- Administrator – company under the name Projekt 12 – „Grupa Echo” Spółka z ograniczoną odpowiedzialnością – SKA in Kielce, 25-323, al. Solidarności 36, TAX identification number PL6572912018 (hereinafter referred to as: “Company” or “Administrator”)
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
- Service – a website run by the Administrator at t22.pl.
- User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.
2. Data processing in connection with the use of the website
- In connection with the use of the Website by the User, the Administrator collects data to the extent necessary to provide particular services offered, as well as information about the User’s activity on the Website. Below are described the detailed rules and objectives of processing of Personal Data collected during the use of the Website by the User.
3. Objectives and legal grounds for data processing on the website
- Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies) is processed by the Administrator:
- in order to provide services by electronic means in the scope of content collected on the Website made available to Users – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 paragraph 1 letter b of the GDPR);
- in order to possibly establish and enforce claims or defend against claims, the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) in the protection of their rights;
- User activity on the Website, including his/her Personal Data, is recorded in system logs (a special computer program used to store chronological records containing information on events and activities related to the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The Administrator processes it also for technical and administrative purposes, to ensure the security of the IT system and to manage this system – in this respect the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).
4. Cookies and similar technology
- Cookies are small text files installed on the device of a User browsing the Website. Cookies collect information facilitating the use of the website – e.g. by remembering the User’s visits to the Website and the activities performed by the User.
- cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
- authentication of cookies used for services requiring authentication for the duration of the session (i.e. authentication cookies);
- cookies used to ensure security, e.g. used to detect fraud in the field of authentication ( user centric security cookies);
- session cookies of media players (e.g. flash player cookies), for the duration of the session ( multimedia player session cookies);
- persistent cookies used to personalize the User interface for the duration of the session or slightly longer ( user interface customization cookies).
5. Management of cookie settings
- Permission is not required only for cookies, the use of which is necessary to provide telecommunications services (data transmission to display content).
- Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
- Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
- Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
- Safari: https://support.apple.com/kb/PH5042?locale=en-GB
6. Period of processing of personal data
- The period of the Administrator’s data processing depends on the type of service provided and the purpose of processing. As a rule, data shall be processed for the duration of the service provision, until the withdrawal of consent or effective objection to the data processing in cases where the legal basis for the data processing is a legitimate interest of the Administrator.
- The period of processing may be extended where processing is necessary for the establishment and enforcement of possible claims or for defense against claims, and thereafter only if and to the extent required by law. Once the processing period has expired, the data shall be irretrievably deleted or rendered anonymous.
7. User rights
- The user has the right to access the content of the data and to demand its correction, deletion, limitation of processing, the right to transfer the data and the right to object to the processing, as well as the right to lodge a complaint to the supervisory authority dealing with the protection of personal data.
- To the extent that the User’s data is processed on the basis of consent, this consent may be withdrawn at any time by contacting the Administrator or using the functionalities made available on the Website.
- For more information on the rights granted by the GDPR, can be found here.
8. Recipients of data
- In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular IT service providers, in particular hosting services, suppliers responsible for the maintenance of IT systems, and entities related to the Administrator
- The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties, who submit a request for such information, based on the appropriate legal basis and in accordance with the provisions of applicable law.
9. Transmission of the data outside the EEA
- The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, in particular through:
- cooperation with entities processing Personal Data in the countries in relation to which an appropriate decision of the European Commission has been issued concerning the determination of the appropriate level of protection of Personal Data;
- the use of standard contractual clauses issued by the European Commission;
- the application of binding corporate rules approved by the relevant supervisory authority;
- in case of data transfer to the US – cooperation with entities participating in the Privacy Shield programme, approved by means of a decision of the European Commission.
10. Security of personal data
- The Administrator conducts risk analysis on an ongoing basis in order to ensure that Personal Data is processed by them in a safe manner – ensuring first of all that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks performed by them. The Administrator shall ensure that all operations on Personal Data are registered and performed only by authorized employees and associates.
- The Administrator shall take all the necessary measures to ensure that their subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Administrator.
11. Contact data
- Contact with the Administrator is possible in writing to the following address: al. Solidarności 36, 25-323 Kielce.
- The policy is constantly reviewed and, if necessary, updated.
- The current version of the Policy has been adopted and is effective as of 1 July 2020.