Please note that we take due care to ensure that your personal data are processed in accordance with the requirements of the applicable law, including, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”).
With the above in mind, we hereby inform that:
- DATA ADMINISTRATION
The processing of personal data is based on lawfulness, reliability and transparency of information. The data are collected by the Controller for a specific, clear and justified purpose and the scope of the data is limited to data necessary for this purpose. The Controller makes every effort to ensure the highest possible security and protection of personal data processed by them. Providing data is voluntary. You have the right to access and check your personal data, update them and submit a request to delete them.
Personal data have been collected by us mainly directly from you or from entities cooperating with us based on your consent or in order to perform an agreement/services in the cases referred to in paragraph 3 point. 6 below.
- DATA CONTROLLER
The Data Controller is: NEW VISION OPTICA Spółka z ograniczoną odpowiedzialnością, seated in Opole at ul. Krapkowicka 21, 45-760 Opole, entered in the register of entrepreneurs by the District Court in Opole, 8th Economic division of National Court Register under KRS number 0000702558, Business Registration Number (REGON): 368486144, Tax Identification Number (NIP): 7543160332.
With regard to your rights as data subjects and with regard to mandatory legislation, including, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, the Polish Personal Data Protection Act (hereinafter referred to as the Act) and other relevant provisions on personal data protection, we undertake to maintain the security and confidentiality of all personal data that you provide to us. All our employees have been properly trained in the protection of personal data and our company, as the Data Controller, has introduced new security measures, as well as technical and organizational measures, to ensure the highest possible level of personal data protection. We have put in place appropriate procedures and rules for the processing of personal data in accordance with the GDPR, so that the processing of personal data is legal and accurate, and you, as data subjects, can exercise all your rights. Moreover, if necessary, we cooperate with the regulatory authority on the territory of the Republic of Poland, i.e. the President of the Personal Data Protection Office (hereinafter referred to as the PPDPO).
All questions, requests and complaints relating to the processing of personal data in our company (Data Controller), hereinafter referred to as the Applications, should be sent by e-mail to the e-mail address: firstname.lastname@example.org or in writing to the postal address of the Data Controller.
The Applications should clearly indicate:
the details of the person or persons concerned in the request,
the event in question,
the requests submitted and their legal basis,
the desired way to solve the problem.
- TYPE OF PERSONAL DATA PROCESSED AND THE PURPOSES OF PERSONAL DATA PROCESSING
Our website collects the following personal data:
e-mail address – we collect your e-mail address in order to create an Account,
handle your inquiry using the contact form and communicate via e-mail, telephone call.
in connection with the use of the Website, additional data may be processed, in particular: IP address, domain name, browser type, access time or operating system type, as well as navigation data, including information about the links and references that you choose to click on or other actions that you take on our Website.
in connection with your use of the Website, your personal data may be collected by:
sending an inquiry using the contact form,
communication via e-mail.
in case of Entrepreneurs, the above scope of data may be extended to include: the name of the entrepreneur’s company, company number, other identification numbers of the entrepreneur.
Providing the above specified data is voluntary, but necessary to create an Account.
Your personal data are processed for the following purposes:
proper performance of the agreement or taking actions upon request, prior to the conclusion of the agreement, in particular, answering your questions, e.g. by means of a contact form (Art. 6(1)(b) of the GDPR),
to fulfil the legal obligation of the Data Controller (see Art. 6(1)(c) of the GDPR),
possible determination, assertion or defence against claims, as legitimate interests of the Controller (see Art. 6(1)(f) of the GDPR),
proper use of the contact form/logging service on the website, in order to perform the agreement, provided by electronic means (Article 6(1)(b) of the GDPR – the need to perform the agreement for the provision of contact form service),
subscribing and receiving information about the services and their functionalities available in the Service, in order to perform the agreement, the subject of which is the service provided electronically. Legal basis – consent of a data subject for the purpose of performance of an agreement (Art. 6(1)(a) of the GDPR and Art. 10 of the Act of 18.07.2002 on provision of services by electronic means and Art. 172 of the Act of 16.07.2004 – Telecommunications Law);
subscribing and receiving an electronic Newsletter, in order to perform the agreement, the subject of which is the service provided electronically. Legal basis – consent of the data subject to the performance of the agreement for the provision of the Newsletter service (Art. 6(1)(a) of the GDPR, consent of the data subject to the performance of the agreement for the provision of the Newsletter service; as well as Art. 10 of the Act of 18.07.2002 – on the provision of electronic services and Article 172 of the Act of 16.07.2004 – Telecommunication law);
The Controller may also collect navigation data from Website users, including information about the links and references they decide to click on, or other actions taken on the Website, consisting in facilitating the use of services provided electronically and improving their functionality (Article 6(1)(f) of the GDPR, legitimate interest),
facilitating the use of services provided by electronic means and improving the functionality of these services, i.e. on the basis of the Controller’s legitimate interest (Article 6(1)(f) of the GDPR),
your personal data is processed by the Controller in order to perform the services provided to you (i.e. data subjects) and offered by the Service. Pursuant to the principle of minimization, we process only those categories of personal data that are considered necessary to achieve the purposes set out in the previous sentence.
The sources of personal data processed by the Controller are the data subjects.
When filling in the login form on the website, the user provides at least: e-mail address, telephone number.
- COOKIES AND PROFILING.
Our Service uses cookie technology to adjust its functionality to your individual needs. You may, therefore, agree to save the data and information you have entered, so that it can be used on subsequent visits to the site without having to enter it again. Owners of other websites will not have access to those data and information. However, if you do not agree to have the site personalised, you can disable cookies in your web browsers.
Personal data are not subject to profiling by the Data Controller.
- PERIOD OF PERSONAL DATA PROCESSING
Your data will be processed for the period necessary for the performance of the agreement and the provision of services, and may be processed for the period necessary for the realization of the legitimate interests of the Data Controller.
If the basis for the processing of your personal data is your consent, the data are processed by the Controller until it is revoked, and after the withdrawal of consent for a period corresponding to the statute of limitations for claims, which may be raised by the Controller and which may be raised against them, as well as to be able to fulfil a statutory legal obligation if we are obliged to fulfil certain legal obligations (including tax obligations).
We process personal data only for the period necessary to achieve these purposes. Personal data may be processed for a longer period of time only if the Data Controller is obliged to do so on the basis of applicable law or if the service provided is continuous.
- DATA RECIPIENTS
Your personal data may be transferred to entities cooperating with the Controller, in particular to entities providing IT services and support, as well as entities providing PR services to the Controller, accounting, legal and IT companies providing services to us, as well as all institutions specified in the applicable law, in particular tax offices and, if necessary, entities providing archiving services. In justified cases your data may be transferred outside of EU. In such a case, the Data Controller shall always ensure confidentiality of the transferred data and that only the data necessary for the proper performance of the agreement and based on appropriate personal data protection safeguards required by the applicable law will be provided.
Personal data may be shared with entities that process data on our request, i.e. on request of the Data Controller. In such a case, as the Data Controller, we enter into an agreement to entrust the processing of personal data with such an entity. The processing entity shall process the data shared by us solely for the purposes specified in the abovementioned agreement.