- 1. General provisions
The Company LABTAR sp. z o.o. with registered office in Tarnów Opolski ul. Świętego Jacka 12, NIP: 7540016327, REGON: 271981077, entered in the Register of Entrepreneurs of the National Court Register under KRS number: 0000109304, with share capital of 3 300 000,00 zł, called hereinafter the Administrator, is the administrator of personal data of Clients and Contractors.
The Administrator, taking into consideration Clients’ and Contractors’ privacy, follows regulations of the applicable law, there: the ordinance of the European Parliament and the Council (EU) 2016/679 as of 27 April, 2016, regarding protection of natural persons in connection with personal data processing and in connection with free movement of such data and overruling of the directive 95/46/EC (general ordinance regarding data protection), called hereinafter GDPR, the Administrator shall in particular observe the following w rules specified in art. 5 of GDPR:
- Legality (lawfulness) rule– the Administrator processes personal data only on the ground of the specified legal ground;
Reliability and transparency rule – the Administrator aims at a situation when data he collected is correct and up-to-date and its processing proceeds smoothly, there, among other things, the Administrator implements technical and organizational means that enable data correction, error risk decrease and wrong data removal;
- Aim limitation rule – the Administrator collects and processes personal data for specific, clear and legally justified purposes;
- Data minimization rule – the Administrator collects and processes only such personal data that is indispensable for the purposes for which it is processed;
- Correctness (accuracy) rule – the Administrator assures that data is correct and updated if necessary;
Storage limitation rule – the Administrator stores personal data of a specific person for a period not longer than it is indispensable for the purposes for which it is processed;
Principle of accountability – the Administrator implements means (there: internal procedures and documentation) that guarantee observance of data protection regulations that indicate to the persons to whom this data relates and to supervisory organs which means were adopted in order to ensure observance of personal data protection regulations;
Data safety assurance rule, there: its integrity and confidentiality – the Administrator processes personal data in such a way that ensures proper security, there – protection against unpermitted or illegal processing and accidental loss, destruction of damage, through proper technical or organisational means.
Data Protection Inspector is the person each time appointed by the Personal Data Administrator who can be contacted via e-mail: firstname.lastname@example.org .
- 2. Purpose, ground and time of personal data processing
- Data Administrator processes personal data of Clients and Contractors in order to and within the scope necessary for the Clients and Contractors to use the Service.
- Personal Data of Clients and Contractors is processed by the Company LABTAR in particular for rendering services through electronic means, there: for orders execution (art. 6 para. 1 point b GDPR) and if the Clients gives his consent, for marketing purposes (art. 6 para. 1 point a GDPR).
- At the same time data is processed by the Administrator for the following purposes and in the following periods:
Sending commercial information through electronic communication means and with application of telecommunication end devices and automated calling in accordance with art. 172 of the Act of 16 July 2004 –The Telecommunication Act, there: any information regarding offers, current information about products and services offered by the Company LABTAR or newsletter (in case of people who consented to it) – on the ground of art. 6 para. 1 p. a) GDPR – no longer than until the consent has been revoked;
Ensuring handling of orders placed at the Company LABTAR, in particular delivery of the ordered goods and consideration of potential complaints, fulfilment of fiscal and accounting obligations provided for by the respective legal regulations (for people who placed the order) – on the ground of art.6 para. 1 p. b) GDPR – no longer than until the claims connected with the executed order expire;
Ensuring safety and proper functioning of the Service and enabling the Administrator to render services via electronic means gratuitously – which is our justifiable goal on the ground of art. 6 para. 1 p. f) GDPR – no longer than for the period indispensable for realisation of the aforementioned goal;
Enquiries handling if they are not directly connected with ordered services or products – which is our justifiable goal on the ground of art. 6 para. 1 p. f) GDPR – no longer than for the period indispensable for realisation of the aforementioned goal or period of limitation of claims;
Monitoring of Service users activeness in order to adapt it and to optimise the displayed content to the Users’ needs – which is our justifiable goal on the ground of art. 6 para. 1 p. f) GDPR – no longer than till objections have been made, for this purpose we use profiling in some cases.
- 3. Rules of collecting and processing of personal data and information
1. Personal data is processed in automated way, there through profiling in order to adjust the content of the Service to personal preference and interests. Automated processing and profiling shall have no legal consequences, nor shall it have significant impact on the user’s situation.
2. At the time of reviewing and using the Service, data regarding using the Service by the Clients and Contractors, among other things such information as the type of browser, type of operational system, date and time of the visit, the number of connections, viewed content and other, is automatically collected.
3. Personal data is processed on the ground of the expressed consent. Giving the consent for personal data processing takes place in particular through ticking the marked area.
4. Browsing through the content of the Service itself does not require provision of personal data.
5. Execution of the order for goods requires provision of personal data.
6. Personal Data of Clients and Contractors will be processed by the time necessary for realisation of processing goals.
7. Giving personal data will also be necessary in order to sign up for a competition organised within the Service or to use the contact form.
8. In order to use some functionalities of the Service (e.g. newsletter) it is also necessary to provide voluntarily personal data.
9. Data recipients include electronic mail services providers, providers of IT solutions gathering data necessary for shipment of newsletter and commercial information and entities participating in order execution, which process personal data on behalf of the Administrator or on the ground of authorisations and/or contracts for data processing entrustment.
10. Personal data is not transferred to a third country or international organisation (i.e. outside the European Economic Area).
- 4. User’s authority
- The user is entitled to control processed personal data related to him In particular, he is entitled to:
- The right to access the content of data on the ground of art. 15 GDPR;
- The right to correct data on the ground of art. 16 GDPR;
- The right to delete data on the ground of art. 17 GDPR;
- The right to limit data processing on the ground of art. 18 GDPR;
- The right to transfer data on the ground of art. 20 GDPR;
- The right to object to data processing on the ground of art. 21 GDPR.
In situations when User’s data processing takes place on the ground of art. 6 para. 1 point a GDPR, i.e. consent to personal data processing, the User has the right to withdraw his consent at any time, which has no influence on legality of processing done on the ground of the consent prior to its withdrawal.
- The User is entitled to obtain information whether or to what extent his personal data is processed, and also information regarding the purpose and scope of his personal data processing.
- The User may exercise the rights described above by sending his declaration of intent via electronic means or by letter to the address of Data Administrator or Inspector of Data Protection.
- The Administrator reserves the right to refuse removal of the Users’ data if its preservation is indispensable for execution of claims or if it is required by legal regulations in force.
- In a situation when a Client decides that data processing by the Company LABTAR constitutes a breach of GDPR, then the Client is entitled to bring an action to the supervisory organ, i.e. to the President of UODO (Urząd Ochrony Danych Osobowych – Personal Data Protection Office).
- 5. Policy of cookies and other similar technologies
1. In connection with running the Service, the Administrator makes use of so called cookies, i.e. small text and numeric files that are stored by the ICT system in the ICT system of the User. The Administrator may also use similar or identical technologies used within the Service.
2. Cookies or any similar technologies may be used in order to:
a) adjust the content of the Service to preferences, needs and expectations of the User;
b) create statistics that help to understand how the Users use the Service, which enables to improve its structure, functionality and content;
c) provide the Users with advertising materials more adapted to their interests.
3. Within the Service we use the following types of cookies:
a) Session cookies: they are stored on the User’s device and remain there till the moment when the session of the browser is finished. Stored information is then removed permanently from the device memory. Session cookies mechanism does not allow downloading any personal data nor any confidential information from the User’s device.
b) Permanent cookies: they are stored on the User’s device and stay there till the moment they are deleted. The end of the browser session or switching the device off does not cause their cancellation from the User’s device. Permanent cookies mechanism does not allow to download any personal data nor any confidential information from the User’s device.
5. Cookies are used in the Service with the consent the User. The consent may be expressed by the User through respective setting of the software, in particular the User’s browser.
6. In many cases software used for browsing websites as a default allows to store cookies on the User’s end device. The Users may at any time change the settings regarding cookies. Those settings can be modified, in particular in such a way so as to automatically block cookies or to inform each time that they are placed in the User’s device.
- 6. Personal data security and protection
1. Data Administrator declares that he processes personal data of Service users in accordance with GDPR and that he uses technical and organisational means that provide protection of processed data suitable for the threats and categories of protected data, and in particular it protects the Users’ data from being made accessible to unauthorised persons.
2. Personal data collected by Data Administrator can be directly accessed only by authorised employees or Data Administrator’s associates and authorised persons who deal with Service handling.
3. Users’ personal data can be made available to entities authorised to obtain it on the ground of legal regulations in force, and in particular to the competent judicial authorities.
- 7. Final provisions
This post is also available in: Polish