The Controller makes every effort to protect the Users’ personal data from unauthorised access by third parties and to respect the privacy of each User. Users’ personal data shall be processed in compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR) and the Act of 10 May 2018 on personal data protection (Journal of Laws of 2018, item 1000, as amended).
I. Scope and method of personal data processing
- Processing of personal data of the website Users takes place according to the principles set out in the GDPR.
- Personal data provided by the User in the contact form are processed on the basis of the consent (Article 6(1)(a) of the GDPR) expressed by the User.
- Personal data is also processed for the purpose of the legitimate interest of the Controller, which is to adapt the website www.vfm.pl to the needs of Users. In this case, processing is carried out on the basis of Article 6 (1)(f) of the GDPR.
- Data submitted via forms is collected and gathered in an automated way, and then associated with data collected from specific individuals browsing the pages, e.g. IP address, browser type, operating system type, date and time of visit, number of connections, number of opened subpages of the Website, domain name, viewed content. The above-mentioned data shall be processed on the basis of Article 6 (1)(f) of the GDPR, in order to pursue the Controller’s legitimate interest, which is to adapt the website to the needs of users and for analytical and statistical purposes.
- In the case of personal data processing carried out on the basis of consent given by website Users, providing personal data by the User is always voluntary, however, failure to provide data marked as necessary makes it impossible to use the services provided through the Website. The User’s consent may be withdrawn at any moment by sending a statement of withdrawal of consent to the email address: email@example.com, which does not affect the lawfulness of processing prior to the withdrawal of consent.
- When browsing the website www.vfm.pl by Users, information on the use of the website by Users and their IP addresses are collected automatically on the basis of analysis of access logs, e.g. browser type, operating system type, date and time of visit, number of connections, number of opened subpages of the Website, domain name, viewed content, geolocation data. Automatically collected data is associated with specific individuals browsing the website and it shall be processed only for analytical and statistical purposes and for the purposes of server administration.
- Personal data collected by the Controller may be made available to:
- relevant State authorities at their request pursuant to relevant provisions of law,
- other persons and entities – only with the prior consent of the data subject,
- entities involved in the maintenance and upkeep of our IT systems and websites.
- The Controller shall store data obtained through the website for no longer than is necessary for the purposes for which the data is processed. We shall process personal data obtained on the basis of consent only for the period of its validity (until it is withdrawn or for the period for which it was granted). We shall process personal data processed in connection with the necessity of the processing for the legitimate interests of the controller until you raise a legitimate objection.
II. Rights of data subjects
- Provision of personal data by the User is always voluntary, however, failure to provide data marked as necessary makes it impossible to use the services provided through the Website.
- Users of the website shall have the following rights:
- The right to withdraw consent – legal basis Article 7 of the GDPR the data subject shall have the right to withdraw consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of the consent prior to its withdrawal. The data subject is informed thereof prior to giving consent. It shall be as easy to withdraw as to give consent.
- The right to access data – legal basis Article 15 of the GDPR the data subject shall be entitled to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and information such as the purposes of the processing, the categories of personal data concerned or information on the recipients or categories of recipients.
- The right to rectify data – legal basis Article 16 of the GDPR the data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.
- The right to be forgotten (data erasure) – legal basis Article 17 of the GDPR
The data subject shall have the right to request from the Controller the immediate erasure of personal data concerning them, and the Controller shall be obliged to erase the personal data without undue delay if one of the following circumstances occurs:
- personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
- personal data have been unlawfully processed;
- personal data must be erased in order to comply with a legal obligation provided for by EU law or Member State law to which the Controller is subject;
- personal data was collected in connection with the offering of information society services as referred to in Article 8(1) of the GDPR.
- The right to restrict processing – legal basis Article 18 of the GDPR The data subject shall have the right to request from the Controller the restriction of processing in the following cases:
- the data subject contests the accuracy of the personal data – for a period enabling the Controller to verify the accuracy of the data;
- the processing is unlawful and the data subject opposes the erasure of the personal data, requesting instead that its use be restricted;
- The Controller no longer needs the personal data for the purposes of the processing, but they are needed by the data subject to establish, assert or defend a claim;
- the data subject has objected to the processing – until it is established whether the legitimate grounds on the part of the Controller override the grounds of the data subject’s objection.
- The right to data portability – legal basis Article 20 of the GDPR
The data subject shall have the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning them which they have supplied to the Controller, and shall have the right to transmit such personal data to another controller without hindrance from the Controller, where:
- the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or pursuant to a contract under Article 6(1)(b); and
- the processing is carried out by automated means.
- The right to object to the data processing – legal basis Article 21 of the GDPR
The data subject shall have the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them based on Article 6(1)(e) or (f), including profiling on the basis of those provisions. The Controller shall no longer be allowed to process those personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
- The right to lodge a complaint to the supervisory authority, which is the President of the Personal Data Protection Office (address: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw).
- The User, in order to exercise the rights specified in section 2 above, should contact the Controller at the e-mail address: firstname.lastname@example.org
III. Information about cookies
- Cookies are IT data, in particular text files, which are stored in the Website User’s terminal equipment and are intended for use on the Website. Cookies usually contain the name of the website they come from, the time they are stored on the terminal equipment and a unique number.
- The operator of the Website is the entity placing cookies on the Website User’s terminal equipment and accessing them.
- Cookies are used for the following purposes:
- creating statistics which help to understand how Users of the Website use websites, which enables improving their structure and content;
- profiling users in order to present them with tailored materials via advertising networks, in particular Google.
- There are two main types of cookies used on the Website: session cookies and persistent cookies. Session cookies are temporary files that are stored on the User’s terminal equipment until they log out, leave the website or turn off the software (web browser). Persistent cookies are stored on the User’s terminal equipment for a time specified in parameters of cookies or until they are deleted by the User.
- Web browsing software (internet browser) usually allows the storage of cookies on the User’s terminal equipment by default. Users of the Website may change their settings in this respect. Internet browsers allow you to delete cookies. It is also possible to block cookies automatically. Refer to the help or documentation of your web browser for details.
- Cookies placed in the Website User’s terminal equipment may also be used by advertisers and partners cooperating with the Website operator.
- Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the way the user uses the Website. For this purpose, they may store information about the user’s navigation path or the time spent on a particular website.
- With regard to the information on user preferences collected by the Google advertising network, the user can view and edit the information resulting from the cookies using the following tool: https://adssettings.google.com.
- If the user does not wish to receive cookies, they can change their browser settings. We warn that disabling cookies necessary for authentication, security and maintaining user preferences may hinder or, in extreme cases, make it impossible to use websites.
- To manage your cookie settings, select your browser/system from the list below and follow the instructions:
IV. Data protection
The Administrator takes all necessary technical measures to protect Users’ personal data against interference by third parties in Users’ privacy, as well as to prevent unauthorized or unlawful access to Users’ personal data, their accidental loss, destruction or damage.