GDPR Information Clause
Who is the data controller?
The Controller can be contacted in one of the following ways:
- Postal address – AKSEL Sp. z o.o., ul. Lipowa 17, 44-207 Rybnik, Poland
- E-mail address – firstname.lastname@example.org
- Phone – +48 32 42 95 100
- Contact form – available at https://www.conselplus.com/contact
Has the Controller appointed a Data Protection Officer?
The Controller has appointed Mr Grzegorz Buchalik as Data Protection Officer.
The Data Protection Officer can be contacted via:
- e-mail at: email@example.com,
The Data Protection Officer can be contacted on all matters concerning the processing of personal data.
Where do we obtain personal data from and what are its sources?
Data is obtained from the following sources:
- from data subjects;
- in the case of registration via social networking sites, with the informed consent of those persons – from those social networking sites.
What is the scope of the personal data we process?
Our website processes ordinary personal data provided voluntarily by the persons concerned (e.g. name, login, e-mail address, telephone, IP address, etc.).
What are the purposes of our data processing?
Personal data voluntarily provided by Users is processed for one of the following purposes:
- Implementation of digital services:
- Services related to registration and maintenance of your account on the Website and the related functionalities;
- Newsletter services (including the sending of advertising content with consent);
- Services for commenting on / liking posts on the Website without registering;
- Communication of the Controller with Users on matters related to the Website and data protection;
- Ensuring the legitimate interest of the Controller.
What is the legal basis for data processing?
The Website collects and processes Users’ data on the basis of:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),
- article 6(1)(a) – the data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes;
- article 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- article 6(1)(f) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party;
- The act of 10 May 2018 on personal data protection (JoL 2018 item 1000);
- The act of 16 July 2004 – Telecommunications Law (JoL 2004 no. 171 item 1800);
- The act of 4 February 1994 on copyright and related rights (JoL 1994 no. 24 item. 83).
What is the legitimate interest pursued by the Controller?
- For the purpose of possibly establishing, investigating or defending against claims – the legal basis for the processing is our legitimate interest (GDPR Article 6(1)(f)) to protect our rights, including but not limited to:
- assessing the risk for potential customers;
- evaluating planned marketing campaigns;
- direct marketing.
For how long do we process personal data?
As a general rule, the personal data indicated shall only be stored for the duration of the service provided by the Controller. The data is deleted or anonymized within 30 days after termination of the service (e.g. deletion of a registered user account, unsubscribing from the newsletter, etc.).
In exceptional situations, in order to safeguard the legitimate interest pursued by the Controller, this period may be extended. In such a situation, the Controller shall retain the data indicated, from the time of the request for deletion by the User, for no longer than a period of 3 years in the event of a breach or suspected breach of the provisions of the Terms of Service by the data subject.
Who is the recipient of the data, including personal data?
As a general rule, the only recipient of data is the Administrator.
However, data processing may be entrusted to other entities providing services to the Controller in order to maintain the operation of the Website.
Such entities may include, but are not limited to:
- Hosting companies providing hosting or related services to the Controller;
- Companies through which the Newsletter service is provided.
Will your personal data be transferred outside the European Union?
Personal data will not be transferred outside the European Union, unless it has been published as a result of an individual action by the User (e.g. entering a comment or entry), which will make the data available to any visitor to the website.
Will personal data be the used for automated decision-making?
Personal data will not be used for automated decision-making (profiling).
What are your rights in relation to the processing of your personal data?
- Right of access to personal data
Users have the right to obtain access to their personal data, exercised upon request made to the Controller.
- Right to rectification of personal data
Users have the right to request from the Administrator the immediate rectification of personal data that is inaccurate and/or the completion of incomplete personal data, carried out upon request made to the Controller.
- Right to erasure
Users have the right to request the Controller to delete their personal data immediately, exercised upon request made to the Controller.
In case of user accounts, the deletion of data consists of the anonymization of the data allowing for the User to be identified.
In case of the Newsletter service, the User has the option of deleting his/her personal data himself/herself using the link provided in each email sent.
- Right to restrict the processing of personal data
Users have the right to restrict the processing of personal data in the cases indicated in Article 18 of the GDPR, among others, questioning the correctness of personal data, exercised upon request made to the Controller.
- Right to data portability
Users have the right to obtain from the Administrator, personal data concerning them in a structured, commonly used and machine-readable format, carried out upon request made to the Controller.
- Right to object to the processing of personal data
Users have the right to object to the processing of their personal data in the cases set out in Article 21 of the GDPR, exercised upon request made to the Controller.
- Right to lodge a complaint
Users have the right to lodge a complaint with the data protection supervisory authority.