PRIVACY POLICY
- This Privacy Policy sets out the rules for the processing of personal data obtained through the starkraft.pl website (“Web Site“).
- The owner of the website and at the same time data administrator is Remigiusz Staroń “AMMAN” REMIGIUSZ STAROŃ, hereinafter referred to as Administrator, email remikola@gmail.com, ul. Wita Stwosza 6 Katowice Śląskie 40-036 PL – Poland, telephone number +48.603800401, VAT number 5471807070.
- The personal data collected by the Controller through the Website shall be processed in accordance with the Regulation 2016/679 of the European Parliament and the Council (EU) of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free flow of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation), also referred to as RODO.
- The Administrator shall take special care to respect the privacy of Customers visiting the Website.
- 1 Type of data processed, purposes and legal basis
- The Administrator collects information concerning natural persons performing a legal action not directly related to their activity, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organisational entities which are not legal persons and to which the law grants legal capacity, conducting business or professional activity on their own behalf, hereinafter collectively referred to as the Clients.
- Customers’ personal data are collected in case:
The use of the contact form service on the Website for the performance of the contract provided electronically. Legal basis: necessity for the performance of the contract for the provision of the contact form service (Art. 6(1)(b) RODO)
- When using the contact form service, the Customer shall provide the following data:
– e-mail address
– name
– phone number
- When using the Website, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
- Navigation data may also be collected from Customers, including information about links and links they choose to click on or other actions they take on the Website. Legal basis – legitimate interest (Article 6(1)(f) RODO) to facilitate the use of services provided electronically and to improve the functionality of such services.
- The provision of personal data to the Administrator is voluntary.
- 2 To whom is the data shared or entrusted and how long is it stored?
- The Customer’s personal data is transferred to the service providers used by the Administrator to operate the Website. The service providers to whom the personal data is transferred, depending on the contractual arrangements and circumstances, shall either be subject to the Administrator’s instructions as to the purposes and means of processing such data (processors) or shall themselves determine the purposes and means of processing (controllers)..
1.1. Processors. The Administrator uses suppliers who process personal data solely on the instructions of the Administrator. These include, but are not limited to, providers of hosting services, accounting services, providers of marketing systems, systems for analysing Website traffic, systems for analysing the effectiveness of marketing campaigns
1.2. Administrators. The Administrator uses suppliers who do not act solely on instructions and themselves determine the purposes and uses of Customers’ personal data. They provide electronic payment and banking services.
- Location. Service providers are mainly based in Poland and other European Economic Area (EEA) countries.
- Customers’ personal data is stored:
3.1. If the basis for the processing of personal data is consent, then the Customer’s personal data shall be processed by the Administrator for as long as the consent is not revoked, and after the consent is revoked, for a period of time corresponding to the period of limitation of claims which the Administrator may raise and which may be raised against the Customer. Unless a specific provision provides otherwise, the limitation period shall be six years, and for claims for periodic benefits and claims related to the conduct of business – three years.
3.2. If the basis for data processing is the performance of a contract, then the Customer’s personal data shall be processed by the Administrator for as long as it is necessary for the performance of the contract, and thereafter for a period corresponding to the period of limitation of claims. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to the conduct of business activity – three years.
- If a request is made, the Administrator shall make personal data available to authorised state authorities, in particular to organisational units of the Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.
- 3 Cookie mechanism, IP address
- The Website uses small files, known as cookies. These are stored by the Administrator on the end device of the visitor to the Website, if the web browser allows it. A cookie usually contains the name of the domain from which it originates, its “expiry time” and an individual random number identifying the cookie. The information collected through cookies of this type helps to adapt the products offered by the Administrator to the individual preferences and real needs of visitors to the Website.
- The administrator uses two types of cookies:
2.1. Session cookies: when the session of a given browser ends or the computer is switched off, the stored information is deleted from the memory of the device. The mechanism of session cookies does not allow any personal data or any confidential information to be collected from Customers’ computers.
2.2. Permanent cookies: are stored in the memory of the Customer’s terminal device and remain there until they are deleted or expire. The mechanism of permanent cookies does not allow any personal data or any confidential information to be collected from the Clients’ computer.
- The administrator uses its own cookies for purposes:
3.1. analysis and research and audience auditing, and in particular, to create anonymous statistics which help to understand how Customers use the Website, which allows to improve its structure and content.
- The administrator uses external cookies for purposes:
4.1. presentation on the Site’s information pages of a map indicating the location of the Administrator’s office, by means of the maps.google.com website (external cookie administrator: Google Inc. with its registered office in the USA)
- The cookie mechanism is safe for the computers of Customers visiting the Website. In particular, it is not possible for viruses or other unwanted software or malware to reach Customers’ computers via this route. However, in their browsers, Customers have the option to limit or disable access of cookies to their computers. If this option is used, the use of the Website will be possible, except for functions which by their nature require cookies.
- The Administrator may collect Customers’ IP addresses. An IP address is a number assigned to the computer of the person visiting the Website by the Internet Service Provider. The IP number enables access to the Internet. In most cases, it is assigned to a computer dynamically, i.e. it changes each time the computer connects to the Internet, and for this reason it is generally treated as non-personal identification information. The IP address is used by the Administrator to diagnose technical problems with the server, to create statistical analyses (e.g. to determine which regions have the highest number of visits), as information useful for administration and improvement of the Website, as well as for security purposes and possible identification of undesired automatic browsing programs overloading the server.
- 4 Rights of data subjects
- Right to withdraw consent – legal basis: article 7(3) RODO.
1.1. The customer has the right to withdraw any consent he/she has given
1.2. Withdrawal of consent has effect from the moment of withdrawal.
1.3. The withdrawal of consent does not affect the processing carried out by the Administrator in accordance with the law before its withdrawal.
1.4. Withdrawal of consent does not entail any negative consequences for the Customer, however, it may prevent further use of services or functionalities which, according to the Administrator may only provide with consent.
- Right to object to data processing – legal basis: article 21 RODO.
2.1. The Customer has the right at any time to object – on grounds related to his/her particular situation – to the processing of his/her personal data, including profiling, if the Administrator processes his/her data on the basis of a legitimate interest, e.g. marketing of the Administrator’s products and services, keeping statistics on the use of particular functionalities of the Website and facilitating the use of the Website, as well as satisfaction surveys.
2.2. Opting out in the form of an email from receiving marketing communications concerning products or services will imply the Customer’s objection to the processing of his/her personal data, including profiling for these purposes.
2.3. If the Customer’s objection proves to be valid, the Administrator has no other legal basis for processing the personal data, the Customer’s personal data will be deleted, the processing of which, the Customer has objected to.
- Right to erasure (“right to be forgotten”) – legal basis: article 17 RODO.
3.1. The customer has the right to request the deletion of all or some personal data.
3.2 The customer has the right to request the deletion of personal data if:
3.2.1. the personal data are no longer necessary for the purposes for which they were collected or for which they were processed
3.2.2. he/she has withdrawn specific consent, to the extent that the personal data were processed on the basis of his/her consent
3.2.3. he/she has objected to his/her data being used for marketing purposes
3.2.4. personal data are processed contrary to the law
3.2.5. personal data must be erased in order to comply with a legal obligation provided for by Union law or the law of a Member State to which the controller is subject
3.2.6. personal data was collected in connection with the offering of information society services
3.3 Despite a request for deletion of personal data, in connection with lodging an objection or withdrawing consent, the Administrator may retain certain personal data in so far as processing is necessary to establish, assert or defend claims, as well as to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the Administrator is subject. This applies in particular to personal data including: name, surname, e-mail address, which data are saved for the purpose of handling complaints and claims related to the use of the Administrator’s services, or additionally home address/correspondence address, order number, which data are saved for the purpose of handling complaints and claims related to the concluded sales agreements or provision of services.
- Right to restrict processing – legal basis: article 18 RODO.
4.1 The Customer has the right to request the restriction of the processing of his/her personal data. Submitting a request, until it is considered, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request. The Administrator will also not send any communications, including marketing communications.
4.2 The Customer has the right to request a restriction of the use of personal data in the following cases:
4.2.1. when he/she questions the correctness of his/her personal data, in which case the Administrator shall limit the use of his/her personal data for the time needed for the verification of the correctness of the data, however for no longer than 7 days
4.2.2. when the processing of the data is unlawful and instead of deleting the data, the Customer requests the restriction of its use
4.2.3. when the personal data is no longer necessary for the purposes for which it was collected or used but is needed by the Customer for the purpose of establishing, asserting or defending claims
4.2.4. where he/she has raised an objection to the use of his/her data, in which case the restriction shall be for the time necessary to consider whether, due to the particular situation, the protection of the Client’s interests, rights and freedoms outweighs the interests pursued by the Administrator in processing the Client’s personal data.
- Right of access to data – legal basis: article 15 RODO.
5.1 The Customer has the right to obtain confirmation from the Administrator as to whether it is processing personal data, and if this is the case, the Customer has the right:
5.1.1. access your personal data
5.1.2. obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the planned period of storage of the Customer’s data or the criteria for determining this period (when determining the planned period of data processing is not possible), about Customer’s rights under RODO and the right to lodge a complaint with a supervisory authority, the source of such data, automated decision-making, including profiling, and safeguards applied in connection with the transfer of such data outside the European Union
5.1.3. obtain a copy of their personal data.
- Right to rectification of data – legal basis: article 16 RODO.
6.1 The Customer has the right to request from the Administrator the immediate rectification of personal data concerning him/her which are incorrect. With regard to the purposes of the processing, the Customer to whom the data pertains has the right to request the completion of incomplete personal data, including by providing an additional statement, by addressing the request to the email address in accordance with §6 of the Privacy Policy.
- Right to data portability – legal basis: article 20 RODO.
7.1. Klient ma prawo otrzymać swoje dane osobowe, które dostarczył Administratorowi, a następnie przesłać je do innego, wybranego przez siebie, administratora danych osobowych. Klient ma również prawo żądać, by dane osobowe zostały przesłane przez Administratora bezpośrednio takiemu administratorowi, o ile jest to technicznie możliwe. W takim przypadku Administrator prześle dane osobowe Klienta w postaci pliku w formacie csv, który jest formatem powszechnie używanym, nadającym się do odczytu maszynowego i pozwalającym na przesłanie otrzymanych danych do innego administratora danych osobowych.
- In the event that the Customer makes a request for the rights ensuing from the above rights, the Administrator shall fulfil the request or refuse to fulfil it immediately, but no later than within one month of receiving the request. However, if – due to the complicated nature of the request or the number of requests – the Administrator will not be able to fulfil the request within one month, he will fulfil it within another two months by informing the Customer, in advance and within one month of receiving the request, about the intended extension of the deadline and the reasons for it.
- The Customer may lodge complaints, queries and requests to the Administrator regarding the processing of his/her personal data and the exercise of his/her rights.
- The Customer has the right to lodge a complaint with the President of the Data Protection Authority, in respect of a violation of its data protection rights or other rights granted under the RODO.
- 5 Changes to the Privacy Policy
- The Privacy Policy is subject to change, of which the Administrator is under no obligation to inform.
- For questions related to the Privacy Policy, please contact: remikola@gmail.com.
- Date of last modification: 11.02.2022 r