1. The controller of personal data collected through the compact-project.com website is COMPACT-PROJECT spółka z ograniczoną odpowiedzialnością spółka komandytowa with its registered office in Łódź, Al. Politechniki 22/24, 93-590 Łódź, entered in the Register of Entrepreneurs kept by the District Court for Łódź-Śródmieście in Łódź, 20th Division of the National Court Register under KRS number 0000707143, Tax Identification Number (NIP) 7280008413 and REGON statistical number 004270140, tel.: + 48 (42) 676 – 11 - 16, email: firstname.lastname@example.org ;- hereinafter referred to as "CPD".
2. The personal data collected shall be processed by the CPD in accordance with the applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as "GDPR").
3. The use of compact-project.com is voluntary, but if the user contacts the CPD or its employees via compact-project.com, the user must provide their name, surname and email address so that the user's questions or offers can be accepted by the CPD and properly processed. In addition, the CPD may process personal data whenever this is a statutory requirement under generally applicable laws imposing such an obligation on the CPD. The CPD may also process data in order to pursue its legitimate interests in offering its own products and services.
4. The CPD is responsible for the protection of personal data processed and carries out the processing with due respect for the organisational and technical principles and arrangements for ensuring that the data are:
a) processed lawfully, fairly, and transparently for the Data Subject (“lawfulness, fairness and transparency”),
b) collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes (“purpose limitation”);
c) adequate, relevant and limited to what is necessary for the purposes for which they are processed (“data minimisation”);
d) accurate and, where necessary, kept up to date; the CPD shall take all reasonable steps to ensure that personal data which are inaccurate in the light of the purposes of their processing are erased or rectified without delay (“accuracy”);
e) kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed; (“storage limitation”);
f) processed in a manner that ensures adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).
5. The CPD does not collect or process “Special categories of Personal Data” within the meaning of the GDPR, i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data to uniquely identify a natural person or data concerning health, sexuality or sexual orientation of the natural person.
6. This website may use tools such as Google Analytics or Facebook Pixel which, to a certain extent, have the effect of automated decision making or profiling of compact-project.com users. These actions do not have any legal effect on the user, but do affect the choice of content displayed when using the site or the services offered. The processing of this data can also benefit the user by adapting the content to his or her preferences.
7. The CPD shall not send personal data outside the European Union.
GROUNDS FOR DATA PROCESSING
1. The CPD shall be authorized to process personal data where and to the extent that the GDPR is concerned, and therefore where at least one of the following conditions is met:
a. the data subject has consented to the processing of his/her personal data for one or more specified purposes;
b. processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to the conclusion of the contract;
c. processing is necessary for the controller to fulfil its legal obligation;
d. processing is necessary in order to protect the vital interests of the data subject or of another individual;
e. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
f. processing is necessary for the purposes of legitimate interests pursued by the CPD or by a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is a child.
PURPOSE, SCOPE AND DURATION OF DATA PROCESSING
1. The CPD may process personal data for the following purposes:
a) to perform a contract of sale or to take steps at the request of the data subject prior to the conclusion of the contract - Article 6(1)(b) of the GDPR (performance of the contract) - in which case the data shall be processed for the period necessary to perform the contract, not longer than until its termination or expiry. The processing shall include the data needed in a specific case, no more than: name and surname, e-mail address, telephone number, delivery address or address of residence or registered office, Tax ID Number (NIP) and REGON Statistical Number for those conducting a business activity.
b) the fulfilment of legal obligations, in particular accounting and tax obligations - Article 6(1)(c) of the GDPR (fulfilment of a legal obligation to which the CPD is subject) – data shall be kept for the period required by law. The processing shall include the data needed in a specific case, no more than: name and surname, e-mail address, telephone number, delivery address or address of residence or registered office, Tax ID Number (NIP) and REGON Statistical Number for those conducting a business activity.
(c) marketing of own products or services – Article 6(1)(f) of the GDPR (legitimate interest of the controller) – data shall be processed for as long as there is a legitimate interest of the CPD, no longer than until a request is submitted to the CPD to cease processing the data for that purpose, in whatever form. The processing shall include the data needed in a specific case, no more than: name and surname, e-mail address, telephone number, Tax ID Number (NIP) and REGON Statistical Number for those conducting a business activity.
d) protection against customer's claims and pursuing claims against customers, if any, of the GDPR – Article 6(1)(f) of the GDPR (legitimate interest of the controller) – data shall be processed for the duration of the CPD's legitimate interest, in principle for the period of limitation of claims under the law, in particular the Civil Code. The processing includes the data needed in a specific case - generally overlapping the data specified in (a) above.
1. The CPD may entrust personal data to third parties where this is justified in the course of its activities. The entities to which the CPD entrusts the processing of data on its behalf shall provide guarantees that appropriate technical and organisational measures are implemented which ensure a level of protection no lower than that guaranteed by the CPD.
2. Data recipients may include in particular:
- representatives of the CPD dealing with the handling of a request for proposal or order,
- entities providing legal, accounting or IT services to the CPD,
- the CPD’s contractors, who will receive personal data only to the extent necessary for the execution of an order, in particular in the field of electronic payment processing,
- the competent state or local government authorities if this proves necessary to some extent or if it is required by law.
RIGHTS OF DATA SUBJECTS
1. A data subject has the right to request from the CPD access to the content of his or her data and the right to rectify, erase, restrict the processing, right to transfer data, right to object, right to withdraw consent to the processing at any time without affecting the lawfulness of the processing that was carried out on the basis of consent given before withdrawal.
2. A data subject shall also have the right to lodge a complaint with the President of the Personal Data Protection Office, if he or she finds that the processing of personal data violates certain regulations.
COOKIES AND ANALYTICS
1. Cookies are minute text files sent by the CPD's website and stored on the computer/device of a visitor to compact-project.com. They serve primarily to improve the functioning of the website and identify the device from which the user connects. More information about "cookies" can be found on Wikipedia pages, for example: https://pl.wikipedia.org/wiki/HTTP_cookie
2. The CPD may process data contained in cookies for the following purposes in particular:
a) identification of users of compact-project.com,
b) storing the data in the forms to be filled in,
c) customize the content displayed and the settings on compact-project.com,
d) anonymous statistics on the way compact-project.com is used.
4. The CPD may use Google Analytics services provided by Google Inc., USA. These services are only used to analyse website traffic and the data is processed in an anonymous way, making it impossible to identify a specific user. In most browsers, you can block Google Analytics by installing the add-on offered by Google Inc. on the website: https://tools.google.com/dlpage/gaoptout?hl=pl
1. This document is for information purposes only and is not a source of rights or obligations for users.
2. If personal data protection infringements are found, the CPD shall take all the necessary steps to minimise the negative effects of the event and to clarify the circumstances of the event and shall report them to the President of the Personal Data Protection Office – unless the infringement is unlikely to result in a risk of infringing the rights or freedoms of persons whose data are processed.