The Controller of the personal data collected through the Website is CATCHSHIFT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered seat in Wolsztyn, entered into the Register of Entrepreneurs of the National Court Register under the number 0000715971, the registry court where the documents of the company are stored: District Court Poznań-Nowe Miasto i Wilda in Poznań 9th Commercial Division of the National Court Register, registered office and address for notices: ul. Przemysłowa 2, 64-200 Wolsztyn, Tax Identification Number (NIP): 9231720420, National Official Business Register Number (REGON): 69338871, share capital: PLN 5.100, e-mail address: email@example.com, phone number: +48 68 347 58 57 – hereinafter referred to as the “Controller” and at the same time the Owner of the Website.
Personal data collected through the Website are processed by the Controller as per the applicable provisions of law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – (“GDPR”). The official GDPR text: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
The use of the Website is voluntary. The provision of personal data by a user accessing the Website is also voluntary, subject to those cases where it is necessary for using certain Website functionalities, including e.g. the contact form. Failure to provide personal data in the cases and within the scope necessary to use a particular Website functionality will result in not being able to use this functionality. In each case the scope of information required for using a Website functionality is indicated on the Website by the Controller (e.g. prior to filling the price quote form).
The Controller exercises due care to protect the interests of the data subjects, and in particular the Controller is responsible for and ensures that the collected data is: (1) processed lawfully, (2) collected for specified and legitimate purposes and no further processed in a way incompatible with the intended purposes; (3) relevant and adequate to the purposes for which it is processed, (4) kept in a form which permits identification of the data subjects no longer than it is necessary for the purposes for which the data is processed and (5) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with the GDPR. Those measures shall be reviewed and updated where necessary. The Controller uses technical measures to prevent unauthorized persons from obtaining or modifying the personal data submitted by electronic means.
All words, expressions and acronyms in this policy spelled with a capital letter shall have the meaning as given herein.
The Controller has the right to process personal data in cases – and within the scope –where at least one of the following applies: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The purpose, grounds and period of processing, as well as the data recipient for the data processed by the Controller in each case, result from actions taken by a particular user on the Website.
The Controller may process personal data on the Website for the purposes, based on the grounds, in periods and in within the scope as specified below:
|Purpose of data processing||Legal grounds for processing||Duration of data retention|
|Performance of a contract or taking action upon the data subject’s request prior to concluding the contract||Article 6(1)(a) of the GDPR (contract) – the processing is necessary for the performance of a contract (e.g. service contract or sales contract) to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (e.g. drafting an offer)||The data is stored for the period necessary for the electronic services contract concluded with the Controller to be performed, terminate or otherwise expire.|
|Direct marketing||Article 6(1)(f) of the GDPR (controller’s legitimate interest) – the processing is necessary for the legitimate interests of the Controller – which consist in protecting the Controller’s interest and good image and seeking to sell products and services||The data is stored for the period of the legitimate interest exercised by the Controller, however not longer than the limitation period of claims against the data subject resulting from the Controller’s business activity. The limitation periods are defined by the law, in particular in the Polish Civil Code (the basic limitation period for claims related to business activity is three years).
The Controller may not process data for the purpose of direct marketing if an effective objection to such action is expressed by the data subject.
|Marketing||Article 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of their personal data by the Controller for marketing purposes||The data is stored until the data subject revokes their consent for further processing of their data for this purpose.|
|Establishing, exercising or defending any legal claims by the Controller or against the Controller||Article 6(1)(f) of the GDPR (controller’s legitimate interest) – the processing is necessary for the legitimate interests of the Controller – consisting in establishing, exercising or defending any legal claims by the Controller or against the Controller||The data is stored for the period of the legitimate interest exercised by the Controller, however not longer than the limitation period of claims against the data subject resulting from the Controller’s business activity. The limitation periods are defined by the law, in particular in the Polish Civil Code (the basic limitation period for claims related to business activity is three years).|
|Use of the Website and ensuring its proper operation||Article 6(1)(f) of the GDPR (controller’s legitimate interest) – the processing is necessary for the legitimate interests of the Controller – consisting in operating and maintaining the Website||The data is stored for the period of the legitimate interest exercised by the Controller, however not longer than the limitation period of the Controller’s claims against the data subject resulting from the Controller’s business activity. The limitation periods are defined by the law, in particular in the Polish Civil Code (the basic limitation period for claims related to business activity is three years).|
|Monitoring Website statistics and traffic analysis||Article 6(1)(f) of the GDPR (controller’s legitimate interest) – the processing is necessary for the legitimate interests of the Controller – consisting in monitoring Website statistics and performing traffic analysis with the aim to improve the Website functioning||The data is stored for the period of the legitimate interest exercised by the Controller, however not longer than the limitation period of the Controller’s claims against the data subject resulting from the Controller’s business activity. The limitation periods are defined by the law, in particular in the Polish Civil Code (the basic limitation period for claims related to business activity is three years).|
For proper operation of the Website, the Controller needs to use third-party services (such as software provider). The Controller shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures that meet the requirements of the GDPR and protect the rights of data subjects.
The personal data of Website users may be transferred to the following recipients or categories of recipients:
The Controller may use profiling on the Website for direct marketing purposes, but the decisions made on this basis by the Controller do not concern contract conclusion or refusal to conclude a contract or the possibility of using electronic services. Using profiling on the Website may be result, e.g. in granting a particular person a discount, sending them a discount code, sending a product offer that may correspond to the interests or preferences of a given person or proposing better conditions as compared to the standard offer. Despite profiling, the particular person makes an unrestricted decision as to whether they want to use the discount received in this way or better conditions and make a purchase.
Profiling on the Website involves automatic analysis or forecast of a given person’s behavior on the Website, e.g. by browsing the website of a specific Product on the Website. The condition for such profiling is the Controller having the personal data of the particular person in order to be able to send them, e.g. a discount code.
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Right to access, rectification, limiting, removal or transfer – the data subject has the right to request the Data Controller to grant them access to their personal data and request their rectification, removal (“the right to be forgotten”) or restriction of their processing, as well the right to object to processing and to have the data transferred. Detailed conditions of the execution of the above mentioned rights are stipulated in Articles 15–21 of GDPR.
Right to withdraw consent at any time – the data subject whose data are processed by the Controller based on consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of GDPR) has the right to withdraw the consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint to the supervisory authority – the data subject whose data are processed by the Controller has the right to lodge a complaint to the supervisory authority in the manner and by means set forth in the provisions of GDPR and Polish law, in particular the Polish Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
Right to object – the data subject shall have the right to object at any time,
on grounds relating to their particular situation, to processing of personal data concerning them which is based on point (e) (interest or public service) or (f) (controller’s legitimate interest) of Article 6(1), including profiling based on those provisions. In such a case, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Right to object to direct marketing – where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Cookies constitute small chunks of text information in the form of text files, sent by our server and saved on the side of the Website visitor (e.g. on the hard disk of the computer, laptop or on the smartphone memory card – depending on the type of the device used by our Website visitor). Detailed information on Cookies and their history can be found, e.g. here: https://pl.wikipedia.org/wiki/HTTP_cookie.
Cookies that may be sent through the Website may be divided into different types, according to the following criteria:
|According to their supplier:
||According to their retention period on the device of the Website visitor:
||According to the purpose of their use:
The Controller may process the data contained in the cookies when the visitor uses the Website for the following specific purposes:
|Purposes of using Cookies on the Controller’s Website||remembering the data from completed forms (necessary and/or functional/preferential Cookies),||customizing the contents of the Website to the individual preferences of the user (e.g. in respect to colors, font size, site layout) and optimizing the use of the Website (functional/preferential Cookies),||collating anonymous statistics presenting the manner of using the Website (analytical and performance Cookies),||displaying and rendering advertisements, limiting the number of times the advertisement is displayed and ignoring advertisements that the user does not want to see, measuring the effectiveness of advertisements, as well as personalizing advertisements, that is examining the characteristics of the behavior of the visitors to the Website by anonymous analysis of their activities (e.g. repeated visits to particular sites, keywords etc.) in order to create their profile and provide advertisement customized to their anticipated interests, also when they visit other websites in the advertisement network of Google Ireland Ltd. and Facebook, i.e. Meta Platforms Ireland Ltd. (marketing, advertising and social Cookies)|
For most popular web browsers, checking which Cookies (including the validity period of the Cookies and their provider) are being sent at a particular moment by the Website is possible in the following way:
(1) in the address bar, click on the padlock icon on the left side, (2) go to the “Cookies” tab.
(1) in the address bar, click on the shield icon on the left side, (2) go to the “Allowed” or “Blocked” tab, (3) click the “Cross-Site Tracking Cookies”, “Social Media Trackers” or “Tracked Content” field
(1) click the “Tools” menu, (2) go to the “Internet options” tab, (3) go to the “General” tab, (4) go to the “Settings” tab, (5) click the “View files” field
(1) in the address bar, click on the padlock icon on the left side, (2) go to the “Cookies” tab.
(1) click the “Preferences” menu, (2) go to the “Privacy” tab, (3) click the “Manage Site Data” field
|Regardless of the browser, using the tools available for example at: https://www.cookiemetrix.com/ or:https://www.cookie-checker.com/|
Normally, most of the web browsers available on the market accept cookie files by default. Everybody has the possibility to determine the terms for using cookie files through their web browser settings. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the possibility to save cookie files – however, in the latter case, this may affect some functionalities of the Website.
The web browser setting in respect to the cookie files is important from the perspective of the consent
for using cookie files by our Website – such consent may also legally be provided by the means of web browser settings. Detailed information on changing the cookie file settings and deleting such files on your own in the most common web browsers can be found in the web browser help section and on the following websites (simply click the particular link):
On the Website, the Controller may use the Google Analytics, Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Controller monitor statistics and analyze traffic on the Website. The data collected is processed as part of the above-mentioned services to generate statistics helpful for the administration of the Website and analyzing traffic on the Website. The data is aggregate. Using the above services on the Website, the Controller collects such data as the sources and media of acquiring the visitors to the Website and their behavior on the site, information on the devices and web browsers used to visit the site, IP and domain, geographic data and demographic data (age, gender), and interests.
It is possible for a particular person to easily block sharing the information on their activity on the Website with Google Analytics – to do so, you can install the web browser add-on from Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=pl
On the Website, the Controller may use the Facebook Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Controller to measure the effectiveness of advertisements and learn which actions are taken by the visitors to the Website, as well as to display customized advertisement to these persons. You can find the detailed information on the functioning of Facebook Pixel at the following internet address:https://www.facebook.com/business/help/742478679120153?helpref=page_content
You can manage the functioning of Facebook Pixel through the advertisement settings on your account on the Facebook.com portal:https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
If you have any problems or questions connected to using the Website or any other questions, please contact the Website Owner: