IN ACCORDANCE WITH ART. 13 OF REGULATION (EU) 2016/679 ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA AND ON THE FREE MOVEMENT OF SUCH DATA AND REPEALING DIRECTIVE 95/46/EC (GDPR)
1. 1. IDENTITY OF THE DATA CONTROLLER
The data controller is Polcolorit S.A., with its registered office in Piechowice, ul. Jeleniogórska 7, 58-573 Piechowice, Poland (“Data Controller” or “Polcolorit”). In order to exercise your rights or obtain information concerning them or concerning the processing of your personal data, please contact the Data Controller via the contact details: firstname.lastname@example.org.
2. PURPOSES AND LEGAL BASIS OF THE PROCESSING AND STORAGE PERIOD
Polcolorit will process personal data concerning you, contributed by you directly or collected during browsing of the www.polcolorit.pl/en website (the “Site”), for the following purposes.
2.1. BROWSING THE WEBSITE
As users browse this Site, the IT systems and software procedures which operate it acquire some personal data the transmission of which is implicit in the use of Internet communications protocols, such as the IP addresses or domain names of the PCs and terminals used by users, as well as the URI/URL (Uniform Resource Identifiers/Locators) of the requested resources, the time of the request, the size of the file obtained and other parameters concerning the operating system environment of the user, in order to:
- enable you to access and use the Site
- obtain statistical information concerning the use of the services (most visited pages, number of visitors by time band or per day, geographical area of origin, etc.)
- check that the services offered are operating correctly.
The legal basis for the processing of your data for the purposes referred to in points 1, 2 and 3 is the fulfilment of your request, pursuant to Article 6, first comma, subsection b) of the GDPR; if you were to refuse to contribute these data, you would be unable to use the Site.
2.2. COOKIES AND OTHER TRACKING SYSTEMS
3. PROCEDURES FOR THE PROCESSING OF YOUR PERSONAL DATA
Your personal data will be processed, in compliance with the provisions of the GDPR, by IT and telematic means, for the stated purposes, and in all cases by procedures which guarantee an appropriate level of security and confidentiality, in accordance with the provisions of Article 32 of the GDPR.
The processing of personal data signifies their collection, recording, organisation, storage, treatment, adaptation, alteration, sorting, retrieval, alignment, use, combination, freezing, disclosure, dissemination, erasure or destruction, or the combination of two or more of the aforesaid operations, also via automated tools for the storage, management and transmission of the data, with the aid of measures which guarantee their security and confidentiality.
4. RECIPIENTS OF YOUR PERSONAL DATA, AND PARTIES WHO MAY GAIN KNOWLEDGE OF THEM
For the pursuance of the purposes described in point 2 above, the personal data processed will be known to Polcolorit’s employees, contract staff and associates working in the capacity of authorised data users.
Moreover, for the pursuance of the purposes described in point 2 above, your personal data may be processed by third parties belonging, for example, to the following categories:
• parties which supply services for the management of the IT system, including server hosting and backup services;
• technical assistance service providers;
• other service providers;
• supervisory and controlling authorities and bodies, and public or private bodies in general with a public interest function;
• other companies belonging to the same group of companies as Polcolorit, or linked to Polcolorit, or Mowhawk Industries.
In some cases, the entities in the aforesaid categories operate in complete independence as separate data controllers, while in other cases they operate as Data Processors specifically appointed by the Data Controller in accordance with article 28 of the GDPR.
Your consent is not required for the disclosure of your data to entities in the above categories operating in the capacity of independent data controllers, since it is based on the prevalent legitimate interest of the Data Controller, as the said disclosure is necessary for the pursuance of the purposes set out in point 2 above.
5. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
For technical and organisational purposes, your data may be transferred to nonEuropean Union member states: this transfer is, in any case, lawful since it is covered by adequacy decisions issued by the European Commission and/or standard data protection clauses based on the models adopted by the European Commission pursuant to art. 46 of the GDPR.
You may request a copy of the safeguards adopted for data transfer outside the EU, and information concerning the places where the data have been made available, by sending a specific request to theData Controller at the email address email@example.com.
6. YOUR RIGHTS AS DATA SUBJECT
With regard to the data processing described in this information on the processing of personal data, you may, as a data subject, under the conditions laid down by the GDPR, exercise the rights provided for in Articles 15 to 21 of the GDPR, in particular:
• Right of access – Article 15 of the GDPR: the right to obtain confirmation of whether your personal data are processed and, if so, the right to access your personal data – including copies – and to receive, inter alia, the following
– the purposes of the processing;
– categories of personal data processed;
– recipients or categories of recipients to whom they have been or will be disclosed
– the storage period or criteria used;
– the rights of the data subject (the right to rectify, delete personal data, processing restrictions and the right to object to processing);
– right to lodge a complaint with the supervisory authority
– the right to receive information about the source of personal data if it has not been collected from the data subject;
– the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the envisaged consequences of such processing for the data subject
• Right to rectification – article 16 GDPR: right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data;
• Right to erasure (right to be forgotten) – article 17 GDPR: right to obtain, without undue delay, the erasure of personal data concerning you, when:
– personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
– you have withdrawn consent and where there is no other legal ground for the processing;
– you have successfully objected to the processing of the personal data;
– the data have been unlawfully processed,
– the data must be deleted to comply with a legal obligation;
– the personal data have been collected in relation to the offer of information society services referred to in article 8, comma 1 of the GDPR.
The right to erasure shall not apply in so far as the processing of data is necessary to fulfil a legal obligation requiring processing under law, to perform a task carried out in the public interest or in the exercise of the public authority entrusted to the Data Controller, or to establish, pursue or defend claims.
• Right to restriction of processing – article 18 GDPR: right to obtain restriction of the processing, when:
– the accuracy of the personal data is contested by the data subject;
– the processing is illegal and the data subject objects to the deletion of personal data, demanding in return that their use be restricted;
– the data subject needs data to establish, pursue or defend claims;
– the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
• Right to data portability – article 20 GDPR: right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance, if the processing is based on consent and is carried out by automated means. In addition, the right to have your personal data transmitted directly by the Data Controller to the other controller, where technically feasible.
• Right to object – article 21 GDPR: right to object to the processing of personal data concerning you, unless there are legitimate grounds for the Data Controller to continue the processing;
• The right to withdraw consent – the right to withdraw consent at any time. The withdrawal of consent does not affect the processing of data carried out before its withdrawal.
The above rights may be exercised in relation to the Data Controller using the contacts provided in point 1 above.
The Data Controller shall examine your request and shall inform you, without undue delay and in all cases within no more than one month of its receipt, concerning the action taken with regard to your request.
The exercise of your rights as data subject is free of charge in accordance with article 12 of the GDPR. However, in the case of requests which are manifestly unfounded or excessive, in particular by reason of their repetitive nature, the Data Controller may charge you a reasonable fee, taking into account the administrative costs of processing the request, or refuse to act on the request.
Please also note that the Data Controller may request further information necessary to confirm the identity of the data subject. In addition, you have the right to lodge a complaint with the President of the Office for Personal Data Protection – ul. Stawki 2, 00-193 Warsaw.
Last update 26.11.2020