1. GENERAL PROVISIONS
2. The data controller of the personal data of Website users, within the meaning of art. 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – “GDPR”) is “RISK” sp. z o.o. limited liability company with its registered office in Warsaw, address: ul. Szpitalna 6A/9, 00-031 Warsaw, entered into the commercial register maintained by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division of the National Court Register (KRS) under the following number: 0000536745, VAT identification number (NIP): 1132855615, National Business Registry number (REGON): 146129025, equity capital: 100.000,00 zł, e-mail address: firstname.lastname@example.org, phone number: +48 22 490 20 51, the owner of the Website, hereinafter referred to as the “Data Controller”.
2. SCOPE OF THE DATA COLLECTED
1. The Data Controller collects Users' personal data to the extent required to complete the orders made through the Website, complete registration at the Website or render other services specified in the Terms and Conditions.
2. The scope of data collected includes: name and surname, e-mail address, phone number, bank account number, delivery address including: street, postal code, city, country, as well as profile data from Facebook. The scope of data processed depends on the type of service chosen by the User.
3. PURPOSE AND LEGAL BASIS OF DATA PROCESSING
1. The Data Controller collects, uses and processes Users' personal data only for the following purposes and on the following legal bases:
- a. for the purpose of registration and maintenance (including technical maintenance) of a User account on the Website pursuant to art. 6 par. 1(a) of GDPR – the data subject has given consent to the processing of their personal data, whereas the personal data shall be processed until withdrawal of consent (including the case of deleting the User account);
- b. for the purpose of completing orders placed on the Website and carrying out a possible complaint procedure pursuant to art. 6 par. 1(b) of GDPR – the processing is necessary to perform the contract a party whereto is the data subject or to carry out actions, upon request of the data subject, before conclusion of the contract, whereas the personal data shall be processed until necessary to complete the order and carry out the possible complaint procedure;
- c. for the purpose of enforcement of claims and defending against claims pursuant to art. 6 par. 1(f) of GDPR, i.e. processing is necessary for the purposes of the legitimate interest of the Data Controller, which is the defending of the Data Controller’s interests, whereas the personal data shall be processed until the end of the limitation period of the claims;
- d. for the purpose of complying with the legal obligations to which the Data Controller is subject pursuant to art. 6 par. 1(c) of GDPR in conjunction with art. 74 of the Accounting Act and other tax regulations, whereas the personal data shall be processed over the period of five calendar years counted from the end of the caledar year wherein the order had been placed;
- e. for the purpose of rendering, via e-mail, of the Newsletter service pursuant to art. 6 par. 1(a) of GDPR, i.e. the consent, in conjunction with art. 10 of the Act on Providing Services by Electronic Means and art. 172 of Telecommunications Act, whereas the personal data shall be processed until withdrawal of consent.
2. The Data Controller processes Users' personal data only for the purposes indicated above.
3. Users' personal data will not be transferred to countries outside the European Economic Area (to countries other than European Union countries and Iceland, Norway and Liechtenstein).
4. The Data Controller shall not conduct processes which consist in automated decision-making, including profiling.
5. Providing data is voluntary, but necessary in order for the Data Controller to render services through the Website.
4. USER’S RIGHTS
1. Users' personal data is collected at the Data Controller's registered office, i.e. at the following address: “RISK” sp. z o.o. limited liability company, ul. Szpitalna 6A / 9, 00-031 Warsaw.
2. The User has the right to:
- a. access their personal data stored by the Data Controller;
- b. obtain the rectification of their personal data if the User suspects that the personal data stored by the Data Controller is out of date, incomplete or untrue;
- c. obtain the restriction of processing their personal data;
- d. obtain the erasure of their personal data;
- e. object to processing of their personal data in cases specified in art. 21 of GDPR;
- f. obtain the transfer of their personal data to another data controller, if it is technically possible;
- g. 4.2.7. withdraw the consent at any time if the personal data is processed on the basis of consent (without affecting the legality of the processing which was carried out on the basis of the consent before the withdrawal thereof).
3. Execution of the rights referred to in section 4.2. above may be conducted by the User through submitting to the Data Controller the appropriate statement of will:
- a. in person at the Data Controller's registered office (“RISK” sp. z o.o. limited liability company, ul. Szpitalna 6A/9, 00-031 Warsaw);
- b. by mail to the aforementioned address of the Data Controller’s registered office;
- c. by e-mail to the following address:
- d. through the control panel of the User’s Website account.
4. The User is also entitled to file a complaint to the supervisory body for personal data protection, i.e. the President of the Office for Personal Data Protection (PUODO).
5. COOKIES MECHANISM
1. The Website uses text files called Cookies.
2. The cookies are saved by the server on the User's computer.
3. In order to use the Website, it is necessary to allow cookies to be stored on the User's computer. Lack of authorization may mean that there is no possibility or difficulty in using the Website.
4. The cookies are not used to collect the User’s personal data.
5. The cookies do not interfere with the configuration of the User's computer, they are not used to install or uninstall any computer program, they do not interfere with the integrity of the system or the User's data.
6. The Data Controller reserves the right to use third-party services in the area of developing statistical data about the use of the Website. The Data Controller hereby declares that in such case, no data identifying the Users shall be made available to such entities.
7. The Website uses three types of cookies: “session cookies”, “persistent cookies” and “analytical cookies”. “Session cookies” are temporary files that are stored on the User's device until logout (leaving the site). “Persistent cookies” are stored on the User's device for the period specified in the parameters of the cookie files or until deletion by the User. “Analytical cookies” allow for a better understanding of the manner in which the User interacts with the content of the Website. They collect information on the manner of the use of the Website, the type of website from which the User was redirected, and the number of visits and the time of the User's visit to the Website. This information does not record the User's specific personal data, but it is used to develop statistics on the use of the Website.
8. In accordance with the applicable provisions of the Telecommunications Law of 16 July 2004 (Journal of Laws of 2018, item 1954), the User is entitled to decide on the access of cookies to their computer by selecting cookies in their browser window.
9. How to manage cookies – instructions from web browser developers:
6. IP ADDRESS
1. The Data Controller reserves the right to collect the IP addresses visiting the Website, which may be helpful in diagnosing technical problems with the server, creating statistical analyses (e.g. determining from which regions the most visits are recorded). In addition, they can be useful when administering and improving the Website.
7. ACCESS TO THE DATABASE BY THIRD PARTIES
1. Users' personal data will not be made available by the Data Controller to other entities or third parties, except when:
- a. the User consents to this;
- b. it is necessary for the purpose of rendering services by the Data Controller through the Website, i.e. the Users' personal data may be made available to entities such as Poczta Polska S.A. with its registered office in Warsaw, courier companies (DHL, DPD, Let's Deliver, InPost), payment system operators (PayU, PayPal, Tpay) etc. In such case, the Data Controller makes available only such personal data that is necessary for the provision of the aforementioned services. More information on the manner in which these entities use the Users' personal data can be found in their privacy and cookies policies;
- c. it is necessary to detect and prevent fraud, as well as to resolve other problems related to fraud, security and technical issues;
- d. it is required by applicable laws or legitimate requests of state institutions and judicial authorities.
2. In addition, the Data Controller may make Users' personal data available to entities which were authorized or entrusted by the Data Controller with processing of personal data, i.e.:
- a. providers of legal and advisory services in the event of pursuing by the Data Controller of claims arising from its business activity;
- b. providers of technical and organizational services enabling the Data Controller to render services through the Website;
- c. employees and associates.
8. SECURITY AND PROTECTION OF PERSONAL DATA
1. The Data Controller declares that it processes Users' personal data in accordance with the requirements of GDPR, the Act of 10 May 2018 on the Protection of Personal Data (i.e. Journal of Laws of 2019, item 1781) and other applicable provisions on the protection of personal data that complement and/or implement GDPR, including primarily that the Data Controller applies technical and organizational measures to ensure data protection appropriate to the threats and categories of data protected, in particular protects Users' personal data against making them available to unauthorized persons, loss or damage.
9. LIABILITY DISCLAIMER
10. CONTACTING US