PZL Sędziszów Privacy Policy

§1

GENERAL PROVISIONS

1. The privacy policy contains rules regarding the processing of personal data by the Portal, including the basics, purposes and scope of processing of personal data and the rights of data subjects, as well as information on the use of Cookies and analytics tools.

2. The controller of personal data collected via the Portal is PZL Sędziszów S.A. ul. Fabryczna 4, 39-120 Sędziszów Małopolski, Poland. National Court Register Number (KRS): 0000059050, Tax Identification Number: 818-14-71-114, National Business Registry Number: 690587953

Phone number. +48 17 7450211

E-mail: marketing@pzlsedziszow.pl – hereinafter referred to as the “Controller”

3. Personal data on the Portal is processed by the Controller in accordance with applicable law, in particular in accordance with Regulation 2016/679 of the European Parliament and of the Council of the European Union of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and the repeal of Directive 95/46/EC (General Regulation on Data Protection) – hereinafter referred to as “GDPR”.

4. The use of the Portal, including registration, is voluntary. Similarly, the provision of personal data by the Customer using the Portal is voluntary, with the exception of:

– Concluding contracts: in the cases and in the scope indicated on the Portal, in the Statute and this privacy policy, not providing the personal data necessary to conclude and perform a Sales Agreement or contract for the provision of Electronic Services with the Controller results in the inability to conclude this contract. Providing personal data is in this case a contractual requirement and if the data subject wishes to conclude a given agreement with the Controller, they are obliged to provide the required data. Each time, the scope of data required to conclude the contract is previously indicated on the Portal.

   – Statutory obligations: providing personal data is a statutory requirement resulting from generally effective legal regulations which impose the duty to process personal data on the Controller (e.g. data processing for the purpose of keeping tax or accounting books) and failure to provide data will prevent the Controller from performing these duties.

5. The Controller takes special care to protect the interests of persons whose personal data the Controller processes, and in particular is responsible for and ensures that the data collected by the Controller is:

·   processed in accordance with the law;

·   collected for specified, legitimate purposes and not subject to further processing incompatible with these purposes;

·    factually correct and adequate in terms of the purposes for which it is processed;

·   stored in a way that allows the identification of persons to whom they relate, no longer than is necessary to achieve the purpose of processing;

·   processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, protected by means of suitable technical or organizational measures.

6.  Taking into account the nature, scope, context and purposes of the processing, as well as the risk of violating the rights or freedoms of natural persons with different probabilities and extent of risk, the Controller implements appropriate technical and organizational measures so that the processing takes place in accordance with regulations, and to be able to prove these measures. The Controller implements technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.

§2

 GROUNDS FOR DATA PROCESSING

1. The Controller is entitled to process personal data in cases where – and to the extent to which – at least one of the following conditions is met:

–       the data subject has agreed to the processing of their personal data for one or more specific purposes;

–       processing is necessary for the performance of a contract in which the data subject is a party, or to take action at the request of the data subject, before concluding a contract;

–       processing is necessary to fulfill the legal obligation of the Controller;

–       processing is necessary for purposes arising from legitimate interests pursued by the Controller or by a third party, except for situations in which these interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular when the data subject is a child.

2. The processing of personal data by the Controller requires each time at least one of the conditions indicated above to be met. The specific grounds for processing customer personal data are indicated below.

§3

PURPOSE, BASIS, DURATION AND EXTENT OF DATA PROCESSING

1. Each time, the purpose, basis, duration, extent and recipient of personal data processed by the Controller results from actions taken by a given Customer within the Portal’s websites. For example, if the Customer decides to register, their personal data will be processed in order to perform the concluded Agreement with the User on the provision of services by electronic means.

     2. The Controller may process personal data according to the following:

Purpose of data processing Legal basis / duration of data storage Extent of data processing
Sending email messages as part of the newsletter service Article 6 paragraph 1 lit. a) Regulation of the GDPR (consent) The data is kept until the data subject withdraws their consent for further processing of their data for this purpose. Email address, IP address, ID

§4

DATA RECIPIENTS

1. For the efficient functioning of the Portal, including for the implementation of Sales Agreements, it is necessary for the Controller to use the services of external entities. The Controller uses only the services of those processing entities who provide sufficient guarantees to implement the appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.

 2. The transfer of data by the Controller does not occur in each case and not to all recipients or categories of recipients indicated in the privacy policy – the Controller provides data only when it is necessary for the purpose of processing personal data and only to the extent necessary to achieve it.

  3. Customers’ personal data may be transferred to the following recipients or categories of recipients:

·       service providers supplying the Controller with technical, IT and organizational solutions, enabling the Controller to conduct business activities, including the functioning of the Portal and Electronic Services provided through it (in particular, computer software vendors, email and hosting providers and software providers for company management and technical assistance to the Controller)

 – the Controller provides the collected personal data of the Customer to a selected supplier acting on their behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

§5

PROFILING

  1.  The Controller may use profiling for marketing purposes, but the decisions made on this basis by the Controller do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using services on the Portal’s websites. The effect of using profiling may be, for example, granting a given person a rebate, sending a rebate code, reminding about unfinished purchases, sending a product proposal that may correspond to the interests or preferences of a given person, or offering better conditions compared to the standard offer of the Portal. Despite profiling, a given person makes the free decision whether they will want to use the rebate received this way, or whether to take advantage of better conditions and make a purchase.

2. Profiling consists of an automatic analysis or prognosis of a given person’s behavior on the Portal’s website, or an analysis of previous history of the actions carried out while using the Portal. The condition of such profiling is the Controller having personal data of a given person in order to be able to send them e.g. a rebate code.

  3. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and has legal effects or substantially affects that person.

§6

DATA SUBJECT RIGHTS

1.  The right of access, rectification, restriction, deletion or transfer – the data subject has the right to demand that the Controller provide access to their personal data, rectify, remove it (“the right to be forgotten”) or limit the processing and has the right to object to processing and has the right to transfer data. Detailed conditions for the exercise of the abovementioned rights are indicated in Art. 15-21 of the GDPR.

2. The right to withdraw consent at any time – a person whose data is processed by the Controller on the basis of their consent has the right to withdraw consent at any time without affecting the legality of the processing, which was made on the basis of consent before its withdrawal.

3. The right to lodge a complaint to a supervisory body – a person whose data is processed by the Controller has the right to lodge a complaint to a supervisory body in the manner and mode specified in the provisions of the GDPR and Polish law, in particular the Act on the Protection of Personal Data. The supervisory body in Poland is the President of the Office for Personal Data Protection.

4. The right to object – the data subject has the right to object at any time – for reasons related to their particular situation – to the processing of their personal data based on Art. 6 par. 1 lit. e) (performance of public interest or tasks, exercise of official authority) or f) (legitimate interest), including profiling based on these regulations. In such a case, the Controller may no longer process such personal data unless they demonstrate the existence of legally valid grounds for processing that override the interests, rights and freedoms of the data subject or the grounds for determining, investigating or defending claims.

5.  In order to exercise the rights referred to in this paragraph, you can contact the Controller by sending a relevant message in writing or by email to the Controller’s address specified in paragraph 1.

§7

COOKIES, OPERATIONAL DATA AND ANALYTICS

1. Cookies are small text information in the form of text files, sent by the server and saved by the person visiting the website (e.g. on the hard drive of the computer, laptop or on the smartphone’s memory card – depending on which device the visitor uses our website). Detailed information about Cookies as well as the history of their creation can be found, among others here: https://en.wikipedia.org/wiki/HTTP_cookie

2. The Controller may process data contained in Cookies when a visitor uses the Portal for the following purposes:

·        identifying clients as being logged in and showing that they are logged in;

·        remembering recent activities on the Portal’s websites;

·        remembering data from completed Order Forms, surveys or login details;

·        adjusting the content of the page to the Customer’s individual preferences (e.g. regarding colors, font size, page layout) and optimizing the use of Portal pages;

·         keeping anonymous statistics showing how visitors use the Portal

 3. Most web browsers available accept Cookies by default. Everyone has the possibility to define the terms of using Cookies using their own browser’s settings. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the option of saving cookies – in the latter case, however, it may affect some of the functionalities of the Portal.

4. In terms of Cookies, browser settings are important from the point of view of consent to the use of Cookies by our Portal – in accordance with the law, such consent can also be expressed through the settings of the web browser. In the absence of such consent, the browser’s settings in the field of Cookies should be changed accordingly.

5. Detailed information on changing Cookies settings and how to remove them yourself is available in the help section of most web browsers.

6. Within the Portal, the Controller may use the following: Google Analytics, Universal Analytics services provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA); the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) and the Heatmap service provided by HeatMap, Inc. These services help the Controller analyze the Portal’s traffic. The data collected as part of the above services is processed in an anonymized way (these is so-called operational data that prevent a person from being identified) to generate statistics that are helpful in running the Portal. This data is aggregate and anonymous, i.e. it does not contain identifying (personal data) features of visitors to the Portal. The Controller using the above services collects such data as a source and medium of acquiring visitors and how they behave on the website, information on devices and browsers from which they visit the website, IP and domain, geographic data and demographic data (age, gender) and interests.

7.  It is possible to block information about your activity on the Portal website easily – for this purpose, you can install a browser plug-in provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=en