GDPR information obligation

The information below constitutes a concise, understandable, and transparent summary of the information contained in the Privacy Policy regarding the Data Controller, the purpose and method of processing personal data, and your rights in connection with this processing, in the form required to fulfill the GDPR information obligation. Details on the method of processing and the entities involved in this process are available in the indicated policy.


                   

Who is the Data Controller?

The Personal Data Controller (hereinafter referred to as the Administrator or Controller) is the company "NAPRAWCZESC.PL," operating at: Os Na Rozdrożu 12, 84-110 Krokowa, with the assigned Tax Identification Number (NIP): 5871706510, providing services electronically via the Website.


                   

How can I contact the Data Controller?

The Controller can be contacted in one of the following ways:

  • Postal Address - NAPRAWCZESC.PL, Os Na Rozdrożu 12, 84-110 Krokowa

  • Email Address - biuro@naprawczesc.pl

  • Phone Call - +48 796 160 103

  • Contact Form - available at: https://naprawczesc.pl/kontakt


                   

Has the Controller appointed a Data Protection Officer?

Based on Art. 37 of the GDPR, the Controller has not appointed a Data Protection Officer.

In matters related to data processing, including personal data, please contact the Controller directly.


                   

Where do we obtain personal data and what are its sources?

Data is obtained from the following sources:

  • from the data subjects themselves

                   

What is the scope of personal data processed by us?

The website processes **ordinary personal data**, provided voluntarily by the data subjects
(E.g., name and surname, login, email address, phone number, IP address, etc.)

The detailed scope of processed data is available in the Privacy Policy.


                   

What are the purposes of data processing by us?

Personal data voluntarily provided by Users are processed for one of the following purposes:

  • Provision of electronic services:
    • User account registration and maintenance services on the Website and related functionalities
    • Newsletter services (including sending advertising content with consent)
    • Commenting / liking entries on the Website without the need for registration
  • Communication between the Controller and Users on matters related to the Website and data protection
  • Ensuring the Controller's legitimate interest

                   

What are the legal bases for data processing?

The Website collects and processes User data based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR)
    • Art. 6(1)(a)
      the data subject has given consent to the processing of his or her personal data for one or more specific purposes
    • Art. 6(1)(b)
      processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
    • Art. 6(1)(f)
      processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
  • Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018 item 1000)
  • Act of 16 July 2004 Telecommunications Law (Journal of Laws 2004 No. 171 item 1800)
  • Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994 No. 24 item 83)

                   

What is the legitimate interest pursued by the Controller?

  • For the purpose of potential establishment, exercise, or defense against claims – the legal basis for processing is our legitimate interest (Art. 6(1)(f) of the GDPR) consisting of the protection of our rights, including, among others;
  • For the purpose of assessing the risk of potential clients
  • For the purpose of assessing planned marketing campaigns
  • For the purpose of direct marketing

                   

For what period do we process personal data?

As a rule, the indicated personal data are stored only for the period of providing the service within the ongoing website operated by the Controller. They are deleted or anonymized within a period of up to **30 days from the end of the service provision** (e.g., deletion of a registered user account, unsubscribing from the Newsletter list, etc.)

In exceptional situations, in order to secure the legitimate interest pursued by the Controller, this period may be extended. In such a situation, the Controller will store the indicated data, from the time the User requests their deletion, for no longer than 3 years in the event of a violation or suspected violation of the service regulations by the data subject.


                   

Who is the recipient of the data, including personal data?

As a rule, the sole recipient of the data is the Controller.

However, data processing may be entrusted to other entities providing services for the Controller in order to maintain the operation of the Website.

Such entities may include, among others:
  • Hosting companies providing hosting or related services to the Controller
  • Companies through which the Newsletter service is provided

                   

Will your personal data be transferred outside the European Union?

Personal data **will not be transferred outside the European Union**, unless they have been published as a result of an individual action by the User (e.g., entering a comment or post), which makes the data available to every visitor to the website.
                   

Will personal data be the basis for automated decision-making?

Personal data **will not be used** for automated decision-making (profiling).


                   

What rights do you have related to the processing of personal data?

  • **Right of access to personal data**
    Users have the right to obtain access to their personal data, exercised upon a request submitted to the Controller.

  • **Right to rectification of personal data**
    Users have the right to demand that the Controller immediately rectify personal data that is inaccurate and/or complete incomplete personal data, exercised upon a request submitted to the Controller.

  • **Right to erasure of personal data (Right to be forgotten)**
    Users have the right to demand that the Controller immediately erase personal data, exercised upon a request submitted to the Controller.

    In the case of user accounts, data deletion involves the anonymization of data enabling User identification.

    In the case of the Newsletter service, the User has the ability to independently delete their personal data using the link included in every sent email message.

  • **Right to restriction of processing**
    Users have the right to restrict the processing of personal data in cases specified in Art. 18 of the GDPR, including questioning the accuracy of personal data, exercised upon a request submitted to the Controller.

  • **Right to data portability**
    Users have the right to receive from the Controller the personal data concerning the User in a structured, commonly used, machine-readable format, exercised upon a request submitted to the Controller.

  • **Right to object to the processing of personal data**
    Users have the right to object to the processing of their personal data in cases specified in Art. 21 of the GDPR, exercised upon a request submitted to the Controller.

  • **Right to lodge a complaint**
    Users have the right to lodge a complaint with the supervisory authority dealing with personal data protection.