DEFINITIONS 1.1. Administrator – Abplanalp sp. z o.o. with headquarters at 36 Kostrzyńska St., 02-979 Warsaw 1.2. Personal data – information about a natural person identified or identifiable through one or several particular factors defining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier, and information collected via cookie files and other, similar technologies. 1.3. Policy – this Privacy Policy. 1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. 1.5. Website – the internet website run by the Administrator under the address http://www.abplanalp.pl/ 1.6. User – every natural person visiting the Website or using one or several services or functionalities described in the Policy.
DATA PROCESSING IN RELATION TO USE OF THE WEBSITE 2.1. In relation to use by the User of the Website, the Administrator collects data within the scope indispensable for rendering individual offered services, as well as information about the User’s activity on the Website. The detailed rules and objectives of processing of Personal Data gathered during use of the Website by the User are described below.
OBJECTIVES AND LEGAL GROUNDS OF DATA PROCESSING ON THE WEBSITE. USE OF THE WEBSITE 3.1. The Personal Data of all persons using the Website (including IP address or other identifiers as well as information gathered via cookies files or other, similar technologies), not being registered Users (i.e. persons who do not have a profile on the Website), are processed by the Administrator: 3.1.1. for the purposes of rendering services via electronic means within the scope of providing Users access to the Website’s contents – in this case, the legal grounds for processing is the indispensability of processing for the purposes of performance of the contract (legal grounds of processing: art. 6 par. 1 letter b GDPR); 3.1.2. for analytical and statistical purposes – in this case, the legal grounds for processing is the Administrator’s legally justified interest (legal grounds for processing: art. 6 par. 1 letter f GDPR), involving analyses of Users’ activity as well as of their preferences for the purpose of improving implemented functionalities and rendered services; 3.1.3. for the purposes of potential determination and pursuit of claims or defending against claims – the legal grounds for processing is the Administrator’s legally justified interest (legal grounds for processing: art. 6 par. 1 letter f GDPR), based on protection of the Administrator’s rights; 3.2. The User’s activity on the Website, including their Personal Data, is registered in system logs (a special computer program serving for storing a chronological record of events and actions pertaining to the IT system serving for rendering of services by the Administrator). The information gathered in logs are processed, above all, for purposes related to rendering of services. The Administrator also processes them for technical and administrative purposes, for the purposes of ensuring the IT system’s security and managing this system, as well as for analytical and statistical purposes – in this scope, the legal grounds of processing is the Administrator’s legally justified interest (legal grounds for processing: art. 6 par. 1 letter f GDPR).
DATA PROCESSING MECHANISMS AND METHODS REGISTRATION ON THE WEBSITE 4.1. Persons who register on the Website are asked to provide the data required for creating and using an account. To facilitate use, the User may provide additional data using the functionalities made available to them as part of their registered account. Such data can be deleted at any time. Provision of data designated as mandatory is required for the purposes of creating and using an account, and it is not possible to create an account if this data is not provided. Providing of other data is voluntary. 4.2. Personal data are processed: 4.2.1. for the purposes of rendering services related to running and using an account on the Website – the legal grounds for processing is the indispensability of processing for the purposes of performing the contract (legal grounds of processing: art. 6 par. 1 letter b GDPR); 4.2.2. for analytical and statistical purposes – the legal grounds for processing is the Administrator’s legally justified interest (legal grounds for processing: art. 6 par. 1 letter f GDPR), involving analyses of Users’ activity as well as of their preferences for the purpose of improving implemented functionalities and rendered services; 4.2.3. for the purposes of potential determination and pursuit of claims or defending against claims – the legal grounds for processing is the Administrator’s legally justified interest (legal grounds for processing: art. 6 par. 1 letter f GDPR), based on protection of the Administrator’s rights; 4.2.4. for the marketing purposes of the Administrator and other entities – the rules of processing Personal Data for marketing purposes are described in the MARKETING section. 4.3. If the User provides any Personal Data of other persons to the Website (including their name and surname, address, telephone number and/or e-mail address), they may do so solely under the condition that no laws or personal rights of such persons are breached. CONTACT FORMS 4.4. The Administrator provides the possibility of contacting them using electronic contact forms or the chat. Using the form requires provision of the Personal Data required to make contact with the User and giving a response to their query. The User may also provide other data for the purpose of facilitating contact or handling the query. Provision of data designated as mandatory is required for the purposes of accepting and handling a query, and it is not possible to handle a query if this data is not provided. Providing of other data is voluntary. 4.5. Personal Data are processed for the purposes of identifying the sender and handling their query sent via the form made available – the legal grounds for processing is the indispensability of processing for performance of the contract for rendering of services (legal grounds of processing: art. 6 par. 1 letter b GDPR).
MARKETING 5.1. The Administrator processes Users’ Personal Data for the purposes of conducting marketing activities, which may involve: 5.1.1. displaying marketing content to the User not adapted to their preferences (contextual advertisement); 5.1.2. sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service); 5.1.3. conducting other types of activities related to direct marketing of goods and services (transmission of commercial information via electronic means and telemarketing activities). 5.2. For the purposes of marketing activities, the Administrator uses profiling in some cases. This means that, thanks to automatic data processing, the Administrator creates a profile of the User and assesses selected factors concerning users based on information gathered (e.g. e-mail address, order history, type of device, implemented technology, frequency of visits, vehicle model) for the purposes of analyzing Users’ behavior as buyers or creating a forecast of purchases for the future. This makes it possible to better adjust displayed content to the User’s individual preferences and interests. CONTEXTUAL ADVERTISEMENT 5.3. The Administrator processes Users’ Personal Data for marketing purposes in relation to sending of contextual advertising to Users (i.e. advertising not adapted to the User’s preferences). Processing of Personal Data occurs in relation to the realization of the Administrator’s legally justified interest (legal grounds for processing: art. 6 par. 1 letter f GDPR). NEWSLETTER 5.4. The Administrator renders the newsletter service under the terms defined in the terms and conditions for persons who have provided their e-mail address for this purpose. Provision of data is required for the purpose of rendering the newsletter service, and the newsletter cannot be sent if data is not provided. This form of communication with the User may include profiling. This means that, thanks to automatic data processing, the Administrator creates a profile of the User and assesses selected factors concerning users based on information gathered (e.g. e-mail address, order history, type of device, implemented technology, frequency of visits) for the purposes of analyzing Users’ behavior as buyers or creating a forecast of purchases for the future. This makes it possible to better adjust sent content to the User’s individual preferences and interests. 5.4. Personal data are processed: 5.4.1. for the purposes of rendering the newsletter service – the legal grounds for processing is the indispensability of processing for performance of the contract (legal grounds for processing: art. 6 par. 1 letter b GDPR); 5.4.2. in the case of sending to the User of marketing content as part of the newsletter – the legal grounds for processing, including with the use of profiling, is the Administrator’s legally justified interest (legal grounds for processing: art. 6 par. 1 letter f GDPR) in relation to expressed consent to receiving the newsletter; 5.4.3. for analytical and statistical purposes – the legal grounds for processing is the Administrator’s legally justified interest, (legal grounds for processing: art. 6 par. 1 letter f GDPR), involving analysis of Users’ activity on the Website for the purpose of improving implemented functionalities; 5.4.4. for the purposes of potential determination and pursuit of claims or defense against claims – the legal grounds for processing is the Administrator’s legally justified interest (legal grounds for processing: art. 6 par. 1 letter f GDPR), involving protection of the Administrator’s rights. DIRECT MARKETING 5.5. The User’s Personal Data may also be used by the Administrator to send to the User marketing content via various channels, i.e. via e-mail, MMS / SMS or telephone. Such activities are undertaken by the Administrator solely in the case where the User has consented to them, which consent the User may revoke at any time. 5.6. The Administrator may, in certain cases, also conduct direct marketing via traditional post. The User is entitled to the right of objection against this type of marketing.
SOCIAL MEDIA PLATFORMS 6.1. The Administrator processes the Personal Data of Users visiting the Administrator’s social media accounts (Facebook, YouTube). These data are processed solely in relation to running of the account, including for the purposes of notifying Users about the Administrator’s activity and promoting various types of events, services and products. The legal grounds for Personal Data processing by the Administrator for these purposes is their legally justified interest (legal grounds for processing: art. 6 par. 1 letter f GDPR), involving promotion of the Administrator’s own brand.
POSTING COMMENTS 7.1. The Administrator provides the possibility of posting comments on the Website. Providing data in the fields marked “field required” is voluntary, however it is not possible to post a comment without providing data in these fields. The data publicly visible to all Users is: User’s nickname. 7.2. Personal Data are processed for the purposes of publishing a comment as part of the functionalities made available by the Administrator – the legal grounds for processing is the indispensability of processing for rendering of the service (legal grounds of processing: art. 6 par. 1 letter b GDPR).
COOKIE FILES AND SIMILAR TECHNOLOGIES 8.1. Cookie files are small text files installed on the device of the User browsing the Website. Cookies collect information facilitating use of the Website – e.g. by remembering the User’s visits to the Website and the actions they performed. “WEBSITE” COOKIES 8.2. The Administrator uses so-called website cookies for the purposes of, above all, providing to the User services rendered by electronic means and improving the quality of these services. In relation to this, the Administrator and other entities rendering analytical and statistical services on the Administrator’s behalf use cookie files, storing information or gaining access to information already stored in the User’s telecommunications end-device (computer, telephone, tablet, etc.). Cookie files used for this purpose include: 8.2.1. cookie files with data input by the User (session identifier) for the duration of a session (user input cookies); 8.2.2. authentication cookies used for services requiring authentication for the session’s duration (authentication cookies); 8.2.3. cookie files serving to ensure security, e.g. used to detect abuses in authentication (user centric security cookies); 8.2.4. session cookies of multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies); 8.2.5. persistent cookie files serving for personalization of the User’s interface for the duration of the session or longer (user interface customization cookies).
ANALYTICAL AND MARKETING TOOLS USED BY THE ADMINISTRATOR’S PARTNERS 9.1. The Administrator and their Partners use various solutions and tools for analytical and marketing purposes. Basic information about these tools can be found below. Detailed information can be found in the given partner’s privacy policy. GOOGLE ANALYTICS 9.2. Google Analytics cookies are files used by Google for the purposes of analyzing how the Website is used by the User, to create statistics and reports concerning the Website’s functioning. Google does not use gathered data to identify the User nor combines this information for the purposes of enabling identification. Detailed information on the scope and principles of data collection in relation to this service can be found under the link: https://www.google.com/intl/pl/policies/privacy/partners. GOOGLE ADS 9.3. Google Ads is a tool that makes it possible to measure the effectiveness of advertising campaigns conducted by the Administrator, allowing for analytics of such data as keywords or number of unique users. The Google Ads platform also makes it possible to display our advertisements to persons who have visited the Website in the past. Information concerning data processing by Google within the scope of the Google Ads service is available under the link: https://policies.google.com/technologies/ads?hl=pl FACEBOOK PIXELS 9.4. Facebook Pixels is a tool making it possible to measure the effectiveness of advertising campaigns run by the Administrator on Facebook. The tool allows for advanced data analytics for the purposes of optimizing the Administrator’s activities, including with the use of other tools offered by Facebook. Detailed information concerning data processing by Facebook can be found under this link: https://pl-pl.facebook.com/help/443357099140264?helpref=about_content HOTJAR 9.5. HotJar is a tool allowing the Administrator to analyze Users’ activity on the Website, e.g. via questionnaires or satisfaction surveys, as well as via anonymous collection of information on clicks to individual locations on the Website. The tool does not allow for identification of the User. Detailed information concerning data collected through HotJar and the method of disabling monitoring of the User is available under the link: https://www.hotjar.com/privacy DOUBLECLICK 9.6. DoubleClick is a tool that makes it possible to measure the effectiveness of advertising campaigns conducted by the Administrator (Google Ads campaigns) and analyze their results. GOOGLE TAG MANAGER 9.8. Google Tag Manager is a tool allowing the Administrator to conduct analyses of Users’ activity by enabling management of other analytical or marketing tools used by the Administrator.
MANAGING COOKIES SETTINGS 10.1. The User may at any time revoke consent to the use of cookie files for the purposes of data collection by their means, including obtaining access to data saved on the User’s device. 10.2. Consent is not required solely in the case of cookie files that must be used in order to render the telecommunications service (data transmission for the purpose of displaying content). 10.3. Revoking consent to the use of cookie files is possible by using browser settings. Detailed information on this subject can be found under the links below: 10.3.1. Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies 10.3.2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka 10.3.3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647 10.3.4. Opera: http://help.opera.com/Windows/12.10/pl/cookies.html 10.3.5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB 10.4. The User may at any time verify the status of their current privacy settings for the browser they are currently using the tools available under the links below: 10.4.1. http://www.youronlinechoices.com/pl/twojewybory 10.4.2. http://optout.aboutads.info/?c=2&lang=EN
PERSONAL DATA PROCESSING PERIOD 11.1. The period of data processing by the Administrator depends on the type of service rendered and the purpose of processing. In principle, data are processed for the duration of rendering of services or realization of an order, until such time as expressed consent is revoked or an effective objection is raised with regard to data processing in cases where the legal grounds for data processing is the Administrator’s legally justified interest. 11.2. The data processing period may be extended in the case where processing is indispensable for determining and pursuing potential claims or defending against claims, and after this period, solely in the case and scope required by legal regulations. Following expiration of the processing period, data are irreversibly deleted or anonymized.
USER’S RIGHTS 12.1. The User is entitled to the right to access the content of their data as well as to demand their rectification, deletion, restriction of processing, the right to transfer data and the right to raise an objection with regard to data processing, as well as the right to file a complaint to the supervisory body concerned with Personal Data Protection. 12.2. In the scope in which the User’s data are processed on the grounds of consent, this consent can be revoked at any time by contacting the Administrator or using the functionalities made available on the Website. 12.3. The User has the right to raise an objection with regard to data processing for marketing purposes, if processing is taking place in relation to the Administrator’s legally justified interest, and also – for reasons related to the User’s special situation – in other cases where the legal grounds of data processing is the Administrator’s legally justified interest (e.g. in relation to achievement of analytical and statistical objectives). To revoke consent, you may contact us by sending an e-mail to the address: ochronadanych@abplanalp.pl.
DATA RECEIVERS 13.1. In relation to rendering of services, Personal Data will be disclosed to external entities, including, in particular, providers responsible for operating IT systems, entities such as banks and payment operators, entities rendering accounting services, couriers (in relation to realization of an order), enforcement firms and entities associated with the Administrator. 13.2. In the case where a comment is posted on the Website, the nickname given by the User will be made public along with the content of the comment.
DATA TRANSFER OUTSIDE THE EEA 14.1. The level of Personal Data protection outside of the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when necessary and assuring the appropriate level of protection, above all, through: 14.1.1. collaboration with entities processing Personal Data in countries, in reference to which the relevant decision of the European Commission has been issued with regard to determination of assurance of the appropriate level of Personal Data protection; 14.1.2. the use of standard contractual clauses issued by the European Commission; 14.1.3. the application of binding corporate rules, approved by the relevant supervisory body; 14.1.4. in the case of data transfer to the USA – collaboration with entities participating in the Privacy Shield program, approved by a decision of the European Commission. 14.2. The Administrator always informs of their intent to transfer Personal Data outside of the EEA at the stage of their collection.
SECURITY OF PERSONAL DATA 15.1. The Administrator conducts ongoing risk assessment for the purposes of ensuring that they process Personal Data in a secure manner – ensuring, above all, that only authorized persons have access to data, and only within the scope indispensable considering the tasks they perform. The Administrator makes sure that all operations on Personal Data are logged and performed only by authorized employees and co-workers. 15.2. The Administrator takes all indispensable measures so that their subcontractors and other collaborating entities guarantee the application of the appropriate security measures in every case where they process Personal Data as ordered by the Administrator.
CONTACT INFORMATION 16.1. Contact with the Administrator is possible via the e-mail address biuro@abplanalp.pl or address for correspondence Abplanalp, ul. Kostrzyńska 36, 02-903 Warsaw. 16.2. The Administrator has appointed a Personal Data Protection Inspector, who can be contacted at the e-mail address ochronadanych@abplanalp.pl or at the administrator’s address of correspondence, with correspondence bearing the annotation “Personal Data Protection Inspector” in every matter concerning Personal Data processing. 16.3. You have the right to access your data as well as the right to rectify, delete, restrict processing of data, the right to transfer data, the right to raise an objection (e.g. if data are processed on the grounds of your consent or for marketing purposes or for the purposes of sharing your data); you have the right to revoke consent at any time. To revoke consent, you may contact the customer service point at an Abplanalp sp. z o.o. stationary store or by sending an e-mail to the address: ochronadanych@abplanalp.pl. Provision of personal data by you is entirely voluntary. Not providing personal data will result in the impossibility of complete performance of the obligations assumed by Abplanalp sp. z o.o. under the contracts concluded with you.
CHANGES TO THE PRIVACY POLICY 17.1. The Policy is verified in an ongoing fashion and updated if necessary. 17.2. The Policy’s current version was adopted and is binding from 06/01/2023
RECRUITMENT INFORMATIONAL CLAUSE 18.1 Information on personal data processing by Abplanalp sp. z o.o. with headquarters at ul. Kostrzyńska 36, 02-979 Warsaw. Abplanalp sp. z o.o. places great emphasis on personal data protection, which is why it has decided to appoint a Data Protection Inspector, who can be contacted by traditional post (address for correspondence given above) or via electronic mail at the address: “ochronadanych@abplanalp.pl”. Abplanalp sp. z o.o. encourages contact via electronic mail. 18.2 Data administrator In relation to commencement of recruitment, the administrator of your personal data is Abplanalp sp. z o.o., which will process personal data for the purposes of the recruitment process. 18.3 Data acquisition and objective of their processing Processing of your data for the purposes of recruitment takes place: – on the grounds of art. 6 par. 1 letter b of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”, i.e. for the purposes of concluding a contract of employment or collaboration; – on the grounds of art. 6 par. 1 letter a GDPR, i.e. expressed consent to personal data processing within the scope not required by the provisions of the Labor Code and in the case of consent to participation in future recruitments; – on the grounds of art. 9 par. 2 letter b GDPR within the scope of data processing for the purposes of determining an employee’s capability to work. Providing data within the scope arising from the labor code is mandatory, and voluntary in the remaining scope. In the case where no contract is concluded, your data should be deleted following completion of the recruitment process. Without additional consent from the person to whom data pertains, the Administrator may store the data of candidates who have not been hired for up to 6 months following completion of the recruitment period as a justified purpose of the administrator, due to the possibility that the person hired may not be suitable for the position or may resign. In the case of expressed consent to further recruitment processes, for no longer than a year. Data may also be processed in an automated manner, which includes use for profiling, but such processing will not cause any legal consequences or impact you significantly. 18.4 Data receivers Based on concluded contracts and strictly defined goals, entities providing teleinformational solutions, auditing entities, government authorities or other legally authorized entities may have access to data for the purposes of enforcing Abplanalp sp. z o.o.’s obligations. Data will be processed in Poland, and potentially within the European Economic Area. 18.5 Rights in the scope of processed data The person whose data are processed by the Administrator has the right to demand access to data, their rectification, or correction, deletion or restriction of processing, as well as the right to raise an objection against processing, and the right to transfer data. More information on the rights of persons to whom data pertain is available in art. 12-23 of the General Data Protection Regulation (GDPR), the text of which can be found under the address: https://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679 Moreover, you are entitled to the right to file a complaint to the supervisory body, i.e. the President of the Office for Personal Data Protection, more information under the address: https://uodo.gov.pl/pl/p/skargi
