§ 1. Introduction
We are aware that your personal data as a website User www.stanro.eu (hereinafter: "Website") and the way they are used are important to you, so we want you to be sure that MPT Stanro Sp. z o. o. Sp. k. (hereinafter: "Service Provider") exercises due care when using your data.
We have always treated the protection of personal data as one of the most important aspects of the Service Provider's activities. We feel particularly responsible for the security of your personal data processed by us in connection with our activities.
Our goal is also to properly inform Website Users about matters related to the processing of personal data. For this reason, in this document we inform you about the legal basis for the processing of your personal data, the methods of collecting and using it, as well as the rights of data subjects related to it. The privacy policy also contains regulations regarding "Cookies" and "System Logs". In this Privacy Policy you will also find out who is the administrator of your personal data, for what purpose, scope and for what period they will be processed.
This document was prepared in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (OJ EU L . of 2016, No. 119), (hereinafter: "GDPR").
This Privacy Policy applies to all cases in which the Service Provider is the administrator of personal data and processes personal data. This applies both to cases in which the Service Provider processes personal data obtained directly from the data subject and to cases in which the Service Provider obtained personal data from other sources.
§ 2. General rules
- The Service Provider pays great attention to the proper protection of your personal data and your privacy and makes every effort to ensure respect for your privacy and protection of your personal data when you use the Website.
- Personal data means information relating to an identified or identifiable natural person (data subject). The processing of personal data is basically any activity involving personal data, regardless of whether it is performed in an automated manner or not, e.g. collecting, storing, recording, organizing, modifying, viewing, using, sharing, limiting, deleting or destroying.
- The Service Provider processes personal data for various purposes, and depending on the purpose, different methods of collection, legal bases for processing, use, disclosure and storage periods may apply.
- Users visiting the Website have control over the personal data they provide to us. The Website limits the collection and use of information about Users to the minimum necessary to provide them with services at the desired level, pursuant to Art. 18 of the Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204) and the provisions of the GDPR.
- Personal data and other information collected about Users are processed in a manner consistent with the scope of consent granted by the User, only for a specific purpose and in accordance with the requirements of Polish law, in particular in accordance with the provisions of:
- Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2002, No. 144, item 1204);
- Act of May 10, 2018 on the protection of personal data (Journal of Laws of 2018, item 1000);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L. No. 119, p. 1);
- Act of 4 May 2019 amending certain acts in connection with ensuring the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), (Journal of Laws of 2019, item 730).
- Basic principles of data processing by the Service Provider:
- legality, reliability and transparency;
- adequacy of the purpose of processing;
- data minimization;
- regularities;
- principle of limited storage;
- ensuring data integrity, confidentiality and accountability.
§ 3. Personal data administrator (“Administrator”)
- The company is the administrator of personal data, i.e. the entity that decides on the purposes and methods of processing Users' personal data MPT Stanro limited liability company based in Szczecin, ul. Fr. Boguslawa : "MPT Stanro" or "Service Provider").
- In connection with the user's use of the website, the Administrator collects data to the extent necessary to provide the individual services offered, as well as information about the user's activity on the website. Detailed principles and purposes of processing personal data collected when the user uses the website are described below.
§ 4. Principles of personal data processing
- Browsing the content of the Website as a guest, including information about the Service Provider available on the Website, does not require you to provide any personal data.
- If you intend to use the services we offer, you will be asked to provide us with your personal data. Your data is processed by us for the purposes indicated below related to the operation of the Website, the provision of our services, and the fulfillment of our legal obligations.
- If you intend to use the services we offer but enter personal data of a third party (e.g. a family member) into the Website, you are obliged to obtain prior consent to provide us with that person's personal data and to inform us about the principles of personal data processing by MPT STANRO specified in this Politics.
- Your consent to the processing of your personal data is voluntary and takes place by selecting the appropriate checkbox, e.g. when using the functionality of the Website. You can withdraw your previously expressed consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
- The administrator provides the possibility of contacting him using electronic contact forms. Using the form requires providing Personal Data necessary to contact the user and answer the inquiry. The user may also provide other data to facilitate contact or handling of the inquiry. Providing data marked as mandatory is required to accept and handle the inquiry, and failure to provide it results in the inability to process it. Providing other data is voluntary.
- We require you to provide the following personal data in order to provide the services we offer:
- first name Last Name;
- city;
- e-mail adress;
- Phone number;
- Providing the data specified in section 6 § 4 is necessary to use the Services we provide, and refusal to provide this data may prevent us from providing services electronically, in particular may prevent contact with the User. Providing data for the purposes of sending the newsletter is voluntary.
- Depending on the purpose for which the data is provided, failure to provide personal data may result in the following legal consequences:
- inability to use our Services,
- inability to receive information about promotions or special offers.
- Your personal data may be processed for the following purposes:
- providing all the services we offer
- direct marketing of offered services and goods, other than newsletter;
- sending the newsletter;
- handling all requests you send to us and contact from our website in connection with the use of our services;
- implementation of all obligations incumbent on the Administrator in connection with the above-described activities, including in particular obligations arising from legal provisions.
- Legal basis for processing:
- contract for the provision of services or actions taken at your request aimed at concluding it (Article 6(1)(b) of the GDPR);
- our legal obligation, e.g. related to accounting, the need to issue accounting documents or other Art. 6 section 1 letter c GDPR);
- your consent (Article 6(1)(a) of the GDPR);
- our legitimate interest (Article 6(1)(f) of the GDPR), consisting in the processing of data for the purpose(s):
- determining, pursuing claims or defending against possible claims;
- conducting direct marketing;
- monitoring user activity;
- analytical and statistical;
- customer satisfaction surveys;
- contacting you, including for purposes related to permitted marketing activities, via available communication channels, in particular and with your consent via the e-mail address provided;
- ensuring the security of the services we provide;
- organizing loyalty programs, competitions, events, promotional campaigns in which you can take part;
- debt collection and court proceedings;
- storing data for archiving purposes and ensuring accountability (demonstrating the Administrator's fulfillment of obligations arising from legal provisions).
§ 5. Processing period
- We will process your data only for the period in which we have a legal basis for doing so, i.e. until:
- we will no longer have a legal obligation to process your data;
- the possibility of establishing, pursuing or defending any claims will cease;
- you withdraw your consent to data processing if it was its basis;
- your objection to the processing of your personal data will be accepted - if the basis for the processing of your data was the legitimate interest of the administrator or if the data were processed for direct marketing purposes
- depending on what is applicable in a given case and what will happen at the latest.
- We store personal data of Users who only browse the content of the Website for a period corresponding to the life cycle of cookies stored on their devices.
§ 6. Data security
The Service Provider takes full responsibility for the processed personal data. The Service Provider uses technical and organizational security measures (e.g. SSL protocol, data encryption, restriction and control of access to data) to ensure confidentiality, protection against unauthorized or unlawful processing and accidental loss, destruction or damage to your data. Your data is processed only by authorized persons and entities who keep it confidential.
The Service Provider, taking into account the state of technical knowledge, implementation costs and the nature, scope, context and purposes of processing as well as the risk of violating the rights and freedoms of natural persons with varying probability of occurrence and threat severity, applies appropriate technical and organizational measures on the Website and in the Service Provider's company to ensure the degree of security measures appropriate to this risk to protect your data and information.
§ 7. Rights of data subjects and how to exercise them
Users have specific rights regarding their personal data, and the Service Provider, as the administrator of these data, is responsible for the implementation of these rights in accordance with applicable law. In case of any questions and requests regarding the scope and exercise of rights, as well as to contact us in order to exercise a specific right in the field of personal data protection, please contact us at the e-mail address: rodo@stanro.eu
- Access to personal data
Individuals have the right to access the data we store as a data controller. This right can be exercised by sending an e-mail to: rodo@stanro.eu - Withdrawal of consent
In the case of processing personal data on the basis of consent, natural persons have the right to withdraw this consent at any time. We inform you about this at almost every moment of collecting consents and enable you to withdraw your consent as easily as it was granted to us. Unless you are informed otherwise, i.e. if we have not provided you with another option to withdraw your consent (e.g. by using the appropriate "checkbox" button to withdraw your consent), please send us an e-mail to the following address: rodo@stanro.eu - Change of personal data
Changes, including updating your personal data processed by the Service Provider, can be made by sending an e-mail to the following e-mail address: rodo@stanro.eu - The right to limit the processing or object to the processing of personal data
Natural persons have the right to limit the processing or object to the processing of their personal data at any time, due to their particular situation, unless the processing is required by law. A natural person may object to the processing of his or her personal data when:- the processing of personal data is carried out on the basis of a legitimate interest or for statistical purposes, and the objection is justified by the particular situation in which she finds herself;
- personal data are processed for direct marketing purposes, including profiling for this purpose.
In turn, in relation to the request to limit data processing, it is possible, for example, when a person notices that his or her data is incorrect. You may then request that the processing of your data be limited for a period enabling us to check the accuracy of the data.
If you wish to exercise these rights, please send an e-mail to: rodo@stanro.eu
- The right to request deletion of data and the right to transfer data
The right to delete data can be exercised, for example, when the data of a natural person is no longer necessary for the purposes for which they were collected by the Service Provider or when the natural person withdraws his or her consent to the processing of data by the Service Provider. Moreover, if a natural person objects to the processing of his or her data or if his or her data is processed unlawfully. The data should also be deleted in order to fulfill the obligation arising from the law.
In turn, the right to transfer data applies when the processing of a person's data is based on the consent of the natural person or a contract concluded with him or her and when this processing is carried out automatically.
If you wish to exercise these rights, please send an e-mail to: rodo@stanro.eu
§ 8. Cookies and system information
As you navigate the Website, information may be collected passively on your part (i.e. without you actively providing this information). This information is transferred using various technologies such as cookies or system logs, they are safe for the device you are using, they do not cause configuration changes and do not transfer viruses or unwanted or malicious software.
1. What is system information (system logs)?
The web browser you use automatically transmits data to us in the form of system logs (IT records). This is information such as: the address (URL) of the website you previously visited, IP address, browser version currently used by your computer, as well as access time and the amount of data transferred.
The Service Provider may analyze the system logs described above. The information obtained in this way is used for administrative purposes (identifying and removing problems related to the operation of servers, including violations of their security) and for statistical research. This information is not combined with your personal data.
2. What are cookies?
"Cookies" are small text files sent by the Website that you are currently visiting and are saved on the end device, e.g. computer, smartphone, tablet that you use while browsing our Website. "Cookies", consisting of a number of letters and numbers, contain various information necessary for the proper functioning of our Website.
"Cookies" files do not contain data identifying Users, and on their basis it is not possible to determine anyone's identity. These files are in no way harmful to your device and do not change its settings or the settings of the software installed on it. The content of these files can only be read by the server that created them, thanks to which the displayed page is better suited to the User's individual preferences. "Cookies" identify data about the computer and browser used to browse websites. Thanks to them, we can, for example, find out whether a given computer has already visited the website. Data obtained from "cookies" are in no way combined with users' personal data obtained, e.g. during registration on the Website. Cookies used by the Website may be of the following nature:
- Persistent cookies: are stored even after you have finished using the Website and are used to store information, e.g. for authentication within the Website, which significantly speeds up and facilitates the use of our Website. Persistent cookies may remain on your computer for days, months or even years, or until you delete them.
- Temporary cookies (session): are deleted when you close the browser you used to browse our Website.
- "Functional" cookies , enabling "remembering" the settings selected by the User and personalizing the User's interface, e.g. in terms of the selected language or region from which the User comes, font size, appearance of the website, etc.
- "Cookies" used to ensure security, e.g. used to detect authentication abuses within the Website.
- Cookies" of third parties – (third party cookies) – this is information coming from e.g. advertising servers, servers of companies and service providers cooperating with the owner of a given website. They are placed on your device by third parties regardless of the Service Provider. The role of the Service Provider is limited solely to enabling third-party entities to place files that use information provided by third-party cookies. This information is obtained and managed only by a third-party entity, not the Service Provider.
3. How to disable cookies in your browser?
Each Internet User may decide which cookies he or she wants to use and can adapt them to his or her individual needs and preferences, including completely blocking the possibility of leaving cookies or deleting permanent cookies, using the appropriate options of the web browser used by Users. However, disabling the use of "cookies" may make it difficult to use some services on our Website. Users using a mobile device (phone, smartphone, tablet) should read the privacy protection options in the documentation on the website of the manufacturer of the mobile device.
Failure to change cookie settings means that they will be placed on the User's end device, and thus we will store this information on the User's end device and gain access to this information.
Information on the settings or complete disabling of cookies in individual browsers is available on the following websites of popular browser manufacturers or in the "Help" section in the web browser menu.
- Internet Explorer: http://support.microsoft.com/kb/278835/pl
- Safari: http://support.apple.com/kb/PH5042
- Bing: http://www.microsoft.com/PrivacyStatement/pl-pl/Bing/Default.aspx#EAB
- Chrome: https://support.google.com/chrome/answer/95647?hl=pl
- Mozilla Firefox: https://support.mozilla.org/pl/kb/usuwanie-ciasteczek
In mobile phones, tablets and other mobile devices - each device model may handle cookie management in a different way. Therefore, we encourage you to read the privacy options in the documentation on the website of the manufacturer of your mobile device.
§ 9. External services
We use the services of external entities to which your data may be transferred. Below is a list of possible recipients of your data:
- supplier of software needed to run our Website;
- entity that sends correspondence;
- accounting office, law firm, audit office;
- supplier or maintainer of software that facilitates business operations;
- entity providing marketing services;
- entity providing call center and SMS and e-mail sending services;
- entity providing statistical services;
§ 10. Profiling
In order to provide the most advantageous, tailored, personalized offer for its Users, the Service Provider may use "profiling", which means a form of automated processing of personal data, which involves the use of personal data to assess certain personal factors of a natural person, in particular to analyze or predict aspects related to personal preferences and interests. Decisions regarding sending a personalized offer, discount or other benefit are made automatically based on criteria such as: data regarding the services provided, information obtained using cookies, including transmission data, location data, data on personal preferences, interests in specific services, location or movement. Profiling will not include data covering special categories of personal data in accordance with Art. 9 GDPR (e.g. information about the name of the procedure, data regarding the User's health condition, health situation).
After determining whether the criteria are met, the IT system automatically sends information about the granted benefit or other information. The granted benefit can be used on the terms specified in the information about its granting, or waived. In the case of data processing for direct marketing purposes, including profiling, processing based on the legitimate interest of the administrator, for scientific, historical and statistical research purposes, data subjects have the right to object due to the special situation of the data subject.
The Service Provider does not make decisions that are based solely on automated processing, including profiling, and significantly affect the data subject. The Service Provider has implemented appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on the part of the Service Provider, to express his or her own position and to challenge the decision resulting from automated data processing. You have the right, in accordance with Article 21(1) and (2) of the GDPR, to object to profiling.
§ 11. Transfer of data outside the EEA
Data may be transferred outside the European Economic Area, but only in the case of IT infrastructure, and their transfer takes place on the basis of appropriate legal mechanisms, such as standard contractual clauses approved by the European Commission and on the basis of a data entrustment agreement.
§ 12. Contact with the administrator
Do you want to exercise your rights regarding personal data?
Or maybe you just want to ask about something related to our Privacy Policy?
Write to the e-mail address: rodo@stanro.eu or send us correspondence by traditional mail to the Administrator's address indicated in § 3 above.
§ 13. Changes to our Privacy Policy
As the Administrator, we reserve the right to change our Privacy Policy by publishing new content on our website. After the change is made, the privacy policy will appear on the website with a new date.