(in effect from 15 may 2018)
1. Tomasz Czułek, referred to as the Provider or the Administrator, who is running business activity as GUIDE AND FUN Tomasz Czułek company, registered in Central Registration and Information on Business (CEIDG) run by Polish Minister of Economy, company address: ul. Czerska 18/380, NIP: 8371245326, REGON: 368644672, e-mail: firstname.lastname@example.org, tel. +48 794 002 871, is a the Administrator of personal data collected via GuideandFun.com website.
2. Personal data collected by Administrator via the web site are processed according to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), referred to as RODO.
TYPE AIM AND RANGE OF DATA COLLECTING
1. AIM AND LEGAL BASIS. Administrator processes personal data of Customers of GuideanfFun.com service in case of:
a) registering an Account in Service, in order to create an individual Account to manage this Account , according to article 6, 1st paragraph, section b) RODO (realisation of service provision agreement via electronic means according to the Terms and Conditions of a Service),
b) ordering payed services with Service, according to article 6, 1st paragraph, section b) RODO (realisation of service provision agreement),
c) signing up for the Newsletter in order to receive trade information via electronic means. Personal data will be processed after giving a separate consent, according to article 6, 1st paragraph, section a) RODO.
2. TYPES OF PROCESSED PERSONAL DATA. In case of:
a) Account, the Customers provides:
· Telephone number,
· License number,
· Company’s name,
· NIP number
b) Ordering a paid service, the Customer provides:
· Telephone number,
· Company’s name,
· NIP number
c) Newsletter, the Customer provides:
3. PERSONAL DATA AERCHIVING PERIOD. Personal data of Customers is stored by Administrator:
a) in case of data processing on the basis of agreement realisation, for a period necessary for agreement realisation, and after that period, for a time corresponding to the claims limitation period.
b) in case of data processing on the basis of a consent, until the consent is withdrawn, and after its withdrawal, for a time corresponding to the claims limitation period, which the Administrator may be subject to. If there is no specific law that would state differently, this term is six years, and for claims related to periodic services an claim related to running a business activity – three years.
4. While utilising Service, additional data may be downloaded, especially: IP address assigned to the Customer’s PC or external IP of Internet provider, domain name, type of web browser, access time, OS type.
5. Additionally, also Customers navigation data may be collected, including data on links and references which they click or other actions performed within Service. Legal basis for such activity is legitimate Administrator’s interest (article 6, 1st paragraph, section f, RODO), which is facilitating provision of services via electronic means and increase of functionality of such services.
6. Customer’s personal data provision is voluntary.
7. Personal data will be processed automatically (profiling) provided User will declare his consent (according to article 6, 1st paragraph, section a) RODO). Profiling results in assigning to a given individual a profile in order to enable making decisions concerning him, analysis and predicting his preference, behaviour and attitudes.
8. Customer has a right to file an objection against his data being processed at any time (mentioned in section 7 of this paragraph), against giving information on methods and range of profiling of personal data and the right to erase, restrict, edit, correct and transfer them to another entity.
9. Administrator makes every effort to protect affairs of individuals concerned with data. Especially he assures that collected data is:
a) processed legally,
b) collected for purposes marked, legal, and it is not processed further for no reasons inconsistent with these purposes,
c) substantively correct and adequate for purposes it is being processed and stored, in a way that enables identification of concerned individuals (only for a period required to achieve purposes for which it is being processed).
PERSONAL DATA DISCLOSURE
1. Customer’s personal data are disclosed to service providers with which the Administrator collaborates in the process of service provision. Service providers to whom personal data is being disclosed, according to agreement’s entries and circumstances, are subject to Administrator’s directives in relation to aims and methods of personal data processing (processing entities) or they define such aims and methods on their own (administrators).
2. Personal data of Customers which are Clients, are being disclosed to Guides registered within the Service.
3. Personal data of Customers which are Guides, are being disclosed to Clients registered within the Service.
4. Customer’s personal data are stored only within the region of European Economic Area (EEA).
RIGHT TO CONTROL, ACCESS AND TO MODIFY PERSONAL DATA
1. Person concerned with data has a right to access his personal data and change it, delete it, restrict processing of it, right to transfer data, right to raise an objection, right to withdraw consent (at any moment), with no effect on compliance with processing right, made according to the consent delivered before withdrawing it.
2. Legal basis for Customer’s request:
a) Data access – art. 15 RODO.
b) Data rectification – art. 16 RODO.
c) Data deletion (so-called right to be forgotten) – art. 17 RODO.
d) Data processing restriction – art. 18 RODO.
Customer has a right to demand restricting processing of his personal data in a defined time period or in a defined range.
e) Data transfer – art. 20 RODO.
In order to exercise this right, one should contact the Administrator, providing name and address of the entity to which data is to be transferred and their range. Transfer will occur in electronic form after such request is being accepted by the Customer.
f) Objection – art. 21 RODO.
Customer has a right to raise an objection against all of his personal data processing or in a defined range.
g) Consent withdrawal – art. 7 sec. 3 RODO.
Consent for data processing can be withdrawn at any time without providing any reasons. Request can be related to withdrawal only regarding a specific aim or all aims of data processing.
3. In order to exercise rights mentioned in section 2, a proper notice can be send on email: email@example.com. or a written request can be sent on address: ul. Czerska 18/380, 00-732 Warsaw. In such request, whether in electronic or written form, Customer should provide as much data as possible related to the subject of request, especially type of right the Customer would like to exercise, according to section 2 of this paragraph and contact data. Provided information will substantially facilitate processing of the claim by the Administrator.
4. If the Customer claims a right resulting from the above mentioned, the Administrator will fulfil the request or deny it (section 6 of this paragraph) immediately, not longer than within a month from its reception. However, if the request is of complex nature or there is a high number of such requests, due to which Administrator will not be able to respond to the request within a month, he will do this within next two months and he will inform the Customer of such situation within a month from the date of receiving such request.
5. If it is validated that personal data processing is in conflict with RODO, the person concerned has a right to file a complaint to the Head of Personal Data Protection Office.
6. The right to data deletion (so-called right to be forgotten) pursuant to Art. 17, par. 1 and 2 RODO does not apply in the range in which data processing is necessary for:
a) exercising the right of freedom of speech and information,
b) complying to the legal obligation demanding data processing on the basis of law of the EU or a member country, to which the Administrator is a subject, or to perform a task for public interest or due to public authority entrusted to the Administrator,
c) due to public interest in the domain of public health according to Art. 9, par. 2, sec. h), i) and Art. 9, par. 3 RODO,
d) archiving in public interest, for purpose of scientific or historic research, or for statistical purposes, according to Art. 89, par. 1 RODO, provided it is possible, that the law mentioned in par. 1 Art. 17 RODO, will render impossible or substantially more difficult to realise aims of such processing; or
e) defining or defending claims
1. Website uses “cookie” files.
2. “Cookie” files installation is necessary for correct functioning of Website services. “Cookie” files hold data necessary for correct functioning of Website, and they provide data for developing general web site’s visiting statistics.
3. Website utilises two types of “cookie” files (Session “cookies”, Permanent “cookies”):
a) Session “cookie” files are temporary files stored at Customer’s end device until logging out Website.
b) Permanent “cookie” files are stored at Customer’s end device for a period defined in “cookie” file parameters or until they are deleted by User.
4. Administrator utilises his own “cookie” files in order to enable better analysis of Customers’ interaction with the content of Website. Such files gather information on methods of using Website by a Customer, type of page from which a Customer has been redirected and a number of visits of a Customer on Website. This data does not store any specific personal data of a Customer but it is a base for calculating Website’s usage statistics.
5. User has a right to decide about “cookie” files range of access to his computer by previous setting in browser’s window. Detail information on capabilities and options of “cookie” files usage are available in software settings (settings of web browser).
6. Service Users can change “cookie” settings at any time. Such settings can be changed especially considering automatic blocking of “cookie” files support within web site’s settings, or informing each time they are placed in the device of User utilising the Service. Not performing such changes considering “cookie” files within settings results in their placing in the end device of User, therefore data will be stored in such device and access to it will be acquired.
7. Disabling “cookie” files utilisation can result in difficulties in using some of Services, especially ones which require logging.
ADDITIONAL SERVICES RELATED TO USER’S ACTIVITY WITHIN SERVICE
1. Within the Service, the so-called social plugins are being utilised. While displaying the GuiandFun.com web site, which contains such plugins, Customer’s web browser will establish a direct connection with Facebook or Instagram servers.
2. Content of the plugin is redirected by Provider directly to Customer’s web browser and integrated with web site. Due to such integration, providers receive information that the Customer’s web browser displays GuideandFun.com web site, even if Customer does not have a profile within system of a given provider or if is not logged at that particular time. Such information (along with Customer’s IP) is send by browser directly to the provider’s server (some of the servers are in USA) and stored there.
3. If Customer logs into one of the above mentioned social services, the Provider will be able to assign visit on the GuideandFun.com web site to the user’s profile on a given service.
4. If Customer will use a given plugin, for instance, by clicking the “Like” or “Share” button – a proper notification will be sent also directly to the provider’s server and stored there.
6. If Customer does not want social services to assign the data gathered while visiting GuideandFun.com web site directly to his profile within a given service, Customer, before visiting GuideanfFun.com web site, have to logout from that service. Customer can also completely disable loading of the plugins, by utilising proper extensions for the web browser, for instance, scripts blocking via “NoScript” (https://noscript.net/).
1. Administrator uses technical and organisational measures to provide protection of personal data being processed, adequate to dangers and categories of data under protection. Especially, administrator secures data from disclosing it to unauthorised parties, intercepting it by unauthorised parties, processing it with violation of regulations of law and modifying, losing, corrupting and destroying.
2. Provider delivers proper technical measures to prevent interception and modification of personal data being send electronically.