1. ABOUT US
- The owner of www.mu6label.com and the Administrator of personal data ( collected via the Website) is mu6label co., e-mail address: firstname.lastname@example.org. („Administrator”)
- The Service Provider runs the Website and is responsible for the proper provision of the Website’s Electronic Services.
2. GENERAL PROVISIONS
- The service provider takes special care to protect the interests of data subjects, and in particular ensures that the data collected by them are processed in accordance with the law; collected for specified, lawful purposes and not subjected to further processing inconsistent with these purposes; factually correct and adequate in relation to the purposes for which they are processed and stored in a form that allows the identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing.
- All words, expressions and acronyms appearing on this page and beginning with a capital letter (e.g. Service Provider, Website, Electronic Service) should be understood in accordance with their definition contained in the Regulations of the Website, available on the Website.
- The Customer’s personal data is processed in accordance with the GDPR and the Act of 10 May 2018 on data protection (hereinafter: Act on the Protection of Personal Data) and the Act on the provision of electronic services of 18 July 2002 (Journal of Laws 2002 No. 144, item 1204, as amended)).
3. PURPOSE AND SCOPE OF DATA COLLECTION
- Each time the purpose, scope and recipients of data processed by the Service Provider result from the actions taken by the Service Recipient on the Website. For example, if the Service Recipient intends to use the Account, their personal data will be processed in order to enter into and perform the contract for the use of the Account.
- The Administrator processes the personal data of the Service Recipient or their representatives for the following purposes:
- conclusion and implementation of the contract for the use of Electronic Services,
- performance of obligations resulting from legal regulations, including tax and accounting regulations,
- conducting court, arbitration, administrative, court-administrative, enforcement and mediation proceedings,
- documentation of contractual relations for evidence purposes for the period of limitation of claims related to them,
- conducting direct marketing of services or goods offered by the Administrator, including via e-mail correspondence such as newsletter,
- handling complaints and claims arising from the rights under the warranty
- The Service Provider may process the following personal data of the Customers using the Website:
- Name and surname of the Service Recipient,
- e-mail address,
- Name of the Cooperating Organization,
- Name of the Branch of the Cooperating Organization,
- Providing the personal data referred to above is not mandatory, but it is necessary to conclude and perform the contract for the provision of Electronic Services on the Website. Each time, the scope of the data required to conclude a contract is previously indicated on the Website, when using the Website, and in its Regulations.
- The Customer\’s personal data may be transferred to public administration bodies or to other persons or third parties – to the extent that and in cases where the obligation to disclose them is imposed on the Administrator by law. In addition, the Customer’s personal data may also be transferred to entities providing the Administrator with accounting and accountancy services as well as legal services on the basis of a separate agreement.
- The Administrator declares that they have implemented appropriate technical and organizational measures ensuring an adequate level of security corresponding to the risk related to the processing of personal data entrusted to them, referred to in art. 32 of the GDPR. The Administrator regularly verifies and updates the technical and organizational measures used by them, so as to provide the entrusted personal data with an adequate level of protection.
- The Administrator declares that in order to ensure the security of personal data processing, they have introduced the Personal Data Protection Policy. The Personal Data Protection Policy is a measure implemented by the Administrator in accordance with art. 24 sec. 1 and 2 of the GDPR, the purpose of which is to introduce a procedure for dealing with personal data in the enterprise run by the Administrator, on the basis of which their processing by the Administrator will take place in accordance with the GDPR.
- The processing of personal data as part of the purposes indicated above in point 3 sec. 2 includes, in particular, their collection, modification, storage, viewing, updating, analyzing and archiving.
- The Service Provider also processes anonymized data related to the use of the Website (e.g. the number of Customers) to generate statistics on the use of the Website. This data is aggregated and anonymous, i.e. they do not contain features that identify people using the Website.
- he personal data of the Service Recipient will be stored by the Administrator for the following period:
- in the case of personal data, in relation to which the legal basis for their processing by the Administrator is the fact that it is necessary for the proper performance of the contract – until the claims under this contract are time-barred,
- in the case of personal data, in relation to which the basis for their processing by the Administrator is a legitimate interest – until this basis for processing expires, in particular until the Administrator’s claims expire and the Service Recipient’s claims resulting from the legal relationship between them, the Administrator’s legal existence ends or legally valid or final determination or adjudication or satisfaction or defense of a claim or other right of the Administrator or the Service Recipient in court, arbitration, administrative, court-administrative, enforcement or mediation proceedings,
- in the case of personal data, in relation to which the basis for their processing is that it is necessary to fulfill the legal obligations incumbent on the Administrator – until this basis for processing ceases to exist.
4. COOKIES AND PERFORMANCE DATA
- Cookies (cookies) are small text information in the form of text files, sent by the server and saved with the person visiting the Website (e.g. on the hard drive of the computer, laptop or on the smart phone memory card – depending on which device the visitor to our Website uses). Detailed information on Cookies, as well as the history of their creation, can be found, among others here: http://pl.wikipedia.org/wiki/Ciasteczko.
- The Service Provider may process the data contained in Cookies when visitors use the Website for the following purposes:
- implementation of the basic functionalities of the Website, such as identification of Service Recipients as logged in and maintaining login sessions and storing dynamic data, e.g. statistics, summaries;
- personalizing the content of the Website page to fit individual preferences of the Service Recipient (e.g. regarding the page language);
- remembering the IP location, time zone;
- keeping anonymous statistics showing how to use the Website.
- By default, most Internet browsers available on the market accept cookies by default. Everyone has the option to define the terms of using cookies using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the option of saving Cookies – in the latter case, however, it may affect some of the Website’s functionalities.
- Detailed information on changing Cookie settings and their self-removal in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the link)):
- in the Chrome browser – https://support.google.com/chrome/answer/95647?hl=pl
- in the Firefox browser – https://support.mozilla.org/pl/kb/W%25C5%2582%25C4%2585czanie%20i%20wy%25C5%2582%25C4%2585czanie%20obs%25C5%2582ugi%20ciasteczek
- in the Internet Explorer browser – https://support.microsoft.com/en-us/hub/4338813/windows-help
- in the Opera browser – https://help.opera.com/pl/latest/web-preferences/
- in the Safari browser – https://support.apple.com/kb/PH5042?locale=en_US
- in the Microsoft Edge browser – https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
- On the Website, the Administrator uses Google Analytics and Universal Analytics services provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). The collected data is processed as part of the above services in an anonymized way (these are so-called operational data that prevent the identification of a person) to generate statistics helpful in administering the Website. Detailed information on the operation of the above services is available here: www.google.com/intl/pl/policies/privacy/partners/.
- The Administrator uses the Google AdWords services provided by Google Inc. on the Website. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). The collected data is processed as part of the above-mentioned services in order to personalize advertising in the Google search engine. Detailed information on the operation of the above services is available at: www.google.com/intl/pl/policies/privacy/partners/.
- On their Website, the Administrator uses the FaceBook Pixel services provided by FaceBook Inc. The collected data is processed as part of the above-mentioned services in an anonymized manner (these are the so-called operational data making it impossible to identify a person). Detailed information on the operation of the above services is available at: https://www.facebook.com/business/help/742478679120153?id=1205376682832142.
5. BASIS FOR DATA PROCESSING
- Providing personal data by the Service Recipient is optional, but failure to provide the personal data indicated on the Website and in the Regulations of the Website, necessary for the conclusion and implementation of the contract for the use of the Electronic Service, results in the inability to conclude this contract.
- The legal basis for the processing of personal data for the purpose set out above in point 3 par. 2 letter a) is that it is necessary for the execution of the contract. The legal basis for the processing of personal data for the purpose set out above in point j3 par. 2 let. b) is that it is necessary to fulfill the legal obligations incumbent on the Administrator. The legal basis for the processing of Personal Data for other purposes indicated above is the legitimate interest pursued by the Administrator.
6. RIGHTS OF THE DATA SUBJECT RELATED TO THE PROTECTION OF PERSONAL DATA
The Data Subject may exercise his rights using the form available on the website: https://app.gorodo.pl/api/zadanie/7262686367
A. Right to information
- The Administrator, when collecting personal data, is obliged to provide the Data Subject with all the following information:
- their identity and contact details and, where applicable, the identity and contact details of their representative,
- where applicable – contact details of the data protection officer,
- the purposes of the processing of personal data, and the legal basis for the processing,
- information about the recipients of personal data or categories of recipients, if any,
- where applicable – information on the intention to transfer Personal Data to a third country or an international organization,
- the period for which personal data will be stored, and if this is not possible, the criteria for determining this period,
- information whether the provision of personal data is a statutory or contractual requirement or a condition for the conclusion of a contract and whether the Data Subject is obliged to provide it and what are the possible consequences of not providing the data.
- If the Administrator plans to further process personal data for a purpose other than the purpose for which the personal data was collected, before such further processing, they are obliged to inform the Data Subject about this other purpose and provide them with any other relevant information.
B. The right to withdraw consent to the processing of personal data
- The Data Subject has the right to withdraw consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
C. Right to access personal data
- The Data Subject is entitled to obtain confirmation from the Administrator as to whether Personal Data concerning him or her are processed, and if so, they are entitled to access them and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- information about recipients or categories of recipients to whom personal data have been or will be disclosed, in particular about recipients in third countries or international organizations;
- if possible, the planned period of storage of personal data, and if this is not possible, the criteria for determining this period;
- information on the right to request the Administrator to rectify, delete or limit the processing of personal data and to object to such processing;
- information on the right to lodge a complaint with the supervisory authority;
- if the personal data have not been collected from the Data Subject – any available information as to their source;
- information on automated decision making, including profiling referred to in art. 22 sec. 1 and 4 of the GDPR, and – at least in these cases – relevant information about the rules for their taking, as well as the significance and envisaged consequences of such processing for the Data Subject.
- The Administrator is obliged to provide the Data Subject with a copy of the Personal Data. For any subsequent copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. If the Data Subject requests a copy by electronic means and, unless otherwise indicated, the information is provided by electronic means.
D. The right to request rectification and deletion of personal data
- The Data Subject has the right to request the Administrator to immediately rectify incorrect personal data concerning them. Taking into account the purposes of processing, the Data Subject has the right to request that incomplete personal data be supplemented, including by providing an additional statement.
- The Data subject is entitled to request the Administrator to immediately delete their personal data, and the Administrator is obliged to delete personal data without undue delay, if one of the following circumstances occurs:
- personal data is no longer necessary for the purposes for which it has been collected or otherwise processed,
- the Data Subject has withdrawn consent on which the processing is based in accordance with art. 6 sec. 1 let. a) or Art. 9 sec. 2 let. a) of the GDPR and there is no other legal basis for processing,
- the Data Subject objects to the processing pursuant to Art. 21 par. 1 of the GDPR against the processing and there are no overriding legitimate grounds for the processing or the Data Subject objects to the processing pursuant to Art. 21 par. 2 of the GDPR against processing,
- the personal data has been processed unlawfully,
- personal data must be removed in order to comply with the legal obligation provided for in the Union law or the law of the Member State to which the Administrator is subject,
- the personal data has been collected in relation to the offering of information society services referred to in art. 8 sec. 1 of the GDPR.
- The rights of the Data Subject indicated in point 2 above do not apply to the extent that the processing is necessary to exercise the right to freedom of expression and information, to establish, assert or defend claims, to fulfill a legal obligation requiring processing under the EU law or law of the Member State to which the Administrator is subject, or to perform a task carried out in the public interest or as part of the exercise of public authority entrusted to the Administrator, due to reasons of public interest in the field of public health in accordance with art. 9 sec. 2 let. h) and i) of the GDPR and art. 9 sec. 3 of the GDPR for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 par. 1 of the GDPR, insofar as it is probable that this right will prevent or seriously hinder the achievement of the purposes of such processing.
- The Administrator is obliged to provide the Data Subject with information about the rectification or deletion of personal data, unless it proves impossible or will require a disproportionately significant effort.
E. The right to limit the processing of personal data
- The Data Subject has the right to request the Administrator to limit the processing of their personal data in the following cases:
- The accuracy of the personal data is contested by the Data Subject – for a period allowing the Administrator to verify their correctness,
- The processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead,
- The Administrator no longer needs personal data for the purposes of processing, but it is needed by the Data Subject to establish, assert or defend claims,
- The Data Subject has objected to the processing pursuant to Art. 21 par. 1 of the GDPR – until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for objection of the Data Subject.
- The Administrator is obliged to provide the Data Subject with information on the restriction of the processing of personal data, unless this proves impossible or requires a disproportionate effort.
F. The right to transfer personal data
- The Data Subject is entitled to receive personal data concerning them provided to the Administrator in a structured, commonly used machine-readable format, and has the right to send this personal data to another Administrator without any obstacles on the part of the Administrator, if the processing takes place in an automated manner and a) based on the consent of the Data Subject or b) necessary for the execution of the contract.
- When exercising the right specified above, the Data Subject has the right to request that the personal data be sent by the Administrator directly to another Administrator, if technically possible. This right does not apply to processing that is necessary to perform a task carried out in the public interest or as part of the exercise of public authority entrusted to the Administrator. This right may not adversely affect the rights and freedoms of other entities.
G. Right to object and rights related to automated decision making in individual cases
- The Data Subject has the right to object at any time – for reasons related to their particular situation — to the processing of their personal data based on art. 6 sec. 1 let. e) or f) of the GDPR, including profiling based on these provisions. The Administrator is no longer allowed to process this personal data, unless they demonstrate the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the Data Subject, or the grounds for establishing, investigating or defending claims.
- If personal data is processed by the Administrator for direct marketing purposes, the Data Subject has the right to object at any time to the processing of their personal data for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
- If the Data Subject objects to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.
- If personal data is processed for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 par. 1 of the GDPR, the Data Subject has the right to object – for reasons related to their particular situation – to the processing of their personal data, unless the processing is necessary to perform a task carried out in the public interest.
- The Data Subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and has legal effects on them or similarly significantly affects them, unless this decision is necessary for the conclusion or performance of a contract between the Data Subject and the Administrator; is allowed by the law of the European Union or the law of the Member State to which the Administrator is subject and which provides for appropriate measures to protect the rights, freedoms and legitimate interests of the Data Subject or is based on the express consent of the Data Subject.
7. FINAL PROVISIONS
- The Administrator provides the following technical measures to prevent the acquisition and modification of personal data sent electronically by unauthorized persons:
- Securing the data set against unauthorized access;
- SSL certificate.
e-mail address: email@example.com