In connection with the use of esensive.com (the Website) by the Users, the Controller may collect data provided by Website users (Users), but the purpose of the Controller is not to identify Users, but only to ensure full functionality of the Website and proper administration of the Website. This document is intended to inform Users about what data may be collected in connection with the use of the Website and for what purpose, as well as about the Users' rights in connection with such rights. The Controller protects Users' privacy and ensures the security of the data transferred by them. The Controller complies with the principles of personal data processing, in particular the principles of legality, reliability, transparency, purpose limitation, minimization, correctness, limitation of storage, integrity and confidentiality, and provides technical and organizational measures to ensure data security and lawful processing.
Who is the Website Controller?
The Controller of the Website, including controlling in connection with the processing of personal data is ESENSIVE sp. z o.o., headquarters in Kraków, Poland, ul. Nowogródzka 21/4, 30-425 (the Controller).
How can Users contact the Controller?
Contact with the Controller is carried out through the Personal Data Protection Officer designated by the Controller, i.e. to the e-mail address: firstname.lastname@example.org. Users can contact the Controller or the Personal Data Protection Officer via the contact form, or in any other manner of their choice, including verbal contact or in writing to the Controller's address.
What is the legal basis for processing Users’ data?
Users’ data is processed each time on the basis of applicable law, therein on the basis of a Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Article 6 paragraph 1 letter a) and b) and the Act of 16 July 2004 Telecommunications Law (Article 173 (1)).
OBJECTIVE AND BASIS OF PROCESSING:
In the case of contact for the objective of concluding a contract, your data is processed in order to take action on your demand before concluding the contract, for example, to present an offer or conduct negotiations (the basis of Article 6 paragraph 1 letter b of the GDPR).
When we conclude a contract with you, we process the data necessary for its conclusion: for its implementation and on its basis (the basis of Article 6 paragraph 1 letter b of the GDPR) - only for the Controller's clients.
2) Telephone contact
If you contact us by phone in matters that are not related to the provision of services on your behalf or to perform another contract, the personal data provided by you is processed in order to service your demand or request. The legal basis for processing in such a case is the legitimate interest of the Controller (Article 6 (1) letter (f) of the GDPR), which consists in handling demands and queries in connection with the business activity. The Controller may require you to provide the data necessary to handle the request; if so, providing such data is mandatory to handle the request.
3) Conducting correspondence via e-mail
Your personal data will be processed in order to answer the questions and applications contained in your message. Providing your personal data is voluntary yet necessary to receive a response from the Controller. Your personal data will be processed on the basis of Article 6 (1) (f) of the GDPR, which means that the processing of personal data is necessary for purposes arising from the legitimate interests of the Controller. The Controller's legitimate interest is to communicate with a person asking the Controller for a response.
4) Compliance with legal obligations incumbent on the Controller
On the basis of Article 6 (1) letter (c) of the GDPR resulting, in particular, from the Accounting Act of 29 September 1994 and tax regulations.
5) Legally legitimate interests fulfilled by the Controller or a third party
On the basis of Article 6 (1) letter (f) of the GDPR , the Controller recognizes as legitimate interests in particular: direct marketing, claiming and defense against claims, fraud prevention, statistics and analyzes, ensuring the security of the ICT environment, and the use of internal control systems.
What data is collected on the Website?
The Website stores data collected automatically when using the Website. This data includes information stored on Users' devices in the form of cookies. Data stored in the Cookies files of the Website server can be read when the User connects to the Website. Cookies may be necessary for the proper functioning of the Website for technical reasons, and also enable, in particular, remembering User preferences and personalizing the Website. Among other things, owing to Cookies, the User does not have to enter the same information each time he returns to the Website. Cookies may contain information about the start, end and scope of each use of the Website. As a rule, these data is not associated with specific people using the Website. Storing data in Cookies as well as accessing this data does not cause configuration changes in Users' devices and software. The Controller also processes the data entered by the Users into the contact form, to the extent in which the Users have decided to enter their data and for the objective specified below. The Controller does not process any sensitive data of Users. The website may contain links to other websites. The Administrator is not responsible for the processing of data in connection with the use of these websites by the User. The User, after switching to other websites, should first of all become acquainted with their privacy policies and personal data protection procedures.
For what objective is the data collected?
Data is collected automatically while using the Website and is used to configure the Website on Users' devices, adapt the Website to Users' preferences, personalize the Website, display the Website correctly on Users' devices, improve the Website's performance, ensure Website reliability, perform anonymous Website viewing statistics. The data entered by users into the contact form is collected, depending on the content of the message, in order to take action at the User's demand before the conclusion of the contract, in connection with its implementation or in order to answer the questions and conclusions in the User's message. The Controller's legitimate interest is to communicate with a person asking the Controller for a reply.
Users' data will not be made available to third parties, unless it proves necessary and the User agrees, or unless the obligation to disclose the data results from the mandatory provisions of law, the final court decision, or the final decision of the competent authority.
Providing data is voluntary; however, providing some data may be necessary to use the Website for technical reasons, and the consequence of not being able to do so may be the lack of technical capability to correctly display the Website on the User's device.
In the case of personal data entered by users into the contact form, providing data is voluntary yet necessary to receive a response from the Controller, and in case you provided personal data before the conclusion of the contract, or in connection with its implementation, it may also be a contractual requirement or a condition of the conclusion of the contract. Cookies may be blocked or access to Cookies may be restricted in the manner presented below.
What is profiling and is the data on the Website subject to profiling?
Profiling consists in any automated processing of personal data allowing to assess personal factors of a natural person, in particular analyzing or forecasting aspects of work effects, economic situation, health, personal preferences or interests, credibility or behavior, location or movement of the person whose the data concerned about - about how much it has legal effects on that person or in a similar way significantly affects it.
The data on the Website is not subject to profiling. In the event of personal data being subject to profiling in connection with the development of the Website, the Controller will inform Users about this and the profiling will take place in accordance with the relevant provisions. In the event of profiling, the Controller will implement appropriate measures to protect the rights, freedoms and legitimate interests of Users, including the possibility of human intervention by the Controller, as well as the opportunity to express their own position and contest the decision.
How can you make changes to the transferred data?
The User has the right to access their data, the right to rectify it, delete it, limit processing and the right to transfer data. The User has also the right to object to the processing of their personal data. For this objective, the User may contact the Controller at the following e-mail address: email@example.com. The User may also contact the Controller in another manner of their choice, including verbal or written form.
The User may specify the conditions for storing and accessing data stored in Cookie files by means of software settings or service configuration on their devices. Cookies may be blocked or restricted, but blocking or limiting Cookies may affect the quality or even prevent the Website from displaying correctly on the User's device. Changing the cookie files in your browser:
- 1. Google Chrome is available in the Settings/Privacy;
- 2. Mozilla Firefox is available in the Tools/Options/Privacy and security;
- 3. Internet Explorer is available in the Tools/Internet Options/Privacy;
- 4. Safari is available in the Preferences/Security;
- 5. Opera is available in the Tools/Preferences/Advanced.
How is the data provided by Users secured?
The Controller protects Users' data against unauthorized access, disclosure, change and destruction. In particular, the Controller uses data encryption, applies physical security measures (room keys) and verification in IT systems (access tokens). The administrator also uses antivirus software and a firewall. Access to Users' data is only granted to authorized persons who are obliged to keep confidentiality.
In what period of time is the data processed?
Users' data is processed for the period of using the Website. In the case of personal data entered by users into the contact form, personal data will be processed only for the period of time necessary to reply to the User, and in the case of pre-contractual activities or in connection with its implementation, for the period of time necessary to achieve these aims. Users’ personal data may also be processed after this period of time until the expiry of the time limits for possible claims. Some data may also be processed as long as possible or required in accordance with applicable law. After the processing period of time, personal data is permanently deleted or anonymized.
Other rights due to Users in connection with data processing
The User has the right to lodge a complaint to the President of the Office for Personal Data Protection if they decide that the processing of their personal data by the Controller contravenes the provisions regarding the processing of personal data.
This Policy and its changes are effective from the moment of their publication on the Website.