politique de confidentialité du projet marxam

politique de confidentialité

version pdf

1. WHO WE ARE AND HOW TO FIND US

The administrator of your personal data collected via the website www.marxam-project.com (hereinafter: “Website”) is Marcin Bauer running a business under the name: “Marcin Bauer Marxam Project” (address: Aleksandry 3/117, 30-837 Kraków, Poland), identifying with REGON numbers: 120310325 and NIP: 9441665124 (hereinafter: “Administrator”).

In all matters regarding the protection of personal data, you can contact the Administrator by e-mail: marketing@marxam-project.pl

2. HOW AND WHY WE PROCESS YOUR PERSONAL DATA

WEBSITE USERS

We can process the data of each Website user characterizing the way they use our Website (these are the so-called operational data, mostly anonymous). This processing includes automatic reading of a unique marking identifying the end of the telecommunications network or the ICT system you use, as well as the date and time of the server, information about the technical parameters of the software and device you use (e.g. whether you are browsing our website using a laptop or telephone ), as well as the place from which you connect to our server. This information may be used by us for marketing purposes, market research and to improve the operation of the Website. The data stored in the server logs are not associated with specific persons using the Website. Server logs are only auxiliary material used to administer the Website.

The legal basis for the processing of operational data is Article 6 Paragraph 1 f) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive F95/46/WE (hereinafter: “RODO”), (i.e. “processing is necessary for the purposes of legitimate interests pursued by the administrator or by a third party”). This legitimate interest is to enable the diagnosis of errors on the Website and to improve its quality.

PERSONS CONTACTING THE ADMINISTRATOR

By contacting us (e.g. by e-mail, telephone, contact forms or other contact details provided on the Website), you may provide us with your personal data, including information contained in the content of correspondence or provided during a telephone conversation.

The legal basis for the processing of data that you provide to us by contacting us is Article 6 Paragraph 1 f) RODO (i.e. “processing is necessary for the purposes of legitimate interests pursued by the administrator or by a third party”). This legitimate interest is the willingness to answer the questions asked, including those regarding the Administrator’s offer and the Administrator’s activity.

ADMINISTRATOR'S CONTRACTORS (CUSTOMERS, SUBCONTRACTORS, SUPPLIERS)

If you are our client, subcontractor or supplier, we process your personal data in order to perform the contracts between us and you and to meet our tax obligations and accounting requirements.

The legal basis for the processing of your personal data is therefore Article 6 Paragraph 1 b) RODO (i.e. “processing is necessary for the performance of a contract to which the data subject is a party or in order to take action at the request of the data subject prior to entering into a contract”) and Article 6 Paragraph 1 c) RODO (i.e. “processing is necessary to fulfill the legal obligation incumbent on the administrator”).

In addition, the legal basis for our processing of your personal data may be Article 6 Paragraph 1 f) RODO (i.e. “processing is necessary for the purposes of legitimate interests pursued by the administrator or by a third party”). This legitimate interest is to ensure that we can prove, in the event of a dispute, the content of the contract between us and that we have performed it properly.

If you are an employee or representative of our client, subcontractor or supplier, we process your personal data, because otherwise we would not be able to perform the contract between us and the entity that indicated you as its representative or employee.

Such processing is necessary for the purposes of the legitimate interests pursued by the administrator (Article 6(1)(f) of RODO). This legitimate interest is our willingness to perform the contract with the entity that has indicated you as its employee or representative. We assume in good faith that this entity agreed with you before providing us with your data, or that the representation of this entity is your responsibility. We make every effort to process only the personal data we need, preferably sent to us directly by you. If the entity that indicated you as its representative or employee sent us more of your data than you consider appropriate – inform us immediately.

MARKETING OF ADMINISTRATOR'S OWN SERVICES

After obtaining a separate consent, we may process your personal data for marketing purposes, including sending you commercial, promotional, advertising or marketing information.

The legal basis for the processing of your personal data for these purposes is, as a rule, Article 6 Paragraph 1 a) RODO (i.e. “the data subject has consented to the processing of his personal data for one or more specific purposes”). You can withdraw your consent at any time – without affecting the lawfulness of the processing that was made on the basis of consent before its withdrawal.

In some cases, the legal basis for the processing of your personal data for direct marketing purposes may be the legitimate interest of the administrator (Article 6(1)(f) of RODO – i.e. “processing is necessary for purposes arising from legitimate interests pursued by the administrator” in connection with Recital 47 of RODO, which states that: “The processing of personal data for direct marketing purposes can be considered as an activity carried out in a legitimate interest”). Pursuant to Recital 47 of RODO, such a legitimate interest may exist where there is a substantial and appropriate type of relationship between the data subject and the administrator. Remember, however, that you always have the right to object at any time and free of charge to this processing, primary or further – including profiling, as long as it is related to direct marketing. After objecting to the processing of personal data for direct marketing purposes – the Administrator can no longer process your data for such purposes.

CLAIMS HANDLING

The content of correspondence with you may be archived. You have the right to request a history of correspondence you have conducted with us (if it has been archived), as well as request its removal, unless its archiving is justified due to our overriding interests.

The legal basis for the processing of your personal data after the end of contact with us is our legitimate interest in the form of the need to ensure the possibility of demonstrating certain facts in the future. Therefore, we may process your personal data in order to establish, pursue or defend against claims pursuant to Article 6 Paragraph 1 f) RODO (i.e. “processing is necessary for the purposes of legitimate interests pursued by the administrator or by a third party”).

COOKIES

Like almost all other websites, we use cookies. Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by our ICT system.

Cookies allow us to:

  • ensure the proper functioning of the website,
  • improve the speed and security of using the website,
  • use analytical tools,
  • use marketing tools.

We use cookies on the basis of your consent, except when cookies are necessary for the proper provision of services to you electronically.

In the situation specified in SubParagraphs 1, 2 and 3, we process the information contained in cookies on the basis of Article 6 Paragraph 1 f) RODO (i.e. “processing is necessary for the purposes of legitimate interests pursued by the administrator or a third party”). This legitimate interest is to ensure the proper functioning of the Website, as well as to monitor and analyze traffic and keep statistics of visits to the Website.

In the situation specified in SubParagraph 4 (in the case of processing your personal data for marketing purposes, i.e. for the purposes of advertising, market research, your behavior and preferences with the purpose of the results of these studies to improve the quality of our services), we process the information contained in cookies on the basis of Article 6 Paragraph 1 a) RODO (i.e. “the data subject has consented to the processing of his personal data for one or more specific purposes”).

We use cookies on the basis of your consent, except when cookies are necessary for the proper provision of services to you electronically.

During your first visit to the Website, you are shown information on the use of cookies. Accepting this information means that you consent to the use of cookies in accordance with the provisions of this privacy policy for all purposes described above. You can always withdraw your consent (without affecting the legality of processing before withdrawing your consent) by deleting cookies and changing cookie settings in your browser.

Our Website, like most modern websites, uses functions provided by third parties, which involves the use of cookies from these third parties.

We use cookies to track website statistics, such as the number of visitors, the type of operating system and web browser used to browse the website, time spent on the website, visited subpages, etc. We use tools such as Google Analytics in this regard.

The information collected by this tool is anonymous and does not allow your identification (online identifiers, including cookie identifiers, internet protocol addresses and device identifiers, user identifiers). For this purpose, cookies from Google LLC based in the USA regarding the Google Analytics service are used. The use of Google Analytics services involves the implementation of the tracking code provided by Google in the code of our website (the so-called tracking code). This code is based on cookies, but may also use other tracking technologies. Detailed information about Google Analytics can be found at: https://marketingplatform.google.com/about/analytics/

You can prevent the processing of your personal data using Google Analytics by installing a browser add-on that blocks this tool. You can download it e.g. here: https://tools.google.com/dlpage/gaoptout

In the field of marketing, we use, among others, tools like Google Ads. We have implemented the Google Ads tool in the code of our Website to direct advertisements to you when you browse the Internet for some time after visiting our Website. For information on how Google processes data obtained through Google Ads, please refer to the information available here: https://policies.google.com/

You can prevent the use of advertising cookies by Google by visiting a special page with Google advertising settings, available at this link:

https://adssettings.google.com/anonymous?hl=pl&sig=ACi0TCjysCz_2c55-8aTgrGOfFb9p5z7cWGbBgTjMaiQzFAFgyWRfmgc8jnOUTVOmFbxEcXGw6V1VnUXJWrhB zzHzvk7ACCIvEp92RNqXJCqGHtJ2F6iAXM

Importantly, you do not have to provide us with information contained in cookies. This can be prevented by deleting cookies and changing cookie settings in your web browser. Opting out of cookies usually applies only to a specific browser – this means that the same actions will have to be taken for any other browser you use on the same or other device.

You can also use tools that allow you to collectively manage cookie settings and browser plug-ins that allow you to control cookie files. Internet browsers also offer the possibility of using the so-called “incognito mode”, which allows you to visit websites without saving information about visited websites and downloaded files in the browser history. Cookies created in incognito mode are generally deleted when all windows of this mode are closed.

Remember, however, that disabling cookies may cause difficulties in using the Website, as well as many other websites that use cookies.

3. WHAT PERSONAL DATA WE PROCESS

We may process the following categories of information about you:

1. data on persons contacting the Administrator:

    • first name and last name,
    • phone number,
    • e-mail adress,
    • other data that may be included by the sender in the content of the message and in the documents attached to it or provided during a telephone conversation.

2. operational data for all users of the Website:

    • device IP address,
    • server date and time,
    • location of the end device from which the user connects to the Website,
    • technical parameters of the device and software used by the user,
    • data on the content viewed on the Website (the way of moving between subpages of the Website, browsing time, frequency of visits),
    • data on the source from which the user came to the Website,
    • geographical location (country),
    • preferred language (device interface language),
    • mouse actions (movements, locations, clicks) and key clicks,
    • referrer URL and its domain,
    • device screen resolution,
    • online identifiers, internet protocol addresses and device identifiers.

3. data regarding the Administrator’s clients:

    • first name and last name,
    • entrepreneur company,
    • identification data of the entrepreneur,
    • business address,
    • phone number,
    • e-mail address,
    • delivery or service address,
    • data included in concluded contracts,
    • billing and payment details,
    • transaction history,
    • correspondence history,
    • in the case of issuing an invoice – data necessary to issue an invoice,
    • in the case of issuing a VAT invoice – customer data necessary to issue an invoice.

4. data on suppliers or subcontractors of the Administrator:

    • first name and last name,
    • e-mail address,
    • phone number,
    • business address,
    • company name,
    • identification data of the entrepreneur,
    • delivery or service address,
    • data included in concluded contracts,
    • billing and payment details,
    • transaction history,
    • correspondence history,
    • in the case of issuing an invoice – data necessary to issue an invoice,
    • in the case of issuing a VAT invoice – data necessary to issue an invoice.

5. data on employees and representatives of the Administrator’s clients, suppliers and subcontractors:

    • first name and last name,
    • position,
    • e-mail address,
    • phone number.

4. Who we may disclose your data to

In our activities, we use the support of specialized external entities that may or must have access to some of your data – these are, among others, entities providing services in the field of IT, accounting, legal, hosting, mailing system providers, suppliers of analytical, marketing and other IT solutions, as well as our trusted partners and associates.

The data of all users of the Website and persons contacting us are processed in the IT system, partly in the so-called public cloud computing provided by third parties.

Data of Website users may also be disclosed to external entities providing us with services related to cookies or other tracking technologies. Anonymous data of Website users (in relation to Google Analytics and Google Ads services) contained in cookies may be disclosed to Google LLC or Google Ireland Limited providing us with Google Analytics and Google Ads services on the terms set out here: https://privacy.google.com/businesses/processorterms/ and here: https://privacy.google.com/businesses/controllerterms/.

The servers of these companies are located in different parts of the world, which means that the data may be transferred outside the European Economic Area.

You can check the location of Google LLC servers here: https://www.google.com/about/datacenters/inside/locations/. If you are interested in details related to Google’s use of data from websites and applications that use Google services, we encourage you to familiarize yourself with this information: https://policies.google.com/technologies/partner-sites

Information related to your use of the Website may also be accessed by recipients authorized by law to receive it (e.g. state administration authorities in the event of such a request).

Some of the operations described above may involve the transfer of your personal data to the so-called third countries (outside the European Economic Area), where RODO does not apply. In such cases, however, it is always based on legal instruments provided for in RODO, guaranteeing adequate protection of your rights and freedoms.

In the case of a transfer of personal data to a third country within the meaning of RODO, when the European Commission has not issued a decision on the adequate protection of personal data for these countries (in accordance with Article 45 of RODO), we take appropriate remedial measures to ensure an appropriate level of data protection in the event of their transfer. They include e.g. European Union standard contractual clauses or binding internal data protection laws. In cases where this is not possible, we base the data transfer on the exceptions described in Article 49 of RODO, in particular on explicit consent or the need to transfer data in order to meet the terms of the contract or to carry out pre-contractual activities. The legal basis for the transfer of data to third countries is therefore – unless otherwise stated – the consent referred to in Article 6 Paragraph 1 a) RODO in connection with Article 49 Paragraph 1 a) RODO. At the same time, we would like to inform you that in the event of data transfer to a third country for which no decision on adequate protection of personal data or appropriate guarantees has been issued, there is a possibility and risk that authorities in a given third country (for example, intelligence services) will gain access to the transferred data in for collection and analysis, and that the enforceability of data subjects’ rights cannot be guaranteed.

5. HOW LONG WILL WE PROCESS YOUR PERSONAL DATA

Personal data related to your visit to our Website and made available through the means of communication selected by you will be processed for the duration of your use of the Website, and in justified cases also later for the period necessary for the limitation of claims specified in the relevant provisions.

The processing of your personal data contained in cookies lasts until the possibility of their use is disabled. You can do this by deleting cookies and changing cookie settings in your browser.

We will process the data necessary for the conclusion and performance of the contract between us (which applies primarily to the Administrator’s contractors) for the duration of the contract, and then after its completion for the time necessary for the limitation of relevant claims or the time necessary for the proper implementation of the Administrator’s legal obligations (depending on which of these periods will be longer). If we cooperate with you on a permanent basis (e.g. under a framework agreement), then of course we will process some of your data necessary for this purpose throughout the entire period of cooperation.

The processing of your personal data based on consent as a legalization premise lasts until the consent is withdrawn.

6. HOW WE ENABLE YOU TO EXERCISE YOUR RIGHTS

We make every effort to ensure that you are satisfied with the cooperation with us. Remember, however, that you have many rights that will allow you to influence the way we process your personal data, and in some cases, stop such processing. These rights are:

  • the right to access personal data (regulated in Article 15 of RODO)

Article 15 Right of access of the data subject

  1. The data subject is entitled to obtain from the Administrator confirmation as to whether personal data concerning him or her are being processed, and if that is the case, he/she is entitled to access them and the following information:
    • purposes of processing;
    • the categories of personal data concerned;
    • information on recipients or categories of recipients to whom personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
    • if possible, the planned period of personal data storage, and when it is not possible, the criteria for determining this period;
    • information on the right to request the administrator to rectify, delete or limit the processing of personal data concerning the data subject, and to object to such processing;
    • information on the right to lodge a complaint with the supervisory authority;
    • if the personal data have not been collected from the data subject – all available information about their source;
    • information on automated decision-making, including profiling, referred to in Article 22 Paragraph 1 and 4, and – at least in these cases – relevant information on the principles of their undertaking, as well as on the significance and envisaged consequences of such processing for the data subject.
  1. If personal data is transferred to a third country or an international organization, the data subject has the right to be informed about the appropriate safeguards referred to in Article 46, related to the transfer.
  2. The administrator provides the data subject with a copy of the personal data subject to processing. For any further copies requested by the data subject, the administrator may charge a reasonable fee based on administrative costs. If the data subject requests a copy electronically, and unless otherwise indicated, the information shall be provided by commonly used electronic means.
  3. The right to obtain a copy referred to in Paragraph 3, may not adversely affect the rights and freedoms of others.
  • the right to rectify data (regulated in Article 16 of RODO)

Article 16 Right to rectification. The data subject has the right to request the administrator to immediately rectify inaccurate personal data concerning him. Taking into account the purposes of processing, the data subject has the right to request completion of incomplete personal data, including by submitting an additional statement.

  • the right to delete data (regulated in Article 17 of RODO)

Article 17 Right to erasure of data (“right to be forgotten”)

  1. The data subject has the right to request from the administrator the erasure of personal data concerning him or her without undue delay, and the administrator is obliged to erase personal data without undue delay if one of the following circumstances applies:
    • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    • the data subject has withdrawn the consent on which the processing is based pursuant to Article 6 Paragraph 1 a) or Article 9 Paragraph 2 a), and there is no other legal basis for processing;
    • the data subject raises an objection pursuant to Article 21 Paragraph 1 to the processing and there are no overriding legitimate grounds for processing, or the data subject raises an objection pursuant to Article 21 Paragraph 2 against processing;
    • personal data has been processed unlawfully;
    • the personal data must be erased in order to comply with a legal obligation in Union or Member State law to which the controller is subject;
    • personal data has been collected in connection with the offering of information society services referred to in Article 8 Paragraph 1.
  1. If the administrator has made personal data public, and pursuant to Paragraph 1 is required to erase the personal data, he shall, taking into account available technology and the cost of implementation, take reasonable steps, including technical measures, to inform administrators which are processing the personal data that the data subject has requested that those controllers erase any links to this data, copies or replications of this personal data.
  2. Paragraph 1 and 2 do not apply to the extent that processing is necessary:
    • to exercise the right to freedom of expression and information;
    • to comply with a legal obligation requiring processing under Union or Member State law to which the administrator is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
    • due to reasons of public interest in the field of public health in accordance with Article 9 Paragraph 2 h) and i) and Article 9 Paragraph 3;
    • for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89 Paragraph 1, provided that it is probable that the right referred to in Paragraph 1, will prevent or seriously impede the achievement of the purposes of such processing; or
    • to establish, pursue or defend claims.
  • the right to limit processing (regulated in Article 18 of RODO)

Article 18 Right to restriction of processing

  1. The data subject has the right to request the administrator to restrict processing in the following cases:
    • the data subject questions the correctness of the personal data – for a period enabling the administrator to check the correctness of the data;
    • the processing is unlawful and the data subject opposes the erasure of personal data, requesting the restriction of their use instead;
    • the administrator no longer needs the personal data for the purposes of processing, but they are needed by the data subject to establish, pursue or defend claims;
    • the data subject has objected pursuant to Article 21 Paragraph 1 towards processing – until it is determined whether the legitimate grounds on the part of the administrator override the grounds for objection of the data subject.
  1. If pursuant to Paragraph 1 processing has been restricted, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for important reasons reasons of public interest of the Union or a Member State.
  2. Before lifting the restriction of processing, the administrator informs the data subject who requested restriction pursuant to Paragraph 1.
  • the right to object to processing (regulated in Article 21 of RODO)

Article 21 Right to object

  1. The data subject has the right to object at any time – for reasons related to his particular situation – to the processing of personal data concerning him based on Article 6 Paragraph 1 e) or f), including profiling based on these provisions. The administrator is no longer allowed to process this personal data, unless he demonstrates the existence of valid legally justified grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims.
  2. If personal data is processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him or her for the purposes of such marketing, including profiling to the extent that the processing is related to such direct marketing .
  3. If the data subject objects to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.
  4. At the latest on the occasion of the first communication with the data subject, the data subject shall be expressly informed of the right referred to in Paragraph 1 and 2, and shall be presented clearly and separately from any other information.
  5. In connection with the use of information society services, and without prejudice to Directive 2002/58/WE, the data subject may exercise the right to object by automated means using technical specifications.
  6. If personal data is processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89 Paragraph 1, the data subject has the right to object – for reasons related to his particular situation – to the processing of personal data concerning him, unless the processing is necessary to perform a task carried out in the public interest.
  • the right to data portability (regulated in Article 20 of RODO)

Article 20 Right to data portability

  1. The data subject has the right to receive, in a structured, commonly used, machine-readable format, personal data concerning him or her, which he has provided to the administrator, and has the right to send this personal data to another administrator without hindrance from the administrator to whom the personal data was provided, if:
    • the processing is based on consent pursuant to Article 6 Paragraph 1 a) or Article 9 Paragraph 2 a) or on the basis of a contract pursuant to Article 6 Paragraph 1 b); and
    • the processing is carried out in an automated manner.
  1. In exercising the right to data portability pursuant to Paragraph 1, the data subject has the right to request that personal data be sent by the administrator directly to another administrator, if it is technically possible.
  2. Execution of the right referred to in Paragraph 1 of this Article is without prejudice to Article 17. This right does not apply to processing that is necessary to perform a task carried out in the public interest or in the exercise of official authority entrusted to the administrator.
  3. The right referred to in Paragraph 1 may not adversely affect the rights and freedoms of others.

To exercise any of the rights described above, please contact us, e.g. by e-mail to the address through which we contacted you, or to the following address: marketing@marxam-project.pl

7. COMPLAINT TO THE SUPERVISORY AUTHORITY

According to Article 77 of RODO, you have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data has violated or violates the provisions of RODO.

In Poland, the supervisory authority is the President of the Office for Personal Data Protection. Detailed information (including contact details) can be obtained on the website at: https://uodo.gov.pl/

If you want to contact another supervisory authority responsible for the protection of personal data – visit the website of the European Data Protection Board available at: https://edpb.europa.eu/about-edpb/about-edpb/members_pl

8. WHETHER PROVIDING DATA IS NECESSARY TO CONCLUDE A CONTRACT WITH US

Your personal data obtained in connection with the use of our Website are not collected in order to conclude a contract with you within the meaning of RODO.

Providing the personal data selected by you when contacting us via the communication channel selected by you is completely voluntary, but in most situations it may be necessary to respond to your inquiry.

You do not have to provide us with information contained in cookies. You can prevent this by deleting cookies and changing cookie settings in your web browser. Detailed information on the possibilities and ways of handling cookies are available in the browser settings. Remember, however, that changing the cookie settings in such a way that the possibility of using the information contained in them will be blocked may cause difficulties in using the Website and other websites.

However, if you are our client, supplier or subcontractor – we usually collect your personal data to the extent necessary to prepare, conclude, perform or settle the contract. Failure to provide personal data in this regard may unfortunately prevent the conclusion or performance of the contract or hinder the proper course of our cooperation. In addition, some of the data is also necessary for us to fulfill our obligations under the law (e.g. tax regulations, accounting regulations).

9. WHERE DO WE GET YOUR PERSONAL INFORMATION FROM

We obtain the data of Website users and persons contacting us only from them.

We obtain other data related to the use of the Website, including anonymous operational data and personal data related to the use of cookies, in an automatic manner – however, these are usually not personal data within the meaning of RODO.

We collect personal data from our customers, subcontractors and suppliers only from them. However, we obtain personal data of employees and representatives of our clients, subcontractors and suppliers from them or from the entity they represent.

10 - AUTOMATED DECISION MAKING, PROFILING

We do not make decisions based solely on the automated processing of your personal data, including profiling, as defined in RODO.