Privacy Policy

PERSONAL DATA PROCESSING POLICY ON THE WEBSITE

This policy is informative and contains primarily the rules regarding the processing of personal data by the Administrator on the website, including the basis, purposes and scope of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools.

§1 DEFINITIONS

  1. Administrator – Author’s Design Studio Sławomir Rosolski Architekt, Wroniecka 23, 61-763 Poznań
  2. Personal data – all information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including image, voice recording, contact details, location data, information contained in correspondence, information collected through recording equipment or other similar technology.
  3. Policy – ​​this Personal Data Processing Policy.
  4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  5. Data subject – any natural person whose personal data are processed by the Administrator.

§2 DATA PROCESSING

  1. In connection with its business activity, the Administrator collects and processes personal data in accordance with the relevant regulations, in particular the GDPR and the data processing principles provided for therein.
  2. The administrator ensures transparency of data processing, in particular, always informs about data processing at the time of collection, including the purpose and legal basis of processing – e.g. when concluding a contract for the sale of goods or services. The administrator ensures that data is collected only to the extent necessary for the indicated purpose and processed only for the period for which it is necessary.
  3. When processing data, the Administrator ensures their security and confidentiality as well as access to information about processing to data subjects. If, despite the security measures used, there is a breach of personal data protection (e.g. data “leakage” or loss), the Administrator will inform data subjects about such an event in a manner consistent with the regulations.

§3 CONTACT WITH THE ADMINISTRATOR

  1. Contact with the Administrator is possible via e-mail: kontakt@wroniecka23.pl or in writing to the following address: Autorska Pracownia Projektowa Sławomir Rosolski Architekt, Wroniecka 23, 61-763 Poznań
  2. The administrator has not appointed a Data Protection Inspector.

§4 SECURITY OF PERSONAL DATA

  1. In order to ensure the integrity and confidentiality of data, the Administrator has implemented procedures enabling access to personal data only to authorized persons and only to the extent necessary due to the tasks performed by them. The Administrator uses organizational and technical solutions to ensure that all operations on personal data are registered and performed only by authorized persons.
  2. The Administrator also takes all necessary actions to ensure that its subcontractors and other cooperating entities guarantee the use of appropriate security measures whenever they process personal data on behalf of the Administrator.
  3. The Administrator conducts ongoing risk analysis and monitors the adequacy of the data security measures used to the identified threats. If necessary, the Administrator implements additional measures to increase data security.

§5 PURPOSES AND LEGAL BASIS OF PROCESSING

  1. Personal data of all persons using the Administrator’s websites, including IP addresses or other identifiers and information collected via cookies or other similar technologies, are processed:
    and). in order to provide services electronically in the scope of making content collected on the website available to users – then the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR);
    b). for analytical and statistical purposes – then the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in conducting analyzes of users’ activity as well as their preferences in order to improve the functionalities used and the services provided;
    c). in order to possibly determine and pursue claims or defend against them – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in the protection of his rights;
    d). for marketing purposes of the Administrator and other entities – the principles of processing personal data for marketing purposes are described in the “Marketing” section below.
  2. The user’s activity on the Administrator’s website, including his or her personal data, is recorded in system logs (a special computer program used to store a chronological record containing information on events and activities related to the IT system used to provide services by the Administrator). The information collected in logs is processed primarily for purposes related to the provision of services. The Administrator also processes them for technical and administrative purposes, to ensure the security of the IT system and to manage this system, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR).

§6 MARKETING

  1. The administrator processes users’ personal data in order to carry out marketing activities, which may include:
    and). displaying marketing content to the user that is not tailored to his preferences (contextual advertising);
    b). displaying marketing content corresponding to the user’s interests (behavioral advertising);
    c). conducting other types of activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
  2. In order to carry out marketing activities, the Administrator may use profiling in some cases. This means that thanks to automatic data processing, the Administrator assesses selected factors regarding natural persons in order to analyze their behavior or create a forecast for the future. The legal basis for data processing in this case is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).

§7 COOKIES AND SIMILAR TECHNOLOGY

  1. Cookies are small text files installed on the device of the user browsing the website. Cookies collect information that facilitates the use of the website, e.g. by remembering the user’s visits to the website and the activities performed by him. The legal basis for the processing of such data is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).
  2. The administrator uses cookies primarily to provide the user with services provided electronically and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to him use cookies to store information or gain access to information already stored in the user’s telecommunications end device (computer, telephone, tablet, etc.). Cookies used for this purpose include:

    a). cookies with data entered by the user (session identifier) ​​for the duration of the session (userinputcookies);
    b). authentication cookies used for services requiring authentication for the duration of the session (authentication cookies);
    c). cookies used to ensure security, e.g. used to detect authentication abuses (usercentricsecuritycookies);
    d). session cookies for multimedia players (e.g. flash player cookies), for the duration of the session (multimedia playersessioncookies);
    e). persistent cookies used to personalize the user interface for the duration of the session or slightly longer (userinterfacecustomizationcookies);
    f). cookies used to monitor traffic on the website, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the user uses the website, to create statistics and reports on the functioning of the website). Google Analytics is also used to target users with behavioral advertising. Google does not use the collected data to identify you or combine this information to enable identification. Detailed information about the scope and principles of data collection in connection with this service can be found by entering in any Internet search engine: Google – Privacy and terms.

§8 CONTACT FORMS AVAILABLE ON THE WEBSITES

  1. The Administrator provides the opportunity to contact him using electronic contact forms available on the Administrator’s websites. Using the form requires providing personal data necessary to contact the user and answer the inquiry. The user may also provide other data to facilitate contact or handling of the inquiry. Providing data marked as mandatory is required to accept and handle the inquiry, and failure to provide it results in the inability to process it. Providing other data is voluntary.
  2. Personal data is processed:
    a). in order to identify the sender and handle the request or answer a question sent via the contact form – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in enabling the processing of requests and answering questions asked in in particular by persons interested in the Administrator’s services;
    b). in order to monitor and improve the quality of services, including customer service – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in enabling the improvement of the quality of services provided by the Administrator.

§9 E-MAIL AND TRADITIONAL CORRESPONDENCE

  1. If sent to the Administrator via e-mail or traditional correspondence, personal data contained in this correspondence are processed solely for the purpose of communication and solving the matter to which the correspondence relates.
  2. The legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in conducting correspondence addressed to him in connection with his business activity.
  3. The administrator only processes personal data relevant to the matter to which the correspondence relates. All correspondence is stored in a manner that ensures the security of the personal data contained therein (and other information) and disclosed only to authorized persons.

§10 TELEPHONE CONTACT

  1. If you contact the Administrator by phone, the Administrator may request personal data only if it is necessary to handle the matter to which the contact relates. In such a case, the legal basis is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in enabling the processing of requests and answering questions asked by persons interested in the Administrator’s services.
  2. Telephone conversations may also be recorded – in such a case, appropriate information is provided at the beginning of the conversation. Calls are recorded in order to monitor the quality of the service provided and to verify the work of consultants. The recordings are available only to the Administrator’s employees and people operating the Administrator’s hotline. The legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in enabling the improvement of the quality of services provided by the Administrator.

§11 SOCIAL NETWORKS

The Administrator processes personal data of users visiting the Administrator’s profiles on social media (Facebook, YouTube, Instagram, Twitter). This data is processed solely in connection with maintaining the profile, including to inform Users about the Administrator’s activity and to promote various types of events, services and products. The legal basis for the processing of personal data by the Administrator for this purpose is his legitimate interest (Article 6(1)(f) of the GDPR) consisting in promoting his own brand.

§12 COLLECTION OF DATA IN OTHER CASES

  1. In connection with its activities, the Administrator also collects personal data in other cases for purposes related to initiating and maintaining business contacts. The legal basis for processing in this case is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in creating a network of contacts in connection with the conducted business.
  2. Personal data collected in such cases are processed only for the purpose for which they were collected, and the Administrator ensures their appropriate protection.

§13 DATA RECIPIENTS

  1. In connection with running a business that requires processing, personal data is disclosed to external entities, in particular suppliers responsible for operating IT systems and equipment, entities providing legal or accounting services, couriers, marketing or recruitment agencies. Data may also be disclosed to selected partners of the Administrator, e.g. as part of the implementation of promotional campaigns joined by the data subject.
  2. The Administrator reserves the right to disclose selected information about the data subject to competent authorities, services or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.

§14 TRANSFER OF DATA OUTSIDE THE EEA

  1. The level of protection for personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary and ensuring an adequate level of protection, primarily by:
    a). cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued;
    b). application of standard contractual clauses issued by the European Commission;
    c). application of binding corporate rules approved by the relevant supervisory authority;
    d). in the event of data transfer to the USA – cooperation with entities participating in the Privacy Shield program approved by the European Commission.
    e). The administrator always informs about the intention to transfer personal data outside the EEA at the stage of collection.

§15 PERSONAL DATA PROCESSING PERIOD

  1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. The data processing period may also result from regulations when they constitute the basis for processing. In the case of data processing based on the legitimate interest of the Administrator, e.g. for security reasons, the data is processed for a period enabling the implementation of this interest or until an effective objection to data processing is submitted. If the processing is based on consent, the data is processed until it is withdrawn. When the basis for processing is the necessity to conclude and perform a contract, the data is processed until its termination.
  2. The data processing period may be extended if the processing is necessary to establish or pursue claims or defend against claims, and after this period – only if and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized.

§16 RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

  1. Data subjects have the following rights:
    a). the right to information about the processing of personal data – on this basis, the Administrator provides the person submitting the request with information about data processing, including, in particular, the purposes and legal basis for processing, the scope of data held, entities to which it is disclosed, and the planned date of data deletion;
    b). the right to obtain a copy of the data – on this basis, the Administrator provides an electronic copy of the processed data regarding the person submitting the request;
    c). the right to rectification – the Administrator is obliged to remove any possible inconsistencies or errors in the processed personal data and supplement them if they are incomplete;
    d). the right to delete data – on this basis, you can request the deletion of data whose processing is no longer necessary to achieve any of the purposes for which it was collected;
    e). the right to limit processing – if such a request is made, the Administrator shall cease to perform operations on personal data – except for operations to which the data subject has consented – and to store them, in accordance with the adopted retention principles or until the reasons for limiting data processing cease ( e.g. a decision of the supervisory authority will be issued authorizing further data processing);
    f). the right to transfer data – on this basis, to the extent that data is processed in connection with a concluded contract or consent, the Administrator issues data provided by the person to whom they concern in a format that allows them to be read by a computer. It is also possible to request that these data be sent to another entity, provided that there are technical possibilities in this respect both on the part of the Administrator and that other entity;
    g). the right to object to the processing of data for marketing purposes – the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such an objection;
    h). the right to object to other purposes of data processing – the data subject may at any time object to the processing of personal data which is carried out on the basis of the legitimate interest of the Administrator (e.g. for analytical or statistical purposes or for reasons related to the protection of property); objections in this respect should include justification;
    i). the right to withdraw consent – if data are processed on the basis of expressed consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal of consent;
    j). the right to complain – if it is considered that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, the data subject may submit a complaint to the President of the Office for Personal Data Protection.

§17 SUBMITTING REQUESTS RELATED TO THE EXERCISE OF RIGHTS

  1. An application regarding the exercise of the rights of data subjects may be submitted:
    and). in writing to the following address: Autorska Pracownia Projektowa Sławomir Rosolski Architekt, Wroniecka 23, 61-763 Poznań
    b). by e-mail to: kontakt@wroniecka23.pl
  2. If the Administrator is unable to identify the person submitting the application based on the submitted notification, he will ask the applicant for additional information.
  3. The application may be submitted in person or through a representative (e.g. a family member). For data security reasons, the Administrator encourages you to use a power of attorney in a form certified by a notary or an authorized legal advisor or attorney, which will significantly speed up the verification of the authenticity of the application.
  4. A response to the notification should be provided within one month of its receipt. If it is necessary to extend this deadline, the Administrator informs the applicant about the reasons for the delay.
  5. The response is provided via traditional mail, unless the application was submitted by e-mail or a response was requested in electronic form.

§18 RULES FOR COLLECTING FEES

  1. The procedure for submitted applications is free of charge. Fees may only be charged if:
    and). submitting a request for the second and each subsequent copy of the data (the first copy of the data is free of charge); in such a case, the Administrator may demand payment of a fee of PLN 50. The above fee includes administrative costs related to fulfilling the request.
    b). the same person submitting requests that are excessive (e.g. extremely frequent) or clearly unjustified; in such a case, the Administrator may demand payment of a fee of PLN 150.
  2. The above fee includes communication costs and costs associated with taking the requested actions.
  3. If the decision to impose a fee is questioned, the data subject may submit a complaint to the President of the Personal Data Protection Office.

§19 CHANGES TO THE PERSONAL DATA PROCESSING POLICY

This policy is subject to ongoing updating and verification.

The website uses cookies. By using this website, you consent to the use of cookies in accordance with your browser settings. More information can be found in the Privacy Policy.