TIROSS.COM WEBSITE PRIVACY POLICY
§ 1
GENERAL PROVISIONS
1. The Controller of the personal data collected via the www.tiross.com Website is TIROSS POLSKA spółka z ograniczoną odpowiedzialnością entered in the Register of Entrepreneurs by the District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division of the National Court Register (KRS) under the KRS No.: 0000278511, share capital: PLN 400,000.00, place of business and service address: ul. Al. Krakowska 118, Sękocin Stary, 05-090 Raszyn, NIP [Tax Identification Number]: 5342351449, REGON [National Business Registry Number]: 140916851, electronic mail address (email): office@tiross.com, Telephone No.: +48 22 759 60 75, hereinafter referred to as the "Controller" and being at the same time the "Service Provider".
2. The personal data collected by the Controller through the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR.
3. Any words or expressions capitalized in the body of this Privacy Policy shall be construed as defined in the Terms and Conditions of the tiross.com Website.
§ 2
THE TYPE OF PERSONAL DATA PROCESSED, THE PURPOSE AND SCOPE OF THE DATA COLLECTION
1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data of the Users of the tiross.com Website in the event of sending a message via the Contact Form. Personal data are processed on the basis of Article 6.1.fof the GDPR (legitimate interest of the entrepreneur).
2. THE TYPE OF PERSONAL DATA PROCESSED. In the case of the Contact Form, the User provides:
a) firstname and surname,
b) telephone number,
c) email address,
d) IP address.
3. THE PERSONAL DATA ARCHIVING PERIOD. Users' personal data are stored by the Controller:
a) where data processing is based on the performance of a contract, for as long as is necessary for the performance of the contract and thereafter for a period corresponding to the period of limitation of claims. Unless otherwise stipulated by a specific provision of law, the period of limitation shall be six years, and for claims pertaining to periodical performance and claims related to the conduct of business activity - three years.
b) in the case where data processing is based on consent, for as long as the consent is not revoked, and after the revocation of consent, for a period of time corresponding to the period of limitation of claims which the Controller may assert and which may be asserted against him. Unless otherwise stipulated by a specific provision of law, the period of limitation shall be six years, and for claims pertaining to periodical performance and claims related to the conduct of business activity - three years.
4. When using the Website, additional information may be collected, in particular: the IP address assigned to the User's computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
5. Navigation data may also be collected from Users, including information on links and hyperlinks they choose to click on or other activities undertaken on the Website. The legal basis for such activities is the legitimate interest of the Controller (Article 6.1.f of the GDPR), which consists in facilitating the use of services provided electronically and in improving the functionality of these services.
6. The provision of personal data by the User is voluntary.
7. Personal data will also be processed by automated means in the form of profiling, provided that the User gives his/her consent to this on the basis of Article 6.1.a of the GDPR. The consequence of profiling will be the assignment of a profile to a person in order to make decisions concerning him/her or to analyse or predict his/her preferences, behaviour and attitudes.
8. The Controller shall take particular care to protect the interests of data subjects, and in particular shall ensure that the collected data are:
a) Processed lawfully,
b) collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes,
c) substantively accurate and adequate in relation to the purposes for which they are processed and stored in a form which allows for identification of data subjects for no longer than is necessary to achieve the purpose of the processing.
§ 3
SHARING OF PERSONAL DATA
1. Users' personal data are transferred to service providers used by the Controller in running the Website, in particular to:
a) payment system providers,
b) accounting office,
c) hosting providers,
d) providers of business software (e.g. accounting software),
e) mailing system providers,
f) providers of the software needed to run the website.
2. Service providers to whom personal data are transferred, depending on the contractual arrangements and circumstances, are either subject to the instructions of the Controller as to the purposes and means of processing such data (data processors) or determine themselves the purposes and means of processing (data controllers).
3. Users' personal data is stored exclusively in the European Economic Area (EEA).
§ 4
THE RIGHT TO CONTROL, ACCESS AND RECTIFY THE SUBJECTS’ OWN DATA
1. The data subject has the right to access the content of his/her personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
2. Legal grounds for the User's request:
a) Access to data - Article 15 of the GDPR.
b) Rectification of data - Article 16 of the GDPR.
c) Erasure of data (the so-called right to be forgotten) - Article 17 of the GDPR.
d) Restriction of processing - Article 18 of the GDPR.
e) Data portability - Article 20 of the GDPR.
f) Objection - Article 21 of the GDPR.
g) Withdrawal of consent - Article 7.3 of the GDPR.
3. In order to exercise the rights referred to in point 2, you may send an appropriate e-mail to the following address: office@tiross.com.
4. When the User exercises the rights resulting from the above rights, the Controller shall fulfil the request or refuse to do so immediately, but no later than within one month of receiving it. However, if - due to the complexity of the request or the number of requests - the Controller is not able to fulfil the request within a month, it shall fulfil the request within the following two months having previously informed the User about the intended extension of the deadline and the reasons for it within a month of receiving the request.
5. If it is established that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Data Protection Office [Prezes Urzędu Ochrony Danych Osobowych].
§ 5
COOKIES
1. The Controller's website uses "cookies".
2. The installation of "cookies" is necessary for the proper provision of services on the Website. Cookies contain information necessary for the proper operation of the website, and they also provide the possibility to develop general statistics on website visits.
3. The website uses two types of cookies: "session cookies" and "permanent cookies".
a) "Session" cookies are temporary files that are stored on the User's device until the User logs out (leaves the website).
b) "Permanent" cookies are stored in the User's device for the time specified in the parameters of the cookies or until they are deleted by the User.
4. The Controller uses its own cookies to better understand how Users interact with the website content. The cookies collect information about how the User uses the website, the type of website the User was redirected from, the number of visits and the length of the User's visit to the website. This information does not record specific personal data of the User, but is used to compile statistics about the use of the website.
5. The Controller uses external cookies to collect general and anonymous statistical data by means of analytical tools, i.e. Google Analytics (Google Inc. based in the USA is the controller of external cookies).
6. The User is entitled to decide on the access of cookies to their computer by selecting them in advance in their browser window. Detailed information on the possibility and options of handling cookies is available in the software (browser) settings.
§ 6
FINAL PROVISIONS
1. The Controller shall apply technical and organisational measures to ensure the protection of the processed personal data, appropriate to the risks and categories of data protected, and in particular shall protect the data against their disclosure to unauthorised persons, against their appropriation by an unauthorised person, against their processing in violation of the applicable legislation, and against their alteration, loss, damage or destruction.
2. The Controller shall make available appropriate technical measures to prevent unauthorised persons from acquiring and modifying personal data sent electronically.
3. In matters not covered by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.