WEBSITE PRIVACY POLICY
https://hiley.eu
-
- The administrator of Personal Data on the website at: https://hiley.eu/, hereinafter referred to as the Website, is TONAZ Sp. z o.o. Ul. Trzebnicka 9 50-245 Wrocław, KRS: 0000937411, NIP:9482630855, REGON:52063201600000.
- Respecting your rights as subjects of personal data (data subjects) and respecting the applicable laws, including in particular Regulation 2016/679 of the European Parliament and of the Council (EU) of April 27, 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as RODO, the Act of May 10, 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000, hereinafter referred to as the Act) and other relevant data protection regulations, we undertake to maintain the security and confidentiality of the personal data obtained from you. All employees have been properly trained in the processing of personal data, and as a Personal Data Administrator, we have implemented appropriate safeguards and technical and organizational measures to ensure the highest level of protection of personal data. We have implemented procedures and policies for the protection of personal data in accordance with the RODO, through which we ensure the legality and reliability of data processing, as well as the enforceability of any rights you have as a data subject. In addition, if necessary, we cooperate with the supervisory authority in the Republic of Poland, i.e. the President of the Office for Personal Data Protection (hereinafter referred to as PUODO).
- We collect the following personal data on our Website:
- first and last name and PESEL number – they may be processed when, as users of our Website (including customers or potential customers), you provide them to us via e-mail, reservation form, contact form available on our Website, snail mail or when contacting us by phone, in order to use
of our offer, - telephone number – may be processed in case of telephone contact from your side
(including as customers or potential customers), as well as when you provide it to us via e-mail, reservation form, contact form available on our Website or snail mail, in order to enable us to contact you if the need arises in connection with the provision of services to you, as well as to answer questions related to our offer, - e-mail address – it may be processed when you, as users of our Website (including customers or potential customers), provide it to us in case of contact via e-mail, reservation form or contact form available on our Website, as well as via snail mail or when contacting us by phone; through the e-mail address we send you a confirmation of your order, we contact you if there is such a need related to the processing of your order, as well as we answer questions related to our offer;
- NIP – we collect the Tax Identification Number from entrepreneurs and individuals who request an invoice and have a NIP number,
- IP address of the device – information resulting from the general principles of connections made on the Internet, such as the IP address (and other information contained in system logs), is used for technical and statistical purposes, including, in particular, the collection of general demographic information (e.g., about the region from which the connection is made),
- alternatively, other data may be collected in the course of conducting specific cases or may be provided by you as a user of our Website (including as a customer or potential customer) via e-mail, contact form available on the Website, snail mail or when contacting us by phone.
- Providing the data indicated in the preceding paragraph is necessary in the cases indicated in the preceding paragraph, including in particular:
- in order to use the services offered on our Website, including without having to register (create an Account) on the Website,
- in order to carry out the services ordered by you on our Website,
- in order to answer your questions and enable you to contact us via e-mail, contact form available on the Website, snail mail or telephone contact,
- Our Website uses Cookies technology in order to adapt its functioning to your individual needs. Accordingly, you may agree that the data and information you have entered will be remembered so that it can be used the next time you visit our Website without having to enter it again. Owners of other sites will not have access to this data and information. If, on the other hand, you do not agree with the personalization of the Website, we suggest that you disable cookies
in the options of your Internet browser. - Each of you, as a user of our Website, has a choice as to whether you
and to what extent you want to use our services and share information and data about yourself, to the extent specified in the contents of this Privacy Policy. - In accordance with the principle of minimization, we process only those categories of personal data that are necessary to achieve the purposes referred to in sec. 3 and 4 above.
- We process personal data for the period of time necessary to achieve the purposes listed in points. 3 and 4 above. Personal Data may be processed for a longer period where such a right or obligation imposed on us as the Administrator arises from specific legal provisions, from the Administrator’s legitimate interest referred to in sec. 10(c) below (i.e., for the period of the statute of limitations for claims or the completion of the relevant proceedings, if any, during the period of the statute of limitations) or if the service we provide is continuous.
- The source of the Personal Data processed by the Administrator is the data subjects.
- The legal basis for the processing of your personal data is:
- 6(1)(b) RODO, i.e. the necessity for the performance of a contract to which you are a party, or to take action at your request before entering into a contract, or
- 6(1)(c) RODO, i.e. the necessity to fulfill legal obligations incumbent on the Administrator, or
- 6(1)(f) RODO, i.e. the Administrator’s legitimate interest in establishing, asserting or defending claims until they are barred by the statute of limitations, or until the completion of the relevant proceedings, if any, initiated during that period, or
- 6(1)(a) RODO, i.e. your consent to the processing of personal data for specific purposes, when other legal grounds for processing personal data do not apply.
- Personal data is not transferred by us to a third country or international organization within the meaning of the RODO. In the event that personal data is transferred to a third country or international organization, you will be informed in advance and the Administrator will apply the safeguards referred to in Chapter V of the RODO.
- We do not share any personal data with third parties without the express consent of the data subject. Personal data without the consent of the data subject may be shared only with public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement agencies and other entities authorized by generally applicable laws).
- Personal data may be entrusted for processing to entities that process such data on our behalf as Personal Data Controller. In such a situation, as a Personal Data Controller, we enter into an entrustment agreement with the processor for the processing of personal data. The processor shall process the entrusted personal data only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting your personal data to the Processor, we would not be able to conduct our business on the Website. As Personal Data Administrator, we entrust personal data for processing to the following entities:
- providing hosting services to the website on which our Website operates,
- providing other services to us that are necessary for the ongoing operation of the Website.
- Personal data is not subject to profiling by us as an Administrator under the provisions of the DPA.
- According to the provisions of the RODO, any person whose personal data we process as a Personal Data Controller has the right to:
- be informed of the processing of personal data as referred to in Article 12 of the RODO,
- access to his/her personal data, as referred to in Article 15 of the RODO,
- correct, complete, update, rectify personal data as referred to in Article 16 RODO,
- deletion of data (right to be forgotten) as referred to in Article 17 RODO,
- restriction of processing, as referred to in Article 18 RODO,
- transfer of data, as referred to in Article 20 RODO,
- object to the processing of personal data, as referred to in Article 21 RODO,
- in the case of the legal basis referred to in item. 10(d) above – the right to withdraw consent at any time without affecting the legality of the processing performed on the basis of consent before its withdrawal,
- not be subject to the profiling referred to in Article 22 in conjunction with Article 4(4) of the RODO,
- to lodge a complaint with the supervisory authority (i.e., the President of the Office for Personal Data Protection) referred to in Article 77 of the RODO, taking into account the rules of use and exercise of these rights under the provisions of RODO.
- If you wish to exercise your rights referred to in the preceding paragraph, please use the appropriate tabs on the Website, which allow you to delete your account and data collected on our Website, or send a message by e-mail to the e-mail address or in writing to the mailing address referred to in paragraph. 17 below.
- In the body of the Submission, you must clearly indicate:
- the details of the person or persons to whom the Notification relates,
- the event that is the reason for the Notification,
- present your requests and the legal basis for these requests,
- indicate the expected manner of handling the case.
- Each identified security breach shall be documented, and in the event of the occurrence of one of the situations set forth in the provisions of the RODO or the Act, the data subjects and, if applicable, the PUODO shall be informed of such data breach.
- All capitalized words shall have the meaning given to them in the Terms and Conditions of our Website, unless otherwise stated in this Privacy Policy.
- The provisions of this Privacy Policy shall, to the extent possible, apply mutatis mutandis to all persons with whom we have legal relations and to whom we are also the Administrator of their personal data, including, in particular, our customers, contractors.
- In matters not regulated by this Privacy Policy, the relevant provisions of generally applicable law shall apply accordingly. In the event of any inconsistency between the provisions of this Privacy Policy and the aforementioned regulations, those regulations shall prevail.