GDPR information obligation
Who is the data controller?
The Administrator of Personal Data (hereinafter the Administrator) is the company "Advalp Michał Piekar", operating at the address: ul. Brzeziny 41 44-337 Jastrzębie-Zdrój, with the assigned tax identification number (NIP): 6332219909, providing services electronically via the Website
How can I contact the data controller?
The Administrator can be contacted in one of the following ways
Postal address - Advalp Michał Piekar, ul. Brzeziny 41 44-337 Jastrzębie-Zdrój
E-mail address - firstname.lastname@example.org
Phone call - +48 506204080
Contact form - available at: https://advalp.pl/en/contact-us
Has the Administrator appointed a Personal Data Inspector?
Pursuant to Art. 37 of the GDPR, the Administrator has not appointed the Data Protection Officer.
In matters relating to the processing of data, including personal data, please contact the Administrator directly.
Where do we obtain personal data from and what are their sources?
Data is obtained from the following sources:
- from data subjects
- in the case of registration using social networks, with the expressed informed consent of these people from these social networks
What is the scope of personal data processed by us?
The website processes ordinary personal data , provided voluntarily by the persons they relate to
(e.g. name and surname, login, e-mail address, telephone number, IP address , etc.)
What are the purposes of our data processing?
Personal data voluntarily provided by Users are processed for one of the following purposes:
- Implementation of electronic services:
- Services of registration and maintenance of the User's account on the Website and related functionalities
- Newsletter services (including sending advertising content with consent)
- Services for commenting / liking entries on the Website without registering
- Communication of the Administrator with Users on matters related to the Website and data protection
- Ensuring the Administrator's legitimate interest
What are the legal grounds for data processing?
The website collects and processes Users' data on the basis of:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection)
- art. 6 sec. 1 lit. a
the data subject has consented to the processing of his personal data for one or more specific purposes
- art. 6 sec. 1 lit. b
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- art. 6 sec. 1 lit. f
processing is necessary for the purposes of the legitimate interests pursued by the administrator or by a third party
- art. 6 sec. 1 lit. a
- Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000)
- Act of July 16, 2004 Telecommunications Law (Journal of Laws of 2004, No. 171, item 1800).
- Act of February 4, 1994 on copyright and related rights (Journal of Laws 1994 No. 24 item 83)
What is the legitimate interest pursued by the Administrator?
- In order to possibly establish, investigate or defend against claims - the legal basis for processing is our legitimate interest (Article 6 (1) (f) of the GDPR) consisting in the protection of our rights, including but not limited to;
- To assess the risk of potential customers
- To evaluate planned marketing campaigns
- To implement direct marketing
For how long do we process personal data?
As a rule, the indicated personal data is stored only for the duration of the service provided by the Administrator. They are deleted or anonymized up to 30 days from the end of the provision of services (e.g. deletion of a registered user account, unsubscribing from the Newsletter list, etc.)
In exceptional situations, in order to secure the legitimate interest pursued by the Administrator, this period may be extended. In such a situation, the Administrator will store the indicated data, from the time of requesting their removal by the User, no longer than for a period of 3 years in the event of a breach or suspected breach of the provisions of the website regulations by the data subject.
Who is the recipient of the data, including personal data?
As a rule, the only recipient of the data is the Administrator.
Data processing may, however, be entrusted to other entities that perform services for the Administrator in order to maintain the operation of the Website.
Such entities may include, inter alia:
- Hosting companies that provide hosting or related services to the Administrator
- Companies intermediating in on-line payments for goods or services offered on the Website (in the case of making a purchase transaction on the Website)
- Companies responsible for keeping the Administrator's accounts (in the case of making a purchase transaction on the Website)
- Companies responsible for delivering physical products to the User (postal / courier services when making a purchase transaction on the Website)
Will your personal data be transferred outside the European Union?
Personal data is transferred outside the European Union.
The transfer of data outside the EU is caused by the use of services of entities located outside the EU, or as a result of publication as a result of an individual action of the User (e.g. comment or entry), which will make the data available to every visitor to the website.
In the case of transfer or entrusting the processing of personal data outside the EU, these data are processed on the basis of an agreement concluded between the Administrator and the Service Provider.
Will personal data be the basis for automated decision making?
Personal data are used for automated decision making (profiling).
Profiling personal data does not have legal effects or similarly does not significantly affect the person whose data is subject to automatic decision making.
What are your rights related to the processing of personal data?
Right of access to personal data
Users have the right to access their personal data upon request submitted to the Administrator
The right to rectify personal data
Users have the right to request the Administrator to immediately rectify incorrect personal data and / or supplement incomplete personal data, carried out at the request submitted to the Administrator
The right to delete personal data
Users have the right to request the Administrator to delete their personal data immediately, upon a request submitted to the Administrator.
In the case of user accounts, the deletion of data consists in the anonymization of data enabling the User's identification.
In the case of the Newsletter service, the User has the option of removing his personal data by himself using the link placed in each the e-mail being sent.
The right to limit the processing of personal data
Users have the right to limit the processing of personal data in the cases specified in art. 18 GDPR, incl. questioning the correctness of personal data, carried out at the request submitted to the Administrator
The right to transfer personal data
Users have the right to obtain from the Administrator, personal data concerning the User in a structured, commonly used machine-readable format, implemented at the request submitted to the Administrator
The right to object to the processing of personal data
Users have the right to object to the processing of their personal data in the cases specified in art. 21 of the GDPR, implemented at the request submitted to the Administrator
Right to lodge a complaint
Users have the right to lodge a complaint with the supervisory body dealing with the protection of personal data.