The Data Controller shall make every effort to ensure respecting users’ privacy and protection of the disclosed personal data and undertake any required measures, in particular by ensuring compliance with the regulations governing the way to collect, manage, store and use personal data, as described in the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (termed General Data Protection Regulation, GDPR).
- Objectives of and grounds for processing users’ personal data
The data is processed to execute and perform the agreement which the user is a party to or to undertake any activities before the agreement is executed, including sale of services, under Article 6(1b) and (1c) of GDPR and (1f) of GDPR. Processing is required for the objectives stemming from the legitimate interest of the Data Controller, including but not limited to for performing the agreement, keeping the required documents, protecting rights, keeping statistics and archiving which will stem from the Data Controller’s legitimate interest under Article 6(1f) of GDPR. Providing data for performance of the above provision is a prerequisite for the agreement execution. Refusal to provide data in the scope required to execute or perform the agreement and in the scope required by the applicable law shall prevent its execution.
What is more, if the user grants their consent to data processing under Article 6(1a), the data shall be processed for marketing activities. Any data provision is entirely optional and its refusal shall not affect execution or performance of the agreement mentioned above. The consent can be withdrawn any time without affecting the legality of processing carried out under the consent before the withdrawal. Any data provision in this respect is entirely optional and its refusal shall not affect execution or performance of the agreement.
- How can the user exercise their rights?
The user is entitled to:
- access your personal data,
- have any incorrect or incomplete data rectified,
- request personal data deletion:
- when the data is no longer required for purposes for which it was collected or processed in any other way,
- when the data subject objected to data processing,
- when the data subject withdrew their consent being the grounds for processing and there are no other legal grounds for processing,
- when data is processed illegally. Data must be deleted to fulfill the obligation stemming from the applicable law.
- request personal data processing restriction:
- when the data subject challenges personal data correctness,
- when data processing is illegal and the data subject objects to data deletion, requesting their restriction instead, the Data Controller does not need the data for their purposes, but the data subject needs it to determine, defend or pursue any claims,
- when the data subject objected to data processing until it is determined if the legal grounds on the Data Controller’s part are superior to the grounds for the objection.
- transfer data to another data controller or to the user,
- withdraw their consent any time if it was granted,
- make a complaint relating to the violation of the personal protection law to the President of the Personal Data Protection Office.
- Data provision
Any data provided by the user will not be disclosed to any other party except for:
- entities participating in processes required for the agreement performance, payment services, services provided by electronic means,
- co-workers providing services relating in particular to the direct service for you and providing IT services,
- public authorities or entities performing public tasks,
- others in line with the consent granted.
- Data storage and processing.
The Data Controller makes every effort to secure the user’s data and protect it from third parties, meeting all the legal requirements, including but not limited to the premises in GDPR.
The Data Controller does not intend to carry out automated decision making, including profiling.
The Data Controller does not intend to transfer any personal data to any third state or international organisation.
The personal data shall be stored for:
– up to 14 days after the consent is withdrawn,
– required to perform the agreement executed with the user and later for the term and in the scope required by the applicable law (including the Tax Ordinance, acts on the social insurance system and, for employees, the Labour Code and the Act on old-age and disability pensions from the social insurance fund) and the limitation period of claims stemming from the agreement (including considering Article 118 of the Civil Code),
– for candidate workers, the personal data shall be stored for up to 90 days after the recruitment process is completed if the candidate does not pass it.
- Questions and reservations
The Data Controller runs a website at: https://killys.pl/
6.1. What data is collected automatically when using the Website?
The Website does not collect any data automatically except for the one included in the above-mentioned files when using the Website.
Cookie files are small text files sent by the Website and stored on your computer. They contain certain information relating to the user’s use of the Website. The cookies used may be temporary or permanent. Temporary cookies are deleted once the user closes the browser, while permanent ones are stored even after the user finishes using the Website and store e.g. the user’s password or login which accelerates and facilitates using the Website. Cookies hold information which is often required for the correct Website function. What is more, cookies may hold a unique code identifying the user device, not allowing to identify the user.
The Website uses the following two types of cookies:
- cookies enabling to use the services available on the Website, e.g. authenticating cookies used for services that require authentication within the Website;
- “performance” cookies enabling to collect information on the way of using Website pages;
- “functional” cookies enabling to “save” the settings made by the user and to customise the user interface.
The Website uses the below-mentioned cookies for the following purposes:
- maintaining the user’s Website session (after logging in) thanks to which the user need not enter the login and password again on every Website page;
- adapting the Website content to the user preferences and optimising the website use; such files enable to recognise the Website user’s device and display the Website accordingly to match their individual needs;
- creating statistics which promote understanding of how the Website users use the websites which enables to improve their structure and content.
In many cases the software for browsing websites (browser) permits cookie file storage in the user’s end device by default. The user may change the cookie settings themselves. The settings may be changed to disable automatic support for cookies in the browser settings or to notify of their each placement in your device. Detailed information on the possibility and methods of handling cookies is available in the software (web browser) settings. Restricted use of cookie files may affect certain functionalities available on the Website pages. For more information on cookies, see the Help menu of every browser.
6.3. Other websites
The Website may feature links to other websites from time to time. Such other websites are independent of the Website and are not supervised by the Data Controller in any way. They may have their own privacy policies which the user should read. The Data Controller shall not be held liable for any rules of handling data in such websites.