Information obligation under RODO
In connection with the new Data Protection Regulation commonly known as RODO, we would like to provide you with some information.
What is RODO?
As of May 25, 2018, Regulation 2016/679 of the European Parliament and of the Council (EU), dated April 27, 2016, will come into effect, which introduces new issues of customer rights.
Who is the Administrator of my personal data?
The administrator of your personal data is PALETEO SPÓŁKA Z O.O., based in Poznań at 11D/22U Katowickia Street 61-131). You can contact us through the contact form available on the Contact page.
For what purposes does Paleteo.pl process data?
Because you have purchased products from us or registered in our online store and accepted the Terms and Conditions, we process your personal data in order to perform the concluded agreement, including your consent to provide services electronically. This means that we will notify you about our products, sending you personalized information about news, surveys and advice. Our telephone service, correspondence and handling of your payments will be carried out by our employees.
We process your personal data because you have contacted us via the form on the Contact Us page, by phone or by email, in particular to ensure communication between you and our Customer Service Department, including to handle your inquiries and orders and respond to you in the relevant thread, and for the settlement of any claims and disputes for a period of 10 years. This basis for processing is called the legitimate interest of the Administrator. For more on how and when we process personal data, transfers, complaints, please see our Privacy Policy below.
What rights does the user have at Paleteo.pl?
Providing personal data is voluntary but necessary for the purposes mentioned above. As always, you have the right to access your data and the right to rectify, delete, limit processing, the right to data portability, not to be subject to automated decision-making, including profiling, the right to object. To do so, simply contact us.
Will my data be transferred outside the European Economic Area (EEA)?
Yes. In order to collect statistics, effectively deliver emails to you, and continuously improve the operation of the Service, including showing you increasingly tailored pages and offers, we use tools from companies outside the EEA, such as Google LLC, RedLink and Facebook. We make sure that these companies provide guarantees of a high level of personal data protection. These guarantees derive, in particular, from the obligation to apply the standard contractual clauses adopted by the (EU) Commission or participation in the Privacy Shield program.
For more on the processing of your personal data by Paleteo.pl, please see the Privacy Policy and Terms and Conditions below.
Privacy Policy
(Attachment No. 2 to the Rules and Regulations)
GENERAL PROVISIONS
The purpose of www.paleteo.pl is to provide full product information to users wishing to purchase products from our store. At the same time, we make every effort to ensure the security of the information and data entrusted to us. The service uses modern and proven technologies, which increases the technical security of the services provided.
I. Personal data administrator and the purpose of the privacy policy
1.PALETEO SPÓŁKA Z O.O. (hereinafter "Paleteo.pl" or "Administrator") is an administrator within the meaning of the Regulation of the European Parliament and of the Council (EU) of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter "General Data Protection Regulation"), with regard to personal data of Users who are natural persons. This means that Paleteo.pl determines the purposes and means of processing of Users' personal data on its own and at its own responsibility. If you have any questions or concerns about how your personal data is protected by Paleteo.pl, please contact us via the contact form or send an e-mail. Personal information is any information that can identify you, for example, your name, phone number, email address or home address. When we refer to the term "process" or "processing" in the following document, we mean any activity or operation performed on personal data (such as storing or analyzing it for the purpose of providing a service).
2.The purpose of this Privacy Policy is to set out the activities undertaken by Paleteo.pl with regard to the protection of personal data processed, including those collected through the www.paleteo.pl website and related services and tools used by the Users to perform activities such as registration, submitting requests for quotation, sending opinions and performing a number of other, related activities in connection with the use of Paleteo.pl services by the Users. All our activities are subject to the laws that apply to data protection, such as the General Data Protection Regulation. Our Privacy Policy is subject to the provisions of Polish law and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "RODO" or "RODO Regulation".
3.The use of Paleteo.pl is possible only after acquaintance with the provisions of this Privacy Policy and the Terms and Conditions.
4.The use of the website, including entering into contracts, is voluntary. Likewise, the related provision of personal data by the user is voluntary, subject to two exceptions: conclusion of contracts with Paleteo.pl - failure to provide personal data in the cases and to the extent indicated on the website, as well as in the Rules and Regulations of the website and this Privacy Policy, necessary for the conclusion and performance of a contract for the provision of services with the Administrator, shall result in the impossibility to conclude such a contract. The provision of personal data in such a case is a contractual requirement, and if the data subject wishes to conclude a given contract with the Administrator, he/she is obliged to provide the required data. Each time, the scope of data required to conclude a contract is indicated in advance on the website and in the terms and conditions of the service; statutory obligations of the Administrator - providing personal data is a statutory requirement resulting from generally applicable laws imposing an obligation on the Administrator to process personal data (e.g. processing data for the purpose of bookkeeping), and failure to provide such data will prevent the Administrator from performing such obligations.
5.The Administrator shall exercise special care to protect the interests of the persons whose personal data it processes, and in particular shall be responsible and ensure that the data it collects are: processed in accordance with the law; collected for designated legitimate purposes and not subjected to further processing incompatible with those purposes; substantively correct and adequate in relation to the purposes for which they are processed; stored in a form that allows identification of the persons to which they relate for no longer than is necessary to achieve the purpose of processing; and processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organizational measures.
6.Taking into account the nature, scope, context and purposes of the processing and the risk of infringement of the rights or freedoms of natural persons of varying probability and severity, the Controller shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with this Regulation and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Administrator shall implement technical measures to prevent the acquisition and modification by unauthorized persons, of personal data sent electronically.
II. Basis and purposes of personal data processing at Paleteo.pl
The Administrator is authorized to process personal data in cases where - and to the extent that - at least one of the following conditions is met: the data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes; the processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract; the processing is necessary for the fulfillment of a legal obligation incumbent on the Administrator; or processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Processing of personal data by the Controller requires the existence of at least one of the grounds indicated above in each case.
Below we have described the activities occurring on users' personal data in connection with the use of services that Paleteo.pl offers to its users through the website. Provision of personal data is voluntary, but necessary for the purposes listed below.
1.When submitting an Inquiry, the User provides his/her personal data (name and surname, telephone number, e-mail address, possibly company name, NIP) and accepts the Rules and Regulations.
Purposes and legal basis: Paleteo.pl processes personal data because it is necessary for the performance of the Agreement with the User (Article 6(1)(b) of the RODO Regulation (performance of the agreement), to the following extent:
o make it possible to provide the service electronically;
ocontacting the User with Suppliers, including by sending the User's contact information via email to Suppliers of the ordered product;
o handle requests (e.g., through a form on the Contact Us page);
ocontacting the User, including but not limited to clarifying the Request and providing services;
o Solve technical problems;
With whom does Paleteo.pl share data? Our employees may contact the User for the purpose of handling his/her Inquiries. Personal data is also provided to Suppliers who are to deliver the ordered product.
How long does Paleteo.pl process data? Data is processed for the purpose of performing the Agreement, during the term of the Agreement. After this period, data is stored for the purpose of claiming claims in connection with the performance of the Agreement, prevention of fraud and abuse, performance of obligations under the law, including in particular tax and accounting, statistics and archiving, for a maximum period of 10 years from the date of expiration of the Agreement.
2.Provider shall sign a personal data processing entrustment agreement with Paleteo.pl.
Aims and legal basis: Paleteo.pl processes personal data because it is necessary for the performance of the Agreement concluded with the Provider (Article 6(1)(b) of the RODO Regulation (performance of the agreement), to the following extent:
oenabling the provision of the service electronically;
oproviding contact information of the user/orderer to the Supplier, via email, without the possibility of further sharing and using it for purposes other than order processing;
o handle requests (e.g., through a form on the Contact Us page);
ocontacting the Supplier to provide services;
o Solve technical problems;
o handle complaints when submitted by the User;
How long does Paleteo.pl process data? Data is processed for the purpose of performing the Agreement, during the term of the Agreement. After this period, the data is stored for the purposes of claiming claims in connection with the performance of the Agreement, prevention of fraud and abuse, performance of obligations under the law, including in particular tax and accounting, statistics and archiving, for a maximum period of 10 years from the date of expiration of the Agreement.
3.The user contacts Paleteo.pl (by providing e-mail address, possibly phone number, first name, surname) through the contact form on the Contact page or by e-mail or telephone.
Purposes and legal basis: the data is processed on the basis of the Administrator's legitimate interest (Article 6(1)(f) of the RODO Regulation) for the purpose of ensuring communication between the User and the Customer Service Department, including for the handling of the User's case and replying in the relevant thread.
To whom does Paleteo.pl share data? Data is shared with Paleteo.pl employees.
How long does Paleteo.pl process data? Data is stored for the period of existence of the legitimate interest pursued by the Administrator, but no longer than the period of limitation of claims against the data subject from the Administrator's business activities. The period of limitation is determined by the provisions of law, in particular the Civil Code. Data is stored for a maximum period of 10 years.
4.In addition, Paleteo.pl processes data for the purposes listed below on the basis of legitimate interest (Article 6(1)(f) of the RODO Regulation):
ocontacting Users, including for purposes related to the provision of services, permitted marketing activities, through available communication channels, in particular e-mail and telephone;
oensure the security of the services provided electronically, including enforcing compliance with the Terms and Conditions and preventing fraud and abuse;
to adjust advertising or settings of third-party services in accordance with previously viewed content;
Conducting direct marketing;
o perform legal obligations, including tax or accounting regulations, debt collection;
ostatistic;
oarchiving;
III. Cookies and other similar technologies
The Service Provider declares that it uses cookies, which are short text files saved on the User's computer or on the computer of another person visiting the Site and which identify the User in order to improve the use of the Site, enable logging into the Site and cooperate with applications provided by Google, Inc. and Facebook. Accepting cookies on the User's computer is necessary to provide the User with the IT Service. Each person visiting the Website may, by modifying the settings of his/her Internet browser, prevent the storage of cookies on his/her computer or permanently delete such stored files. Allowing the browser to save cookies on the computer means at the same time giving consent to such saving. The Service Provider assures that saving cookies on the computer of the User or another person visiting the Website does not cause any configuration changes in his/her computer or software. In order to ensure efficient use of our online store, it also uses technologies other than cookies, e.g. Local Storage, which is used to store data saved while using the sites in a separate part of the browser's memory. Data in Local storage can be accessed only by the website from which the data was saved in the browser. The data in Local Storage is stored by the browser after it is closed.
IV. Automated decision-making, profiling
The Website uses information concerning the User to, for example, suggest to the User what other Users interested in similar offers have searched for and send the User personalized information about news, tips and surveys, this does not have any legal effect on the User and does not affect the User in any other similar way.
The Data Subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and that produces legal effects against the Data Subject or similarly affects the Data Subject.
V. User's rights
The User has the right to access the content of his/her data and the right to rectify, erase, limit processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing (if processing is based on consent) that was carried out on the basis of consent before its withdrawal.
Right of access to content: Upon the User's request via the contact form and after verification of his identity, we will transparently provide information on:
-what are the purposes of processing his data and what is the legal basis for the processing,
-for what period his data will be processed,
-how we use profiling,
-what rights you have when it comes to your personal data,
-how to obtain a copy of your data
The right to take a copy of the data: Upon the User's request via the contact form and after verification of his identity, we will send the User a copy of his data, maintaining adequate security measures.
Right to rectification: At the request of the User submitted via the contact form and after verification of his/her identity, Paleteo.pl will correct erroneous or outdated data and complete incomplete data.
Right to delete data: At the request of the User submitted via the contact form and after verification of his/her identity, we will delete his/her data if there are no other grounds for their processing (e.g., after termination of the Agreement, we store the data for a maximum of 10 years for the settlement of possible claims and disputes).
The right to restrict the processing of data to their storage: At the request of the User made through the contact form and after verification of his/her identity, we will not share the User's data on the website. Once this is done, the User will lose his account history.
Right to data portability: At the request of the User made through the contact form and after verification of his identity, we will send the data file in a commonly used format. Within the framework of this right, the User may also indicate the entity to which we are to send the data. The User, in the interests of security, should make sure who will receive their data.
Right to object to data profiling and processing: The User may object to profiling through the contact form. After verification of identity, Paleteo.pl will disable profiling, but will not be able to continue to provide all Services and therefore the data may be deleted.
The User has the right to lodge a complaint with a supervisory authority if he/she considers that the processing of his/her personal data violates the provisions of RODO or other regulations determining the manner of processing and protection of personal data. If we process data on the basis of the User's consent, he/she has the right to revoke it at any time without affecting the legality of the processing performed on the basis of the consent before its revocation.
VI. Recipients of data
For the proper functioning of the website, including the execution of concluded Contracts, it is necessary for the Administrator to use the services of external entities (such as a software provider, IT company, or an entity handling electronic and payment card payments). The Administrator shall only use the services of such processors who provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the RODO Regulation and protects the rights of data subjects.
The transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the Privacy Policy - the Administrator transfers data only when it is necessary for the realization of a given purpose of personal data processing and only to the extent necessary for its realization.
Personal data of Service Recipients and Clients of the Website may be transferred to the following recipients or categories of recipients:
-Electronic or payment card payment processors - in the case of a Provider who uses electronic or payment card payment methods on the Website, the Administrator shall make the collected personal data of the Provider available to the selected entity that processes the above payments on the Website on behalf of the Administrator to the extent necessary to process the payment processed by the Provider;
-Service providers supplying the Administrator with technical, IT and organizational solutions that enable the Administrator to conduct its business, including the website and the services provided through it (IT companies, e-mail and hosting providers, as well as marketing activities and providing technical assistance to the Administrator) - the Administrator shall make the collected personal data available to a selected provider acting on its order only in the case and to the extent necessary to realize the given purpose of data processing in accordance with this privacy policy;
-providers of accounting, legal, advisory and translation services providing accounting, legal or advisory support to the Administrator (in particular, an accounting office, a law firm, a debt collection company) - the Administrator shall make the collected personal data available to the selected provider acting on its order only in the case and to the extent necessary to realize the given purpose of data processing in accordance with this privacy policy;
VII. Transfers outside the European Economic Area
In order to collect statistics, effectively deliver emails to Users, and continuously improve the operation of the Service, including showing Users increasingly customized pages and offers, we use tools from companies outside the EEA, such as Google LLC, RedLink or Facebook. We make sure that these companies provide guarantees of a high level of personal data protection - in accordance with the RODO. These guarantees arise, in particular, from the obligation to apply the standard contractual clauses adopted by the (EU) Commission or participation in the Privacy Shield program.
VIII. Security of User Data
All data collected by Paleteo.pl is protected using appropriate technical and organizational measures and security procedures to protect it from unauthorized access or use. Affiliates, partners and third party service providers are committed to managing data in accordance with Paleteo.pl's security and privacy requirements.
1.Password. Each Registered User is obliged to protect access to his/her password. Under no circumstances should a Registered User share his/her password with any third party. All actions of the Registered User or third parties to his/her account shall be the responsibility of the Registered User. If you suspect that your password has been stolen, you should immediately change it using the Change profile data / Change password option. Do not save your password in your web browser. If necessary, do so only on a computer to which you have exclusive access. In particular, you should not memorize passwords on computers accessible to the public (e.g., in Internet cafes).
2.User Account. The User's account contains confidential data. The User should not share information allowing access and use of the account with anyone. The User's account data can be changed using the option in the menu Change data in the profile.
3.Emails. Paleteo.pl uses its best efforts to ensure secure transmission of e-mails to recipients. Paleteo.pl uses security in the form of:
o cryptographic techniques used during connection establishment and in the data transmission itself with recipients' and senders' servers;
SPF (Sender Policy Framework) records in DNS entries, defining mail servers and rules for message sending from paleteo.pl domains;
DKIM (DomainKeys Identified Mail) ossigants to prevent impersonation of the sender;
IX. Changes to the Privacy Policy
The Administrator is entitled to change the Privacy Protection Policy of Paleteo.pl at any time. The new Privacy Protection Policy of Paleteo.pl shall become effective when published on www.paleteo.pl/polityka-ochrony-prywatnosci.
X. Contact
If you have any questions about this Privacy Policy or the processing of your personal data, please contact us using the contact form available at the contact page or by sending an e-mail to: info@paleteo.pl.