On 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, the so-called GDPR) enters into force. Please see important information: GDPR Disclaimer.
I. Preliminary provisions
- This document (Policy) constitutes an attachment to the Regulations of the MSERWIS Websites (Regulations).
- If any term defined in the Regulations is used in this Policy, it shall have the meaning assigned in the Regulations, unless otherwise specified in this document.
- Otherwise, the definitions adopted in this Policy shall apply.
- GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, the so-called “GDPR”);
- Personal Data (or “personal data”) – means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by an identifier such as his or her full name, identification number, location data, Internet identifier or one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;
- Personal Information - all information, data, “traces” that may be left by the Website User, even if unintentionally, while using the Websites, even if such data do not constitute Personal Data within the meaning of the above definition.
- Processing (processing) means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, download, viewing, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Profiling (profiling) means any form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyse or forecast aspects relating to that individual's work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or mobility;
- Controller, Personal Data Controller, DC, PDC ("controller") means a natural or legal person, public authority, individual or any other entity which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are provided for by Union or Member State law, a controller may also be designated or specific criteria for its designation may be laid down by Union or Member State law; the Controller shall be the Operator;
- Processor (“processor”) means a natural or legal person, public authority, individual or any other entity which processes personal data on behalf of the controller;
- Recipient (“recipient”) mean a natural or legal person, public authority, individual or any other entity to whom personal data are disclosed, whether a third party. However, public authorities that may receive personal data in the framework of a specific proceeding under Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities must comply with the data protection rules applicable to the purposes of the processing;
- Third Party (“third party”) means a natural or legal person, public authority, individual or entity other than the data subject, controller, processor or persons who, under the authority of the controller or processor, may process personal data;
- Consent (“consent”) of the data subject means a voluntary, specific, informed and unambiguous willingness, by which the data subject, in the form of a declaration or specific affirmative action, consents to the processing of his or her personal data;
- Personal Data Breach (“personal data breach”) means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed;
- Supervisory Authority (“supervisory authority”) – the President of the Office for the Protection of Personal Data (PUODO);
- Third Country - a country not belonging to the European Union (EU) or the European Economic Area (EEA).
III. Personal information
- Viewing the Websites and shopping. You can view the content of the Websites without a User/Customer account and even make purchases to a certain extent – with significant restrictions, resulting e.g. from the need to ensure the security of transactions. You can also contact the Controller through the User Support Centre without registering your account.
- Websites’ account / User (Customer) Registration. Most of the Websites’ functionalities, especially with regard to the possibility of purchasing most of the Services, are available only to registered and logged in Users (Customers). Such Users also have additional options available for managing their purchases (of goods/digital products).
- Information on use. While using a Website, the Controller may record information on (in particular):
- Registration IP
- Registration confirmation IP
- Login IP
- Entries to individual Websites’ pages / subpages IP
- Data on the elements “Clicked” by the User on the website
- Location information
- Information on returns to the website – even if the User is not logged in
- Information about shopping preferences, e.g. based on the products viewed, purchases made so far, as well as the things added to the shopping cart, even if a final purchase was not made
- Newsletter subscription data
- Ensure adequate rights. The above takes place with the observance of the rights of the Users, guaranteed, among others, by the GDPR. For details, see the separate document “Information related to the GDPR” (GDPR Information Clause).
- Checking the reading of the information. To ensure the appropriate quality of service, the Controller may place a tag (also known as a web beacon file) in HTML email messages of Customer Service or other sent messages to confirm their delivery. Other adequate/equivalent ways of checking the information by the User or Customer are also possible.
- In the case of sending Personal Information to the Website, it may be used to maintain, share and improve the Website and to process orders and analyse the User's interests in the products offered on the Website.
- The Controller does not use Personal Information of Users to send commercial or advertising messages without their consent. The Controller may use the email address for purposes other than advertising or administrative (such as notification of the status of the User's orders, availability of the Services, etc.). This applies in particular to communication in connection with the fulfilment of the order.
- The Controller may also implement marketing objectives on a basis other than the Consent – in particular on the basis of Article 6(1)(f) GDPR. These issues can be found in more detail, inter alia, in the Information related to the GDPR (GDPR Information Clause) document.
IV. Personal data
- The Operator processes users' personal information in accordance with the law (in particular Article 6 of GDPR). In order to protect personal data against accidental or unlawful destruction, loss, alteration, or against unauthorized disclosure and access, the Operator adopts technical and organizational security measures (described among others in the internal documentation, mentioned in recital (78) of GDPR, including, in particular, in the Personal Data Protection Policy implemented by the Administrator).
- When you submit your personal information, the Operator normally uses it to prepare an offer (in particular regarding Services), fulfil orders (in particular regarding Services) and maintain contact with people interested in the Operator's offer as well as with the Operator's customers. We can store and process personal data in order to better understand the needs of those (Users) interested in the offer and our customers, as well as to be able to improve our products and services.
- The Operator's sites operate not to collect personal information, except for the cases when the visitors (Users) themselves agree on it (e.g., when completing the registration form, or signing up for the newsletter), or when it is permitted by the personal data collection regulations.
- The Operator shall respond to all justified requests to access the personal information and correct or delete any inaccuracies in such information. Any registered user of the website can access and update their personal information after they have authenticated themselves to the website.
- The Operator does not sell or otherwise does not share the customers' personal information with third parties, with the
following exceptions, and only if necessary:
- in order to prepare the offer, for services execution and delivery,
- in order to achieve an additional goal which is directly related to the purpose for which the personal information was originally submitted,
- for legal reasons, or when required by the competent governmental or judicial authorities,
- to prevent fraud or other illegal activities.
- Detailed information on the rules applicable to personal data sharing related to the services that we provide is available in the Terms and Conditions as well as in the GDPR Disclaimer.
- When you browse our websites, the Operator may automatically collect non-personal information sent by your browser (e.g., the type of Internet browser used to access our website and the operating system, the address of a referring website, number of visitors, average time spent on the site, the sequence of pages viewed). The Operator can use this data and share it with third parties in order to generate statistical data that does not allow the identification of the person who supplied particular information, so to improve the performance and contents of our sites.
- The Controller may use Google Analytics or other similar systems from external providers on the Website. In particular, Google Analytics mainly uses its own cookies to report on user interactions on Google Analytics’ customer sites (our Services – Website). Google cookies regarding advertisements are used to support Google Analytics Advertising Features (such as remarketing) in Google advertising network services, such as AdWords. More about this technology, about the additional cookies it uses and about how to disable this technology can be found on the data security pages published by the manufacturer of this technology at the address: https://support.google.com/analytics/answer/6004245
VI. Links to other websites
The Operator's sites may feature links to other websites operated by external parties. You should familiarize yourself with the relevant policies of those sites.
VII. Unsolicited messages
- The Operator reserves the right to send unsolicited, unannounced messages to people whose contact details have been collected and who have expressed their consent.
- The term 'unsolicited messages' applies to messages containing information directly related to services provided by the Operator and services provided by the Operator's partners. Messages may contain information about services used by the client (such as payment details, subscription end dates, use of services), as well as marketing information about other services (such as promotions, special offers, new services on offer).
- The Operator normally sends messages once a month on average. In exceptional cases (e.g., notification of major changes to the service) messages may be sent more often. Each recipient of the said messages may at any time revoke a previously given consent to receiving them.
- Cookies are used to:
- customize the web content of the Operator's Sites to the preferences of the user and optimize the use of the Operator's Sites, for example in order to identify the user's device and to display pages tailored to their individual needs;
- collect data to generate statistics about visitors and how they use the Operator's Sites, which enables us to improve them continuously;
- maintain the user's session after logging into the Site, which facilitates its use by not having to log in again with every new activity.
- The Websites use two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the user's computer until the user logs out, leaves the website or disables the software (a web browser). Permanent cookies are stored in the terminal equipment of the user for the time specified in the cookie parameters or until their removal by the user.
- Cookies may be installed in the terminal equipment of the Websites' user, as well as used by advertisers and partners cooperating with the Operator.
- Please note that most web browsers by default allow cookie installation and storage, also by our Sites, in the terminal equipment of the user. These settings can be modified in such a way as to block the automatic handling of cookies or to notify the user every time cookies are installed on the user's equipment. Changing of the cookie settings in the most popular web browsers:
- Please note that enabling cookies is required to use some of the features of these sites.
IX. GDPR Disclaimer