15-21 of the GDPR Regulation.
8.2 The right to withdraw consent at any time – a person whose data is processed by the Administrator on the basis of consent (pursuant to art. 6 par. 1 letter a) or art. 9 sec. 2 lit. a) of the GDPR Regulation), it has the right to withdraw consent at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
8.3 The right to lodge a complaint to the supervisory body – the person whose data is processed by the Administrator has the right to lodge a complaint to the supervisory body in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on the Protection of Personal Data. The supervisory authority in Poland is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).
8.4 Right to object – the data subject has the right to object at any time – for reasons related to his particular situation – to the processing of personal data concerning him based on art. 6 sec. 1 lit. e) (public interest or tasks) or f) (legitimate interest of the administrator), including profiling based on these provisions. In this case, the administrator is no longer allowed to process this personal data, unless he demonstrates the existence of valid legally justified grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims.
8.5 The right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing purposes, including profiling, to the extent that to which the processing is related to such direct marketing.
8.6 The right to obtain human intervention on the part of the Administrator, to express your own position and to challenge a decision based on automated data processing. In order to exercise the rights referred to in this point of the privacy policy, you can contact the Administrator by sending an appropriate message in writing or by e-mail to the Administrator’s address indicated at the beginning of the privacy policy or using the contact form available on the Website.
IX. WEBSITE COOKIES, PERFORMANCE DATA AND ANALYTICS
9.1 Cookie files (cookies) are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Website (e.g. on the hard drive of a computer, laptop or smartphone memory card – depending on which person is using the device). Detailed information on cookies, as well as the history of their creation, can be found, among others, at here: https://en.wikipedia.org/wiki/HTTP_cookie
9.2 The Administrator may process the data contained in Cookies when visitors use the Website for the following purposes:
- adapting the content of the Website to the individual preferences of a given person and optimizing the use of the Website,
- keeping anonymous statistics showing how the Website is used;
- remarketing, i.e. research on the behavior of website visitors through anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their expected interests, also when they visit they other websites in the advertising network of Google Inc. and Facebook Ireland Ltd.;
9.3 By default, most web browsers available on the market accept cookies by default. Everyone has the option of specifying the terms of using cookies using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the ability to save cookies – in the latter case, however, it may affect some functionalities of the Website.
9.4 Web browser settings regarding Cookies are important from the point of view of consent to the use of Cookies – in accordance with the regulations, such consent may also be expressed through the settings of the web browser. In the absence of such consent, the settings of the web browser in the field of Cookies should be changed accordingly. Detailed information on changing the settings for Cookies and their self-removal in the most popular web browsers is available in the help section of the web browser and on the following websites:
– in the Chrome browser
– in Firefox
– in Internet Explorer
– in the Opera browser
– in the Safari browser
– in the Microsoft Edge browser
X.FINAL PROVISIONS.
The Administrator makes every effort to ensure all means of physical, technical and organizational protection of personal data against their accidental or intentional destruction, accidental loss, change, unauthorized disclosure, use or access, in accordance with all applicable regulations.