GENERAL PROVISIONS
This Website privacy policy is of an informative nature, which means that it is not a source of any obligations for Website Customers. The privacy policy primarily contains rules regarding the processing of personal data on the Website by the Controller, including the scope and purposes of and grounds for the personal data processing, the rights of data subjects, as well as information on the use of cookies and analytical tools on the Website.
The controllers of personal data collected through the Website are partners running a business together based on a limited company under the name JAG-MAR SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (address of the place of business and address for service: Złota 36, 62-800 Kalisz), NIP (Tax ID Number) of the limited company: 6182179366, REGON of the limited company: 381799752, KRS (national court register) of limited company: 0000757638, email address: biuro@jag-mar.pl, phone numbers +48 62 766 31 01 and 574 994 100 – hereinafter referred to as the “Controller”, who is simultaneously the Website Owner.
Personal data on the Website are processed by the Controller in line with applicable laws and regulations, in particular, in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as the “GDPR”. The official text of the GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
Using the Website is voluntary. Similarly, providing personal data of Customers using the Website is voluntary, subject to two exceptions: (1) concluding contracts with the Controller: failure to provide the data in cases and to the extent required for the conclusion and performance of an Electronic Service contract with the Controller makes concluding the contract impossible. In this case, providing personal data is a contractual requirement, and if the data subject wants to conclude a given contract with the Controller, they are obliged to provide the required data. The scope of data required to conclude a contract is specified each time by the Controller; (2) the Controller’s statutory obligations: providing personal data is a statutory requirement resulting from generally applicable laws and regulations that impose an obligation on the Controller to process personal data (for example, processing data for the purpose of keeping tax books), and failure to provide the data would prevent the Controller from performing this obligation.
The Controller exercise particular care to protect the interests of data subjects and, in particular, is responsible for ensuring that the data the Controller collects is: (1) lawfully processed; (2) collected for specified, lawful purposes and not processed further at variance with those purposes; (3) correct in terms of facts and adequate for the purposes for which it is processed; (4) stored in a form that enables identification of people to whom it pertains, not longer than it is necessary to achieve the purpose of the processing, and (5) processed in a manner that ensures adequate security of the personal data, including protection against unauthorized or unlawful processing or accidental loss, destruction or damage, by applying appropriate technical or organizational measures.
Considering the nature, extent, context and purposes of the processing, as well as risks of violating the rights or freedoms of natural persons of varying likelihood and severity, the Controller implements appropriate technical and organizational measures to ensure that the processing is carried out in compliance the regulation and to be able to prove the same. These measures are reviewed and updated when necessary. The Controller applies technical measures to prevent the personal data sent electronically from being obtained and modified by unauthorized persons.
All words, phrases and acronyms that appear in this privacy policy and are capitalized (for example, the Website) should be understood according to their meaning resulting from this document.
GROUNDS FOR THE DATA PROCESSING
The Controller is authorized to process personal data in cases where and to the extent that at least one of the following conditions is met: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The processing of personal data by the Controller requires that at least one of the grounds indicated above should exist each single time. Specific grounds for the processing of personal data of the Website Customers by the Controller are provided in the following section of the privacy policy with respect to a given purpose of the personal data processing by the Controller.
PURPOSE AND PERIOD OF AND BASIS FOR THE DATA PROCESSING ON THE WEBSITE
The purpose and extent of and the basis for the processing as well as recipients of personal data processed by the Controller result from actions taken by a given Customer on the Website.
The Customer may process personal data on the Website for the following purposes, on the following grounds, over the following periods and to the following extent:
Purpose of the data processing | Legal basis for the data processing | Data storage period |
Performing an Electronic Service contract or taking action at the data subject’s request before concluding the contract | Article 6(1)(b) of the GDPR (performing a contract) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
|
The data is stored for a period necessary to perform, terminate or otherwise cancel the concluded contract. |
Direct marketing | Article 6(1)(f) of the GDPR (legitimate interests of the Controller) – the processing is necessary for the purposes of the Controller’s legitimate interests consisting in caring for the Controller’s interests and positive image and striving to sell products or services
|
The data is stored for as long as the legitimate interest pursued by the Controller exists but not longer than for a period of limitation of claims against the data subject on account of the business activity conducted by the Controller. The limitation period is specified by law, in particular, the Civil Code (the primary limitation period for claims relating to running a business is three years).
The Controller must not process data for the purpose of direct marketing if the data subject effectively raises any objections in this regard. |
Determining, investigating or defending claims that may be raised by or against the Controller | Article 6(1)(f) of the GDPR – the processing is necessary for the purposes of the Controller’s legitimate interests consisting in determining, investigating or defending claims that may be raised by or against the Controller | The data is stored for as long as the legitimate interest pursued by the Controller exists but not longer than for a period of limitation of claims against the data subject on account of the business activity conducted by the Controller. The limitation period is specified by law, in particular, the Civil Code (the basic limitation period for claims relating to running a business is three years). |
Using the Website and ensuring its proper operation | Article 6(1)(f) of the GDPR (legitimate interests of the Controller) – the processing is necessary for the purposes of the Controller’s legitimate interests consisting in running and maintaining the Website | The data is stored for as long as the legitimate interest pursued by the Controller exists but not longer than for a period of limitation of the Controller’s claims against the data subject on account of the business activity conducted by the Controller. The limitation period is specified by law, in particular, the Civil Code (the basic limitation period for claims relating to running a business is three years). |
Keeping statistics and analysing traffic on the Website | Article 6(1)(f) of the GDPR (legitimate interests of the Controller) – the processing is necessary for the purposes of the Controller’s legitimate interests consisting of keeping statistics and analysing traffic on the Website to improve the Website operation | The data is stored for as long as the legitimate interest pursued by the Controller exists but not longer than for a period of limitation of the Controller’s claims against the data subject on account of the business activity conducted by the Controller. The limitation period is specified by law, in particular, the Civil Code (the basic limitation period for claims relating to running a business is three years). |
RECIPIENTS OF DATA ON THE WEBSITE
For the proper Website operation, it is necessary for the Controller to use services of third-party entities (such as, for example, a software provider). The Controller uses only services of such processors who provide sufficient guarantees of implementing appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.
The data are not transferred by the Controller in every case and to all recipients or categories of recipients indicated in the privacy policy – the Controller shares the data only when it is necessary to achieve a given purpose of the personal data processing and only to the extent necessary to achieve it.
Personal data of Website Customers may be transferred to the following recipients or categories of recipients:
- service providers providing technical, IT and organizational solutions to the Controller to enable the Controller to run their business, including the Website and the Electronic Services provided through it (in particular, providers of computer software for operating the Website, email and hosting providers and providers of business management software and technical support for the Controller) – the Controller only shares the collected personal data of the Customer to a selected supplier acting on the Controller’s behalf in the case where and to the extent that it is necessary to achieve a given purpose of the data processing in compliance with this privacy policy.
- providers of legal and advisory services providing the Controller with legal or advisory support (in particular, a law firm or a debt collection company) – the Controller only shares the collected personal data of the Customer to a selected supplier acting on the Controller’s behalf in the case where and to the extent that it is necessary to achieve a given purpose of the data processing in compliance with this privacy policy.
- providers of social media plugins, scripts and other similar tools placed on the Website that allow the browser of a Website visitor to download the content from the providers of the said plugins (for example, logging in using social network login data) and transfer the visitor’s personal data to the providers for this purpose, including
- Facebook Ireland Ltd. – the Controller uses Facebook social plugins on the Website (for example, the Like and Share buttons) and thus collects and share personal data of the Website Customer with Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to the extent of and in compliance with the privacy rules available here: https://www.facebook.com/about/privacy/ (this data includes information on Website operations, including information about the device, visited websites, purchases, displayed ads and the way of using the services, regardless of whether the Customer has a Facebook account and is logged into Facebook).
RIGHTS OF THE DATA SUBJECT
The right to access, recitation, restriction, erasure or data portability – the data subject has the right to request the Controller for providing access to their personal data, rectifying the same or erasing it (“the right to be forgotten”) or limiting the processing, and has the right to object to the processing and the right to data portability. Detailed conditions for exercising the said rights are laid down in Articles 15-21 of the GDPR.
The right to withdraw consent at any time – a person whose data is processed by the Controller based on expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw the consent at any time without affecting the lawfulness of the processing carried out based on the consent before its withdrawal.
The right to lodge a complaint with the supervisory authority – the person whose data is processed by the Controller has the right to lodge a complaint with the supervisory authority in the manner and according to the procedure specified in the provisions of the GDPR and Polish laws and regulations, in particular, the Act on Personal Data Protection. The supervisory authority in Poland is the President of the Personal Data Protection Office.
The right to object – the data subject has the right to object to the processing of their personal data at any time for reasons relating to their particular situation based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling based on these provisions. In this case, the Controller is no longer allowed to process this personal data unless the Controller demonstrates the existence of legally valid grounds for the processing overriding the interests, rights and freedoms of the data subject or grounds for determining, investigating or defending claims.
Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object to the processing of their personal data for such marketing purposes, including profiling, at any time to the extent that the processing relates to such direct marketing.
To exercise the rights referred to in this paragraph of the privacy policy, you can contact the Controller by sending an appropriate message in writing or by email to the Controller’s address provided at the beginning of the privacy policy or by using the contact form available on the Website.
COOKIES AND ANALYTICS ON THE WEBSITE
Cookies are small text information in the form of text files sent by the server and saved on the side of the person visiting the Website (for example, on the hard drive of their computer, laptop or their smartphone’s memory card, depending on the device used by the Website visitor). Detailed information on cookies and the history of their development can be found, for example, here: https://pl.wikipedia.org/wiki/HTTP_cookie.
Cookies that may be sent by the Website can be divided into different types, according to the following criteria:
Supplier:
1) the Controller’s own cookies (created by the Controller’s Website) and 2) cookies belonging to third parties (other than the Controller) |
Period of storing on the Website visitor’s device:
1) session cookies (stored until the Website is left or the web browser is closed) and 2) permanent cookies (stored for a specified period defined by parameters of each file or until they are manually deleted) |
Purpose of use:
1) necessary cookies (enable the Website to operate correctly), 2) functional/preferential cookies (enable the Website to adjust to the Website visitor’s preferences), 3) analytical and performance cookies (that collect information on how the Website is used), 4) marketing, advertising and social media cookies (that collect information about the Website visitor to display them personalized advertisements and conduct other marketing activities, including on websites separate from the Website, such as social networking sites)
|
The Controller may process data contained in Cookies when visitors use the Website for the following specific purposes:
Purposes of using cookies on the Controller’s Website | Identifying Customers as logged into the Website and showing that they are logged in (necessary cookies) |
Recording data from completed forms or surveys or Website login data (necessary and/or functional/preferential cookies) | |
adjusting the Website content to the Customer’s individual preferences (for example, regarding the colours, font size, page layout) and optimizing the use of the Website (functional/preferential cookies) | |
Keeping anonymous statistics showing how the Website is used (statistical cookies) | |
Remarketing, namely surveying the behaviour of Website visitors through anonymous analysis of their activities (for example, repeated visits to specific pages, keywords, and the like) to create their profile and provide them with advertisements tailored to their anticipated interests, also when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising and social media cookies) |
You can check in the most popular web browsers which cookies (including the period of operation of the cookies and their provider) are currently sent by the Website in the following manner:
In Chrome: (1) click the lock icon on the left of the address bar, (2) go to the „Cookies” tab. |
In Firefox: (1) click the shield icon on the left of the address bar, (2) go to the „Allowed” or „Blocked” tab, (3) click the „Cross-site trackers”, „Social media trackers” or „Content with trackers” |
In Internet Explorer: (1) click the „Tools” menu, (2) go to the „Internet options” tab, (3) go to the „General” tab, (4) go to the „Settings” tab, (5) click the „View files” field |
In Opera: (1) click the lock icon on the left of the address bar, (2) go to the „Cookies” tab. |
In Safari: (1) click the „Preferences” menu, (2) go to the „Privacy” tab, (3) click the „Manage website data” field. |
Regardless of the browser, by using the tools available, for example, on the following website: https://www.cookiemetrix.com/ or https://www.cookie-checker.com/ |
Conventionally, most web browsers available on the market accept cookies by default. Everyone can define the terms of using Cookies by adjusting the settings of their own web browser. This means that you can, for example, partially (for example. temporarily) limit or completely disable the option of saving cookies; however, in the latter case, it may affect some of the Website functionalities.
The web browser settings in respect of cookies are important from the point of view of consenting to the use of cookies by our Website; according to laws and regulations, such consent may also be expressed through the web browser settings. Detailed information on changing cookie settings and removing them manually from the most popular web browsers is available in the help section of the web browser and on the following pages (just click on a given link):
The Controller may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on the Website. These services help the Controller to keep statistics and analyse traffic on the Website. The collected data is processed within the framework of the said services to generate statistics helpful in administering the Website and analysing traffic on the Website. This data is of an aggregate nature. When using the said services on the Website, the Controller collects such data as the sources and medium of acquiring Website visitors and how they behave on the Website, information on devices and browsers they use to visit the website, the IP and domain, geographic data and demographic data (age, gender) and interests.
You can easily block information about your activity on the Website from being shared with Google Analytics; for this purpose, you can, for example, install a browser add-on provided by Google Ireland Ltd. and available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
The Controller may use the Google Ads service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on the Website. This service helps the Controller to promote products and services in the Google search engine, on YouTube and other websites. Detailed information on the operation of Google Ads can be found at the following website address: https://ads.google.com/google/ads.
The Controller may use the Facebook Piksel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Controller to measure the effectiveness of advertisements and find out what actions are taken by Website visitors, as well as display advertisements relevant to them.
Detailed information on the operation of Facebook Pixel can be found at the following website address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
It is possible to manage Facebook Pixel by adjusting the ad settings in your account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.