PRIVACY POLICY

Website in the www.conhpol.pl domain

Privacy policy rules

This Privacy Policy sets out the rules of processing and ensuring security of your (the users of the website in the domain: www.conhpol.pl (the “website”) personal data, in reference to your using of the functionalities or services available through the website.

Pursuant to the GDPR, personal data mean all information about any identified or identifiable natural person (that is a specific adult or child), such as first and last name or identification number.

The Controller explains that your data are processed in accordance with the provisions of the law, including:

• the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; called hereafter “GDPR”);
• the provisions of the telecommunications law of 16 July 2004;
• the provisions of the act of 10 May 2018 on the protection of personal data;
• the provisions of the act of 18 July 2002 on providing electronic services.

The Controller at the same time cares about the protection of your personal data with the application of the appropriate organisational and technical solutions preventing interference in the privacy of the users by third parties.

The Controller, considering the premises of Article 5 GDPR, applies the following principles in the processing of data: lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, and integrity and confidentiality, as well as correspondence with the purpose of the processing.

The SSL secure protocol is used to operate the website, significantly increasing security of data in the internet (a special standard for transmission of data in the internet, where transmission is encoded, unlike with the standard transmission where open text is sent).

The Controller

The Controller of your data is Henryk Konopka, managing business operations under the firm “CONHPOL” Henryk Konopka, Stanisław Dolny 400A, 34-130 Kalwaria Zebrzydowska, NIP 5510002377, REGON 070135725, info@conhpol.com.pl tel. +48 876 76 66

The Controller ensures the highest care not to breach the protection of personal data, which in the light of GDPR is understood as breach of security resulting in accidental or unlawful destruction, loss, modification, unauthorised disclosure or unauthorised access to the personal data transmitted, stormed or processed in any other way.

Processing personal data

Your personal data are processed by the Controller in accordance with the provisions of the law for the following legitimate purposes, depending on the functionalities of the website or on the service used by the given data subject (as these data come solely from the actions of the user in the website of the Controller, and their scope depends on the services or functionalities used by the user and the services and functionalities that were / are / will be available in the website at the time of the said action of the user; therefore, only the relevant and necessary data are processed, in accordance with the rules presented above, that are related solely to the actions of the user and do not exceed the scope of these actions):

1. respectively, on the basis of Article 6.1a GDPR:

• to carry out free subscription of the newsletter of the Controller, if such service is / was / will be available in the website;

1. respectively, on the basis of Article 6.1b GDPR:

• to take advantage of the functionalities of the Website;
• to conclude a distance contract with the Controller or to initiate actions on request of the data subject, before the conclusion of the distance contract with the Controller, if the conclusion of such a contract is possible with the website;
• to perform the contract; solving technical problems for this purpose and contacting the user in connection with its performance;

1. respectively, on the basis of Article 6.1c GDPR:

• to fulfil legal obligations resulting from the general provisions imposed on the Controller: in particular for accounting and tax purposes;
  to fulfil complaint processing obligations (examination of complaints and claims) related to the contracts concluded through the website, if the website offers such a possibility; to provide information on request of a state authority on the basis of special regulations, e.g. the police, the public prosecution, the court;

1. respectively, on the basis of Article 6.1f GDPR: due to the legitimate interest of the Controller in the form of the following respective purposes:

• to establish, if any, assert or defend claims of data subjects (including for the purpose of collection amounts due, managing court proceedings,
  and then enforcement proceedings);
• for archival purposes in order to secure information, i.e. contracts and settlement documentation, if any (in order to fulfil the obligation of accountability resulting from GDPR);
• for analytical purposes, i.e. the selection of the services for the needs of the users; optimisation of our products on the basis of comments from the users, interest of the users, technical logs of applications; optimisation of operation processes on the basis of the running of the sale and post-sale services processes, including complaints, if the services of sale of products / rendering services are available through the website (disposing of the information about the statistics of the actions of the Controller allows him to improve the conducted operations);
• in order to offer products and services of the Controller directly to the users (marketing or for the objective of direct offering of products and services (marketing) companies co-operating with the Controller (partners of the Controller) without the use of means of electronic communication (the legitimate purpose is managing marketing activities promoting the conducted activities or other entities)
• in order to offer products and services of the Controller directly to the users (marketing or for the objective of direct offering of products and services (marketing) companies co-operating with the Controller (partners of the Controller) with the use of means of electronic communications, where such actions are undertaken due to other effective regulations, in particular the telecommunications law and the act on providing services by electronic means, are conducted only on the basis of the appropriate consents,
  if such consents have been collected.
• in order to study the satisfaction of the users and determine the quality of our operations;
• to ensure security and prevent abuse and fraud;
• the organise promotional actions, loyalty programmes and campaigns open to all users;
• to process inquiries provided with the contact form, other applications, including ensuring of accountability, if the given forms are available in the website at the given time (for the legitimate purpose of providing responses to the inquiries and questions sent with the contact form or in any other form, including storing such applications and the provided responses for the purpose of observing the principle of accountability).

As stated above, the data from the users are related to their actions in the website, thus all the data from the users of the website are collected in two ways:

• the information is provided voluntarily by the user: providing such data is done by way of filling in the relevant registration forms, contact forms, if they are available in the website; if the provision of the given data is the condition to conclude a category, the category of these data (e.g. email) is properly described;
• the information obtained from the use of the websites: which may include:

• the information in the server logs: the server of the Controller automatically records such data as the request of the party sent by the user, the date and time of the request and of the response, the data of the device (e.g. a product model), browser type, browser language, operating system type,
• the information collected by the Google Analytics tool in the process of monitoring the visiting statistics of the website,
• the IP address: each computer connected to the internet has a unique number assigned, that is the IP address; it is used, e.g. to identify the country from which the given user connects to the network,
• text files (the so-called “cookies”) sent to the computer of the user during their visiting of the website;
• server logs: by way of storing www server logs by the hosting operator, functioning at the www address of the website.

Data recipients

Depending on the scope and purpose of processing of the data, they may be transferred, following the rules set out by the law, to other entities that will process them, in the scope of the given purpose of processing, respectively:

1. in case of the execution by the Controller of a service or delivery (sale) of items other than by electronic means, but by way of a distance contract, if the conclusion of such a contract is / will be possible through the website: the entities performing postal or courier services, if the subject of the contract is to be sent / delivered in the traditional way; banks or entities operating electronic payment systems, in the case of the necessary of making clearing operations; the entities supporting the Controller in the activities conducted to his order for the purpose of the execution of the contract; entities providing legal support: for the purpose of the execution of the rights set out by the law, to secure rights and assert claims under the contract;
2. in all cases to state authorities or other entities entitled by the law, for the purpose of the execution of the obligations imposed on the Controller by the regulations of the law, e.g. the police, the public prosecution, the tax office;
3. entities providing marketing service: for the purpose of supporting the Controller in the promotion of goods, organisation of promotional actions, loyalty programmes and campaigns;
4. entities operating ICT systems and providing IT services: in the scope of the upkeeping the proper operation of the system, its updating, repairs, and adding or improving functionalities;
5. entities supporting the operations conducted by the Controller to his order, including providers of external systems, for the purpose of supporting, improving or developing the operations of the Controller;

if personal data processed for the specific purpose with the view of the functionalities that are (were) available in the website, with respect of the principles concerning the processing of data as set out in GDPR, as well as the time during which specific data may be stored.

Data are subject to disclosure to third parties solely on the principles and within the limits allowed by the law.

Data storage time

Personal data are stored for the time that is not longer than it is necessary to fulfil the purposes described above, including the proper functioning of the operations of the Controller, taking into consideration limitation periods and a period of a reasoned necessity of storing the accounting documentation in accordance with the regulations of the law that impose on the Controller the obligation of storing documents (including tax liability limitation period) and with simultaneous following of the principle of accountability. Thus:

1. the data included in contracts, letters of attorney and annexes to these contracts are stored for up to three months after expiration of the limitation period for the claims resulting from the contract;
2. the data provided with the forms available in the website are stored for the period of three years for the purpose of fulfilling the principal of accountability;
3. the documents related to statutory warranty and complaints will be stored for the time of one year after the expiry of the statutory warranty time or examination of the complaint, with the later event taken into account, unless the time described in item “a” expires earlier due to the limitation period requirements;
4. the data for marketing purposes in the scope of the case of processing data on the basis of the consent as set out by the regulations of the law will be stored until the time of the withdrawal of the consent; if these data are processed on the basis of a legitimate purpose of the Controller: until the time of objection.

The Controller at the same time informs that pursuant to Article 118 of the civil code, unless special provisions state otherwise, the limitation time is ten years, and for claims concerning periodical services and claims related to conducting business operations, limitation time is three years. Pursuant to Article 74.2.4 of the accounting act, accounting proofs related to fixed assets in construction, loans, credits and trade contracts, claims under civil law procedures or under penal or tax procedures, shall be kept for 5 years from the beginning of the year following the trading year in which the operations, transactions and procedures were finalised, paid, settled or time-barred.

The rights in the scope of the processed data

The Controller informs also the data subject:

1. about the right the request from the Controller access to the personal data related to the data subject, having them rectified, removed or having their processing restricted or about the right to object against the processing, as well as about the right to transfer the data;
2. that if the processing is done on the basis of the statement of giving consent (the legal basis, respectively: Article 6.1a or Article 9.2a), the person giving such consent has the right to withdraw consent at any time without effect on the lawfulness of the processing that was done on the basis of the consent before its withdrawal;
3. that providing data is voluntary. Failure to provide the data necessary to conclude a distance contract (if such a contract may be concluded through the website), which are also necessary for the settlements of the business operations conducted by the Controller, i.e. failure to provide the data marked as necessary, which are essential for the conclusion of the distance contract through the website, may prevent the conclusion of such a contract (providing these data constitutes the condition necessary to conclude the contract, if such a contract may be concluded within the website). In any other respect, the lack of the provision of data (or of a single item of data) may make it difficult or prevent carrying out other functionalities or service available in the website.
4. about the right to lodge a complaint with the supervisory authority, the President of the Office for Personal Data Protection;
5. that as of the end of the storage time, in accordance with the regulations of the law, personal data will be erased;
6. that personal data will not be processed in an automated way (including in the form of profiling) so that any decisions could be made as a result of such automated processing, any legal consequences could result or could significantly affect the users of the website in any other way. The Controller within the executed operations makes use of cookie files so that they observe and analyses traffic in the pages of the website. The website does not collect automatically any information except the information in the cookie files. The information collected in this way is used, among others, for: website management; detecting security threats, if any; studying aggregated traffic of users within websites and for statistical purposes, including with the use of the Google Analytics tools.

1. that the Website may include external links to enable its users directly reach other web pages or that during the use of the website cookie files may be additionally stored in your device that come from other entities in particular from such suppliers as: Facebook, Twitter, Instagram, Google+, to enable your use of the functionalities of the website integrated with these websites. Each one of these suppliers defines the principles of the use of cookie files in their respective privacy policies, therefore the Controller informs that they have no effect on the privacy policy of these suppliers and the use of cookie files. For security reasons, it is recommended before making use of the functionalities / resources offered by other web pages or websites, for each user to become acquainted with the regulations related to the privacy policy and the use of cookie files of these entities, if they are provided, and if they are not available, the contact the administrator of these pages or websites in order to obtain information in this respect.

Cookie files

The Controller explains that the website, pursuant to Article 173 of the telecommunications law, uses cookie files that constitute information data, in particular text files that are stored in the terminal device of the user. These files usually include the name of the website of their origin, the time of storage in the terminal device and a unique number. They are used for the following purposes:

• to facilitate the user’s use of the website during its browsing;
• to recognise the user at a later time if the website is connected to the device in which they are stored;
• to create statistics to help understand how the users of the website use the web pages, which allows improvement of their structure and content;
• to customise the content of the web pages to the specific preferences of the user and to optimise the use of web pages, customised to the individual needs of the user.

The following types of cookie files are used in the website: “session” files are stored in the terminal device of the user until the time of logging out, leaving the web page or turning off in the web browser “permanent” files are stored in the terminal device of the User for the time set out in the parameters of the cookie files or until the time of deleting them by the User; “performance” files that allow collection of information about the way the web pages of the website are used; “necessary” files enable the use of the services available within the website “functional” files allow storing the settings chosen by the user and personalisation of the user interface; “proprietary” files are set by the website; “external” files that come from another external website than the Website.

The Controller explains that this information is in no way referred to the personal data of the user of the website, and is not used to determine the identity of the user. The scope of the information collected automatically depends on the settings of the web browser of the user. It is recommended, therefore, for the user to check the settings of their browsers, to learn what information is made available by their browsers automatically or in order to change these settings. For this purpose, the user may consult the content of “Help” of the used web browser.

The Controller explains also that the conditions of storing or receiving cookie files may be changed by changing the configuration of the settings in web browsers, e.g.

• in the Internet Explorer browser
• in the Microsoft Edge browser
• in the Mozilla Firefox browser
• in the Chrome browser
• in the Opera browser
• in the Safari browser

The web browser usually by default allows storage of cookie files in the terminal device of the User. The users of the website may thus make changes in the settings in this respect. The web browser allows the possibility of deletion of cookie files and taking advantage of the possibility of automatic blocking of cookie files. The detailed information in the scope of cookie files are included in the settings or in the documentation of the web browser used by the user. Please note that turning off cookie files necessary for authentication processes, ensuring security or maintaining preferences of the user, if these are available in the website, may make it difficult, and in extreme cases also prevent the use of the website (or some functionalities of the website).

Moreover, the Controller explains that information about some forms of behaviour of the users are subject to logging in in the server layer. These data are used solely for the administration of the website and to ensure the most efficient operation of the provided hosting services. The browsed resources are identified with URLs. Moreover, the following information may be saved: the public IP address of the requesting computer (which may directly be the computer of the user); the name of the station of the client: the identification executed with the http protocol, if it is possible; the user name given in the authorisation process, the time of the request, the first line of the http request, the http response code, the number of the bytes sent by the server, the URL of the page visited earlier by the user (the referer link) – if the page of the Controller was reached from the link, information about the browser of the user, information about errors during the HTTP transaction. The above data are not referred to specific user browsing pages. The above data are used only for the purposes of website administration.

Inspection of data processing

The Controller makes sure to provide all means of physical, technical and organisational protection of personal data against their accidental or deliberate destruction, accidental loss, modification, unauthorised disclosure, use or access, in accordance with all provisions of the law that are in force.

This Privacy Policy is effective as of 25 May 2018.