PERSONAL DATA PROCESSING POLICY WWW.ATSDISPLAY.COM
1.The Administrator of Personal Data on the website at: www.atsdisplay.com, hereinafter referred to as the Website, is ATS Display sp.z o.o.with its registered office at: ul. Boryszewska 22 C, 05-462 Wiązowna, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, 21st Commercial Division of the National Court Register, under the KRS number: 0000075752, NIP: 5321790563, REGON: 017445358, share capital PLN 50,000 (fully paid up).
2. Respecting your rights as subjects of personal data (data subjects) and respecting applicable law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals in in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection), hereinafter referred to as the GDPR, the Act of May 10, 2018 on the protection of personal data (Journal of Laws 2018, item 1000, hereinafter referred to as the Act) and other relevant provisions on the protection of personal data, we undertake to maintain the security and confidentiality of personal data obtained from you. All employees have been properly trained in the processing of personal data, and as the Personal Data Administrator, we have implemented appropriate safeguards as well as technical and organizational measures to ensure the highest level of personal data protection. We have implemented procedures and policies for the protection of personal data in accordance with the GDPR, thanks to which we ensure compliance with the law and reliability of data processing processes, as well as the enforceability of all rights you are entitled to as data subjects. Additionally, if necessary, we cooperate with the supervisory body in the territory of the Republic of Poland, i.e. with the President of the Office for Personal Data Protection (hereinafter referred to as PUODO).
3. We collect the following personal data on our website:
a) name and surname - may be processed when, as users of our Website (including customers or potential customers), you provide them to us via e-mail, the contact form available on our Website, traditional mail or by telephone, in order to take advantage of our offer,
b) telephone number - may be processed in the event of telephone contact on your part (including as customers or potential customers), and also when you provide it to us via e-mail via the contact form available on our Website or traditional mail, in to enable us to contact you if there is such a need in connection with the provision of services to you, as well as to answer questions related to our offer,
c) e-mail address - may be processed when, as users of our Website (including customers or potential customers), provide it to us in the event of contact via e-mail, the contact form available on our Website, as well as via e-mail traditional or by telephone; via e-mail we send you an order confirmation, we contact you if there is such a need related to the execution of the order, as well as answer questions related to our offer;
d) device IP address or browser identifier - information resulting from the general principles of Internet connections, such as the IP address (and other information contained in system logs), are used for technical and statistical purposes, in particular to collect general demographic information (e.g. about the region from which the connection is made),
e) possibly other data may be collected as part of carrying out specific cases or may be provided by you as users of our Website (including customers or potential customers) via e-mail, the contact form available on the Website, traditional mail or by contact telephone.
4. Providing the data indicated in the preceding point is necessary in the cases specified therein, in particular to answer your questions and enable contact via e-mail, the contact form available on the Website, traditional mail or telephone contact,
7. In accordance with the principle of minimization, we process only the categories of personal data that are necessary to achieve the goals referred to in point. 3 and 4 above.
8. We process personal data for the period necessary to achieve the goals listed in point. 3 and 4 above. Personal data may be processed for a longer period, if such a right or obligation imposed on us as the Administrator results from specific legal provisions, from the legitimate interest of the Administrator referred to in point. 10 lit. c below (i.e. for the period of limitation of claims or completion of relevant proceedings, if they were initiated during the limitation period) or when the service we provide is continuous (e.g. subscription to a newsletter).
9. The source of the Personal Data processed by the Administrator are the data subjects.
10. The legal basis for the processing of your personal data is:
a) Art. 6 sec. 1 lit. b GDPR, i.e. indispensability to perform a contract to which you are a party or to take steps at your request before concluding a contract, or
b) art. 6 sec. 1 lit. c GDPR, i.e. necessity to fulfill the legal obligations incumbent on the Administrator, or
c) Art. 6 sec. 1 lit. f RODO, i.e. the legitimate interest of the Administrator, which is the determination, investigation or defense of claims until their statute of limitations or until the completion of relevant proceedings, if they were initiated within this period, or
d) Art. 6 sec. 1 lit. a GDPR, i.e. your consent to the processing of personal data for specific purposes, when other legal grounds for the processing of personal data do not apply.
11. Personal data is not transferred by us to a third country or an international organization within the meaning of the provisions of the GDPR. In the event that personal data are transferred to a third country or an international organization, you will be informed in advance, and the Controller will apply the safeguards referred to in Chapter V of the GDPR.
12. We do not disclose any personal data to third parties without the express consent of the data subject. Personal data without the consent of the data subject may be made available only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement authorities and other entities authorized in generally applicable law).
13. In the event of the "Like!" Button or other links as part of the Application to the Administrator's accounts in social media, in the scope of data regarding, in particular, IP or internet browser identifier, if the Administrator uses the following products:
a) Facebook (e.g. Facebook, Messenger, Instagram) - the above data is processed on the basis of joint administration with Facebook Ireland Ltd. with its registered office at: 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland,
b) Google (e.g. YouTube, Maps) - the above data is processed on the basis of co-administration with Google Ireland Ltd. with its registered office at: 4 Barrow St, D04 E5W5, Dublin, Ireland (Google Building Gordon House). c) LinkedIn - the above data is processed on a co-administration basis with LinkedIn Corporation ATTN: Copyright Agent, Legal Department, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA.
If, in the cases referred to in this point, the transfer of personal data to third countries takes place, it is done on the terms set out in point 11.
14. Personal data may be entrusted for processing to entities that process such data on our behalf as the Personal Data Administrator. In such a situation, as the Personal Data Administrator, we conclude an agreement to entrust the processing of personal data with the processor. The processing entity processes the entrusted personal data only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to conduct our business as part of the Website. As the Personal Data Administrator, we entrust personal data for processing to the following entities:
a) providing hosting services to the website on which our Website operates,
b) providing us with other services that are necessary for the current functioning of the Website.
15. Personal data is not profiled by us as the Administrator within the meaning of the GDPR.
16. In accordance with the provisions of the GDPR, each person whose personal data we process as the Personal Data Administrator has the right to:
a) be informed about the processing of personal data referred to in art. 12 GDPR,
b) access to their personal data, as referred to in art. 15 GDPR,
c) correct, supplement, update and rectify personal data referred to in art. 16 GDPR, d) deletion of data (the right to be forgotten), referred to in art. 17 GDPR,
e) restriction of processing referred to in art. 18 GDPR,
f) transfer the data referred to in art. 20 GDPR,
g) object to the processing of personal data, as referred to in art. 21 GDPR,
h) in the case of the legal basis referred to in point 10 lit. d above - the right to withdraw consent at any time without affecting the lawfulness of the processing which was made on the basis of consent before its withdrawal,
i) not being subject to the profiling referred to in Art. 22 in connection with with art. 4 point 4 of the GDPR,
j) file a complaint to the supervisory body (i.e. to the President of the Personal Data Protection Office) referred to in art. 77 GDPR,
taking into account the rules of using and exercising these rights resulting from the provisions of the GDPR.
17. If you want to exercise your rights referred to in the preceding point, please send a message by e-mail to the e-mail address or in writing to the correspondence address referred to in point 18 below.
18. As the Administrator, we have appointed the Data Protection Officer, Konrad Cioczek. All inquiries, applications and complaints regarding the processing of personal data by the Administrator, hereinafter referred to as Notifications, should be sent to the following e-mail address of the Data Protection Officer: firstname.lastname@example.org or in writing to the following address: ul. Boryszewska 22 C, 05-462 Wiazowna.
19. The content of the Application should clearly indicate:
a) data of the person or persons to whom the Application relates,
b) the event that is the reason for the Report,
c) present your requests and the legal basis for these requests,
d) indicate the expected way of settling the matter.
20. Each identified security breach is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, the data subjects are informed about such a breach of the provisions on the protection of personal data, and - if applicable - PUODO.