Privacy policy for jasek-transport.pl

I. GENERAL PROVISIONS

The administrator of personal data of users of the website located at jasek-transport.pl is Jasek Sp. z o.o., ul. Kościelna 12a, 88-420 Rogowo, NIP: 5621804016, REGON: 341469081 (hereinafter: “Administrator”).

The Administrator can be contacted: (1) by e-mail: jasek@jasek-transport.pl, (2) in writing, at the Administrator’s address: ul. Kościelna 12a, 88-420 Rogowo.

The purpose of the Policy is to define the actions taken with regard to personal data collected via the Administrator’s website and related services and tools used by its Users, as well as in the course of concluding and performing contracts in contact outside the website.

If necessary, the provisions of this Policy may be amended. The amendment will be communicated to Users by announcing the new content of the Policy, and in the case of the database of persons who have consented to the processing of data by e-mail or provided e-mail data when performing contracts, they will also be notified of the amendment by e-mail.

II. BASIS FOR PROCESSING, PURPOSES, AND STORAGE OF PERSONAL DATA

  1. Users’ personal data is processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act of May 10, 2018, and the Act on the provision of electronic services of July 18, 2002.
  2. In the case of personal data processing based on an email or complaint sent by the User, such processing is carried out pursuant to Article 6(1)(b) of the General Data Protection Regulation, according to which data processing is necessary to take action at the request of the data subject.
  3. If separate consent is obtained from the User, their personal data may also be processed by the Administrator for marketing purposes, including for the purpose of sending commercial information by electronic means to the e-mail address provided by the User (Article 6(1)(a) of the General Data Protection Regulation).
  4. When the Administrator concludes and performs a sales contract or service contracts, the other party is required to provide the data necessary to conclude the contract (which is a contractual requirement and, in the case of tax numbers, also a statutory requirement), and for this purpose the Administrator processes personal data (Article 6(1)(b) of the General Data Protection Regulation) .
  5. In the case of conducting research and analysis to improve the operation of available services (e.g., tracking tools), Article 6(1)(f) of the General Data Protection Regulation is indicated as the basis for data processing.
  6. Users’ personal data is stored for no longer than is necessary to achieve the purpose of processing, i.e. until consent is withdrawn if processing is based on such consent, until the Administrator’s and the other party’s claims regarding the performance of concluded contracts expire (in the case of sales contracts/service contracts, 2 years, counting to the end of the year) and until the request sent by e-mail is processed or until the complaint is resolved.
  7. To the extent necessary for the proper functioning of the website, its functionality, and the proper execution of payment transactions (if such transactions are carried out via the website), the website uses the User’s metadata. Metadata should be understood as the process of reading and recognizing by the website’s IT system the configuration and components of the computer used by the User in order to adapt the website to its capabilities and establish a secure connection between the User’s computer and the website. Importantly, such metadata cannot lead to the identification of the User, nor is it in any way harmful to the data stored on the computer. Nevertheless, the User has the right to withdraw their consent to the processing of metadata at any time by configuring their browser accordingly or downloading the appropriate plug-in provided by the browser manufacturer. To do so, consult the software manufacturer and follow their recommendations.
  8. The Administrator may use profiling for direct marketing purposes, but decisions made by the Administrator on this basis do not concern the conclusion or refusal to conclude a contract or the possibility of using electronic services. The effect of using profiling may be, for example, granting a discount to a given person, sending them a discount code, reminding them of unfinished purchases, sending a product proposal that may correspond to the interests or preferences of a given person, or offering better conditions compared to the standard offer. Despite profiling, the person is free to decide whether they want to take advantage of the discount or better terms and make a purchase. Profiling consists of the automatic analysis or prediction of a person’s behavior on the Administrator’s website, e.g., by adding a specific product to the shopping cart, viewing a specific product page, or by analyzing the history of activity on the website. The condition for such profiling is that the Administrator has the personal data of the person concerned in order to be able to send them, for example, a discount code.
  9. To the extent necessary for the proper functioning of the website and its functionality, the website may collect other information when used by the User, including, but not limited to: a) IP address, b) information about the device, hardware, and software, such as hardware identifiers, mobile device identifiers (e.g., Apple Identifier for Advertising [“IDFA”] or advertising identifier on an Android device [“AAID”]), c) platform type, d) settings and components, e) installed software, f) presence of necessary plug-ins, g) approximate geolocation data (based on IP address or device settings), h) web browser data, including browser type and preferred language.
  10. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity of the rights and freedoms of natural persons, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the Regulation and to be able to demonstrate this. These measures are reviewed and updated as necessary. The Administrator shall use technical measures to prevent unauthorized persons from obtaining and modifying personal data transmitted electronically.

III. DATA SHARING

  1. The Administrator ensures that all personal data collected is used to fulfil obligations towards Users. This information will not be disclosed to third parties except in situations where: a) the persons concerned have given their prior explicit consent to such action, or b) the obligation to transfer this data results or will result from applicable law, e.g. to law enforcement authorities.
  2. Additionally, the personal data of service users and customers may be transferred to the following recipients or categories of recipients: – service providers supplying the Administrator with technical, IT and organisational solutions enabling the Administrator to conduct business activity, including the website and electronic services provided through it (in particular, computer software providers, marketing agencies, e-mail and hosting providers, providers of business management software and technical support to the Administrator and the product delivery operator) – the Administrator shall make the collected personal data of the Customer available to a selected provider acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy. – accounting, legal and advisory service providers providing the Administrator with accounting, legal or advisory support (in particular, an accounting office, law firm or debt collection company) – The Controller shall disclose the collected personal data of the Customer to a selected supplier acting on its behalf only in the case and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.
  3. The administrator may share anonymised data (i.e. data that does not identify specific Users) with external service providers in order to better understand the attractiveness of advertisements and services to Users, and in this regard, due to the location of software providers, data may be transferred – in accordance with data protection rules to third countries that ensure the standards of contractual provisions approved by the European Commission for the processing of personal data or that have the appropriate authorisation to do so on the basis of bilateral data processing agreements between the European Union and a given third country that is not a member of the European Economic Area. In the case of the Administrator, these entities are: – Google LLC. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyse website statistics, Google Tag Manager: used to manage scripts by easily adding code snippets to a website or application and tracking user activity on a website, Google Ads used to display sponsored links in Google search results and on websites participating in the Google AdSense programme, – Meta Platforms, Inc. (registered office: 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook pixel used to track conversions from Facebook ads, optimise them based on collected data and statistics, and build an audience list targeted for future ads.
  4. Third-party analytics technologies integrated with the Administrator’s services (including SDK [Software Development Kit] and API [Application Program Interfaces]) may combine data collected in connection with the User’s use of the Administrator’s website with information that has been collected separately over time and/or across different platforms. Many of these companies collect and use information based on their own data protection policies, which can be found on their websites. The Administrator encourages you to familiarise yourself with these policies.
  5. The Administrator’s website may use Google Analytics, a web analytics service provided by Google, LLC. (‘Google’). Google Analytics uses cookies to help website operators analyse how visitors use the website. The information generated by cookies about visitors’ use of the website is usually transmitted to Google and stored by Google on servers in the United States. In accordance with current IT standards, the IP addresses of users visiting the Administrator’s website are shortened. Only in exceptional cases is the complete IP address sent to a Google server in the United States and shortened there. On behalf of the Administrator, Google will use this information to evaluate the website for its Users, compile reports on website traffic and provide other services related to website traffic and Internet usage for website operators. Google will not associate the IP address provided by Google Analytics with any other data held by Google. For more information on how Google Analytics collects and uses data, please visit the official Google website at: www.google.com/policies/privacy/partners. In addition, each User can prevent Google from collecting and processing data relating to their use of the website by downloading and installing a browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout.
  6. When sharing data with third parties, the administrator makes every effort to ensure that this is only done with entities certified under the (former) EU-US and Switzerland-US Privacy Shield programmes, which are available at www.privacyshield.gov. When using information originating from the European Economic Area (EEA), such entities will do so in accordance with the Privacy Shield programme’s principle of ‘Accountability for Onward Transfer’. Where appropriate, the Controller will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union of 16 July 2020 regarding the EU-US Privacy Shield and the guidelines of the European Data Protection Board, the Controller continues to assess the legal systems of the countries to which data is transferred and, where necessary, updates measures to ensure adequate levels of protection.

IV. USER RIGHTS

  1. A user whose personal data is being processed has the right to: a) access, rectification, restriction, erasure or transfer – the data subject has the right to request the Controller to access their personal data, rectify it, erase it (‘right to be forgotten’) or restrict its processing, and has the right to object to the processing, as well as the right to transfer their data. The detailed conditions for exercising the above rights are set out in Articles 15-21 of the GDPR. b) withdraw consent at any time – a person whose data is processed by the Controller on the basis of consent (pursuant to Article 6(1)(a) or Article 9(2)(a)

    a) GDPR Regulation), has the right to withdraw consent at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
    b) lodge a complaint with a supervisory authority – a person whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office in Warsaw.
    c) objection – the data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them based on Article 6(1)
    d) public interest or public tasks or
    f) legitimate interests of the controller, including profiling based on those provisions. In such a case, the controller may no longer process such personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. e) objection to direct marketing – if personal data is processed for direct marketing purposes (based on the legitimate interest of the Administrator, not on the basis of the data subject’s consent), the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
  2. The above rights are exercised on the basis of a request sent by the User to the e-mail address jasek@jasek-transport.pl. Such a request should include the User’s first and last name.
  3. The User ensures that the data provided or published by them on the website is correct.