PRIVACY POLICY

I Contents of the controller’s privacy policy
1. The privacy policy of the controller contains information on personal data processing and other information on the users of the www.arkpol.com website (hereinafter referred to as the “Website”). In this privacy policy, the controller simultaneously included all information to be received by the individuals the data concerns, pursuant to GDPR.

2. The privacy policy includes information on the processing of data obtained by the Website and information on cookies.

II Data controller
1. The data controller of Website user data is: ARKPOL Aleksander Redkie, ul.Wielicka 40/u1, 02-657 Warsaw, NIP: 5210421495, REGON: 012248340

 2. You can contact the controller:

1) at the postal address: ARKPOL Aleksander Redkie, ul. Słowikowskiego 27, 05-090 Raszyn

2) via e-mail address: arkpol@arkpol.com

III. Objectives, legal basis and duration of data processing

Providing an answer, resolving the matter

(online contact form)

1. The contents of the correspondence and contact information are processed for the duration necessary to settle the issues of the user, including sending marketing information on products or services selected by you, but no longer than for 3 months after the issue has been resolved, for archiving purposes in order to defend potential claims against the controller.

2. This data will then be processed in order to start the online contact form service provided electronically (art. 6 sec. 1 item. b).

3. With regard to sending electronic commercial information or direct marketing using phone terminal equipment shall be processed based on consent expressed by explicit confirmatory action (art. 6 sec. 1 item a, an in ass. with art. 4 cl. 11 GDPR) involving the filling of a relevant field for e-mail address or phone number.

Website operation
1. In order to provide the Website service, the service provider processes:

1) information on the user device with the aim to ensure correct service implementation, such as computer IP address, information found in cookies or other technologies, session data, web browser data, Website activity data, including individual subpages;

2) information on geolocation if a user consented for the access of the service provider to geolocation. Information on geolocation shall be used for the purposes of providing better tailored product and service offers.

2. This information shall not contain data on the identity of the users, however, in conjunction with other information, it can constitute personal data, and as a result, the controller shall provide a full protection cover pursuant to GDPR.

3. The data is processed pursuant to art. 6 sec.1 item b of GDPR, for the purposes of carrying out the Website service, i.e., contract for the provision of electronic services and pursuant to art. 6 sec. 1 item a of GDPR, in association with expressed consent for the use of specified cookies or other similar technologies, expressed by appropriate browser settings, pursuant to the Telecommunications Law or in association with the granted geolocation consent. The data is processed until the user ceases to use the Website.

Claims
1. In order to process complaints, a service provider processes personal data of the users lodging complaints, in particular the e-mail address, name and surname, claim contents, circumstances of the event giving rise to the claim, information obtained in the course of claim processing, including the explanation of the event giving rise to the claim. In the course of processing of the claim, the service provider can process a number of other information, including the user’s name and surname, information on the user’s use of the services, cookiesor other similar technologies, and information on the equipment.

2. This data is processed pursuant to art. 6 sec. 1 item b of GDPR for the purposes of carrying out the services, i.e., the contract for the provision of electronic services, and are processed for a period required to process the claim, but no longer than 3 months after the claim procedure against the service provider is completed, as follows in the information below.

Preliminary investigation, claim assertion
1. In the event of entering into preliminary investigation regarding a potential violation of the rules or provisions of the law, the principles of social coexistence or good commercial practices, the proceedings to pursue claims by the controller or other users or entities, defending against claims from users or other entities, the controller shall be entitled to process personal data of specified users until the ongoing proceedings end or the end of the period of limitation of the controller’s claims against the user, which usually amounts to 6 years, pursuant to the Civil Code, however, in particular cases, it can be extended if provided for by the law.

2. Should the personal data be processed for the purposes of pursuing claims of other users, this data can be disclosed to another user or entity or a public authority authorized under law, e.g. courts of law, the Police or the prosecutor’s office.

3. This data shall then be processed, including disclosure, pursuant to art. 6 sec. 1 item. c of GDPR, i.e., in order to satisfy the obligation under the law on processing claims, pursuant to the act on providing electronic services or art. 6 sec. 1 item f of GDPR, i.e., legitimate interest of the controller involving pursuing own claims relative to the user. A legitimate interest of the controller shall then be the objective prevailing relative to the right and freedom of the customer.

Service statistics
1. In order to improve the quality of its services, the controller processes statistical information on the Website traffic, including information on the session, the IP number, time spent on individual sites and subsites, using individual service’s functionalities, and information on the device and web browser. The controller uses cookies or other similar technologies.

2. This data is processed pursuant to art. 6. sec. 1 item f of GDPR in the legitimate interest of the controller, which involves facilitating access to the Website, improving the quality and functionality of provided services, and the processing of this data shall not violate the rights and freedoms of the users. Because user information shall not be used for any additional purposes, and due to the specificity of the website service, adapting the manner of displaying the services at a website is not only a market standard, but also expected by the users from website providers.

3. Furthermore, a user can, at any time, withdraw the expressed content by changing the web browser setting regarding the admissibility of using cookies or other similar technologies.

4. This data is processed as part of the ongoing activities of the controller, however, for no longer than for 60 days after the receipt of the information. After this time, the controller shall be entitled to continue processing general statistical data, which does not provide information on individual users.

Embedded content from other websites
1. Articles on this website can contain embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behavesin the exact same way as if the visitor has visited the other website.

2. The websites can collect information on the user, use cookies, add extra and external tracking systems and monitor your interactions with the embedded material, including tracking of your interactions with the embedded material if you have an account or are logged in on that website.

Marketing and PR activities of the controller
The controller shall have the right to post marketing information about its products or services on the Website. Displaying of such by the controller is pursuant to art. 6 sec. 1 item f of GDPR and in accordance with the legitimate interest of the controller, which involves publishing the content associated with provided services and promotional content of the campaigns the controller is committed to. At the same time, this type of activity shall not violate the rights and freedoms of the users, since the users expect receiving similar content, even hope to receive it or it is the direct objective of their visit to the Website.

Marketing activities involving other products and services
1. The controller may also post marketing information regarding other products or services of its business partners, with whom the controller concluded a contract for marketing cooperation.

2. Displaying of such content by the controller is pursuant to art. 6 sec. 1 item f of GDPR, pursuant to the legitimate interest of the controller, which involves marketing actions involving the products or services of its business partners. At the same time, this type of action shall not violate the rights and freedoms of the users, in particular, due to the irregular nature of these actions, and the users expect receiving similar content as it relates to the theme of the Website. The user shall have the right to object to the processing of his/her personal data for marketing purposes.

Cookies
Our website, as most other websites, uses the so-called cookies. These files are:

• saved in the memory of your device (computer, telephone, etc.),
• enable you to use all functions of the website,
• do not change the settings of your device.

At any time, by selecting appropriate options of your browser, you can:

• delete cookies,
• block the use of cookies in the future.

This Website uses cookies for the purposes of:

• saving information about your session,
• statistics,
• marketing,
• providing Website functions.

In order to learn how to manage cookies, including how to disable them in your browser, you can use the help file in your browser. You can read the information about this by pressing the F1 key in the browser. Moreover, you will find relevant tips on the following pages, depending on the browser you are using:

• Firefox,
• Chrome,
• Safari,
• Internet Explorer / Microsoft Edge

More information on cookies can be found in Wikipedia.

1. User data recipients

The controller discloses personal data of the users solely to processors pursuant to concluded contracts for the commissioning of personal data processing for the purposes of implementing services on behalf of the controller, e.g. Website hosting and support, IT services, marketing and PR, as well as legal and counselling services

1. Transfer of personal data to third countries

Personal data shall not be processed in third countries.

1. Rights of data subjects

2. Every data subject shall have the right to:

1) access – have the control confirm the processing of this individual’s data. (art. 15 GDPR);

2) receive copies of data – obtain copies of data subject to processing (art. 15 sec. 3 GDPR);

3) rectification – demand the rectification of his/her personal data that are incorrect or to supplement incomplete data (art. 16 GDPR);

4) remove the data – demand the removal of his/her personal data (art. 17 GDPR);

5) limit the processing – demand limiting the processing of personal data (art. 18 GDPR);

6) transfer the data – (art. 20 GDPR);

7) object – raise an objection against the processing of his/her personal data (art. 21 GDPR).

8) withdraw consent at any time and without stating the reason, however the data processing completed prior to consent withdrawal shall remain lawful. Withdrawing consent shall result in the personal data controller ceasing the processing for the purposes for which the consent had been given.

3. In order to exercise the aforementioned rights, a data subject shall contact, using the provided contact details, the controller and communicate to the controller the right the data subject plans to exercise.

 VII. President of the Personal Data Protection Office

The data subject shall have the right to lodge a complaint to a supervisory authority, which in Poland is the President of the Personal Data Protection Office, with its registered office in Warsaw, at ul. Stawki 2, who can be contacted in the following ways:

1. by post: ul. Stawki 2, 00-193 Warsaw;

2. via an electronic inbox at: uodo.gov.pl;

3. by phone: (22) 531 03 00.

VIII. Amendments to the Privacy Policy 

The privacy policy can be supplemented or updated in line with the current needs of the controller, in order to ensure binding and reliable information for the users regarding their personal data and related info. All amendments to the privacy policy shall be communicated to the users on the Website.

1. Legal acts referred to in the clause

2. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ( UE L 2016 No. 119, p. 1);

3. 118 and act amendment of 23 April 1964 – Civil Code (i.e. O.J. of 2019, item 1145);

4. 8 of the Act of 18 July 2002 on providing electronic services (i.e. O.J. of 2019 item 123);

5. 173 sec. 2 of the act of 16 July 2004 – The telecommunications law.