For clients of the Website: sosenco.com
- Personal Data Administrators details
We kindly inform that at-S Tomasz Sosnowski, with offices on ul. Jasna 18a, 05-506 Wilcza Góra with NIP 517 003 46 50 is the administrator of your personal data and will later be referred to as the Administrator. You can contact the Administrator about your personal data protection at the e-mail address: biuro@at-s.pl
- Data Protection Officer
The Administrator has a Data Protection Officer – currently Tomasz Sosnowski – who may be of assistance in any matters connected with personal data protection. He will also answer all questions regarding personal data processing. You can contact the Officer at an e-mail address: tomasz.sosnowski@at-s.pl.
- Purpose and grounds for personal data processing
To realize your order within our services, the Administrator processes your personal data – for different purposes. Nonetheless, always in compliance with applicable laws. Beneath you will find the specific purposes and their legal grounds.
In order to establish the cost of the order and to finalize the order following personal data is processed:
- Name
- E-mail address
- Delivery address
- Address to issue a receipt or an invoice
- Phone number
The legal grounds for this type of data processing is art. 6 ust. 1 lit. B RODO which allows for personal data processing if the data is essential to complete the agreement or to undertake the steps to finalize the agreement. Should you provide your surname it is assumed you agree to the processing of your surname, the legal grounds would be art. 6 ust. 1 lit. a RODO which allows the processing of the personal data after voluntary consent.
In order to process the complaints the following personal data is processed:
- Full name (if given)
- E-mail address
- Order number
- Phone number
- Personal address – if the payment is refunded
- Bank account number – if the payment is refunded
The legal grounds for this type of data processing is art. 6 ust. 1 lit. B RODO that allows for personal data processing if the data is essential to complete the agreement or to undertake the steps to finalize the agreement. Should you provide your surname it is assumed you agree to the processing of your surname; the legal grounds: art. 6 ust. 1 lit. a RODO which allows the processing of the personal data after voluntary consent.
In order to send e-mail notifications about announcements in the client panel the following personal data is processed:
- e-mail address
- order number
The legal grounds for this type of data processing is art. 6 ust. 1 lit. b RODO that allows the processing of the personal data if it serves the justified interest of the Personal Data Administrator (in this case, the interest of the company is to inform the client about the realization of services and orders to improve the overall service experience);
In order to send SMS notifications about announcements in the client panel the following personal data is processed:
- Phone number
- Order number
Provided You are interested in receiving such notifications (providing a phone number is not required). Sent messages are not marketing content. The legal grounds – art. 6 ust. 1 lit. a RODO which allows the processing of the personal data after voluntary consent.
In order to issue an invoice and to fulfil other obligations according to the tax law, such as storing accounting records for 5 years, the following personal data is processed:
- Full name
- Company name
- Home address or company address
- NIP number
- Order number
The legal grounds - art. 6 ust. 1 lit. c RODO that allows the processing of personal data if it is essential to fulfilling the obligations imposed on the Administrator by the law.
In order to archive unpaid enquiries, the following personal data is processed:
- First name
- E-mail address
- Order number
Should it happen the decision to use our services is delayed in time. Legal grounds - art. 6 ust. 1 lit. b RODO that allows the processing of the personal data if it serves the justified interest of the Personal Data Administrator (in this case it is allowing to finalize the agreement without reassessing the price).
In order to hold a customer satisfaction survey, the following data is processed:
- e-mail address
- phone number
- order number
Legal grounds - art. 6 ust. 1 lit. b RODO that allows the processing of the personal data if it serves the justified interest of the Personal Data Administrator (in this case the company interest is to learn the opinions about the service to be able to adjust them to the clients’ needs and expectations).
In order to create the registries for RODO purposes, including the registry of clients that denied in line with RODO, the following personal data is processed:
- First name
- E-mail address
Firstly, RODO laws require documentation to demonstrate accountability and compliance with data. Secondly, if You oppose personal data processing for marketing purposes, the Administrator needs to know who not use direct marketing with.
Legal grounds - art. 6 ust. 1 lit. c RODO that allows data processing if it is essential for the Administrator to meet the law requirements; second - art. 6 ust. 1 lit. f RODO that allows data processing if the Administrator realizes their legitimate interest by it (in this case the company interest is to have knowledge about people exercising their powers stemming from RODO).
In order to give a discount (after a consent, stemming from the regulations about service delivered electronically, has been given), the following data is processed:
- First name
- E-mail address
Legal grounds - art. 6 ust. 1 lit. a RODO that allows the processing of data after voluntary consent of the customer.
In order to establish, investigate or defend against claims, the following data is processed:
- Full name (if a surname was provided) or company name
- Home address (if provided)
- PESEL number or NIP number (if provided)
- E-mail address
- IP number
- Order number
Legal grounds – art. 6 ust. 1 lit. f RODO that allows data processing if the Administrator realizes their legitimate interest by it (in this case the interest of the company is to have personal data of the clients and third parties that allows to establish, investigate or defend against claims)
In order to archive and preserve evidence, the following data is processed:
- Full name (if provided)
- E-mail address
- Order number
To preserve the information that might be used to prove facts of legal implications. Legal grounds – art. 6 ust. 1 lit. f RODO that allows data processing if the Administrator realizes their legitimate interest by it (in this case the interest of the company is to possess personal data to be able to prove certain facts regarding orders realization, e.g. some public authority demands it).
For analytical purposes, that is to measure and analyze activity on the website belonging to the company, the following data is processed:
- Date and hour of viewing the website
- Type of operating system
- Approximate location
- Type of web browser used to view the website
- Time spent on the website
- Seen web pages
- A web page where the contact form was filled
Legal grounds - art. 6 ust. 1 lit. f RODO that allows data processing if the Administrator realizes their legitimate interest by it (in this case the interest of the company is to have the knowledge about clients activity on the website).
In order to use cookies on the website, the following text data (cookies shall be described further in a separate paragraph)
Legal grounds – art. 6 ust. 1 lit. a RODO that allows the processing of data after voluntary consent (during the first viewing of the website, the prompt asks for the consent to use cookies).
In order to administrate the website, the following personal data is processed:
- IP address
- Date and time of the server
- Information about the web browser
- Information about the operating system
The data is saved automatically in server logs each time the company’s website is viewed. It would be impossible to administrate the website without the server and automatic logs.
Legal grounds – art. 6 ust. 1 lit. f RODO that allows data processing if the Administrator realizes their legitimate interest by it (in this case the interest of the company is to administrate the website)
In order to allow posting comments on the website under articles, the following personal data is processed:
- First name or nick
- IP address
Legal grounds – art. 6 ust. 1 lit. a RODO that allows the processing of data after voluntary consent (in this case we assume that posting the comment is equal to giving consent to data processing).
In order to allow posting reviews of the services, the following personal data is processed:
- First name, alternatively surname or nick
Legal grounds – art. 6 ust. 1 lit. a RODO that allows the processing of data after voluntary consent (in this case we assume that posting the review is equal to giving consent to data processing).
- Cookies
- The Administrator, similarly to other entities, uses cookies on their website, that is short text information saved on the computer, phone, tablet or another device the customer uses. They can be read by our system, and other entities we use services from (e.g. Facebook, Google).
- Cookies serve many purposes on our website, that we attempt to describe below (if the information is not satisfactory, we kindly ask for contact):
- Providing security – cookies are used to authenticate users and to prevent unauthorized use of the client/s panel. Therefore, they serve as protection from unauthorized access to personal data.
- Impact on the processes and performance of the website – cookies are used to assure smooth running of the website and to allow the use of the functions on the website which is possible thanks to saving the settings, among others. Due to them, you can smoothly navigate the website and the webpages.
- Session state – very often cookies store information on how the customers use the website, e.g. which webpages the view the most often. The cookies also enable the identification of errors that may appear on some of the webpages. Therefore, cookies used to save session state help to improve the service and make browsing the website more comfortable.
- Maintaining the session state – if the customer logs in to their panel, cookies allow maintaining the session. That means that after changing the webpage on the website the customer stays logged in which provides a better experience.
- Creating statistics – cookies are used to analyze how the customers are using the website (how many people views the website, how long they stay, which content is the most popular). Thanks to that the website can be constantly improved and adjusted according to the customers’ preferences. To follow activities and create statistics we use Google tool, Google Analytics, except for reporting the statistics of the website user, Google Analytics Pixel, together with some of the previously described cookies, may serve as a help to show more personalized content in Google services (Google browser) and the Internet.
- Using the social media features - on the website we use Facebook Pixel which allows liking our fan page while using this service. However, to make it possible we need to use the cookies provided by Facebook.
- What is important, a lot of cookies is anonymized which means that without additional information we are not able to identify the customer’s identity
- Your internet browser allows cookies by default that is why we ask for your permission to use cookies when you visit the website for the first time. If you, however, do not agree to the use of cookies while viewing the website you can change your browsers settings – completely block the cookies or ask for a notification every time cookies are saved. You can change the settings at any time.
- Respecting the autonomy of each and every person using the website, we need to inform that disabling or limiting cookies may cause real issues on the website, e.g. the need to log in on every webpage, longer loading time, limited abilities to use the website features, limited abilities to like the website on Facebook, etc.
5. The right of withdrawal
- If the processing of personal data is based on the consent, the consent may be withdrawn at any time – according to the customer’s wishes.
- If you decide to withdraw the consent to the personal data processing you need:
- Send a direct e-mail at biuro@at-s.pl, address: ul. Jasna 18a, 05-506 Wilcza Góra or;
- Send an e-mail to the Data Protection Officer at Tomasz.sosnowski@at-s.pl, or;
- Click in a link at the bottom of the e-mail, or;
- Delete the comment left at the article, or;
- Delete the posted opinion about the services.
- If the processing of your personal data was based on your consent withdrawing it does not make the processing up this point illegal. In other words, until you withdraw the consent to the processing of your personal data we have the right to process it. The withdrawal does not affect the legitimacy of the processing up to this point.
6. The requirement to provide personal data
- Providing any personal data is voluntary and depends on your decision. However, in some cases providing particular personal data is necessary to meet your demands when it comes to making purchases in our online shop.
- To place an order in our online shop, it is necessary to provide full name, e-mail address, delivery address and phone number. Without this information, we are unable to conclude and realise the agreement.
- To be able to receive the invoice for the services, it is necessary to provide all the data required by the tax law, which are a full name or company name, home address or company address, NIP number. We are unable to issue a correct invoice without this information.
- To be able to contact You by phone regarding the realization of the services, it is necessary that you provide the phone number. We are unable to contact You without the number.
- If you wish to receive SMS notifications about new messages in the client panel, it is necessary that you provide the phone number. We are unable to send the notifications without it.
- To be able to receive discounts for future services, it is necessary that You provide your name and e-mail address. We are unable to send the discount codes without them.
7. Automated decision making and profiling
- We kindly inform you that we perform automated decision making, including based on profiling. The content of the enquiry sent via a contact form is not subject to the assessment by the IT system. The proposed cost of the service is in no capacity the result of the assessment by any IT system.
8. Personal Data Recipients
- As most of the companies, in our services, we sometimes use the help of third parties. That means that sometimes it is necessary to provide them with some personal data. In case of need, we provide your personal data to the accounting office that works with us, delivery companies, payment providers, hosting providers, the company managing the client’s panel.
- Except for the above mentioned, we may be forced to provide your data to other public or private entities based on the applicable laws or the decision of the competent authority. Therefore, it is not feasible to predict which entities may demand the data. Nonetheless, we assure you that we analyze each request for personal data very diligently and comprehensively to avoid providing the data to any unauthorized entity.
9. Transfer of personal data to third countries
We kindly inform you that your personal data is not transferred outside of the European Economic Area.
10. Personal Data Retention Period
- Under the binding laws we do not process Your personal data “indefinitely” but for the time that is needed to fulfil the set goal. After this period your personal data will be irreversibly removed or deleted.
- If we do not perform any other operations than storing your personal data (e.g. if we store the enquiry to defend against claims) we additionally secure the data until it is deleted or destroyed.
- Regarding the specific personal data retention period, we kindly inform you that we process the personal data for the period of:
- Lasting of the agreement – with reference to the personal data processed to conclude and realise the agreement;
- 3 years or 10 years + 1 year – with reference to the personal data processed to establish, investigate or defend against claims (the retention periods depends on whether both parties are companies or not);
- 12 months – with reference to the personal data collected during price assessment when the agreement was not concluded immediately.
- 5 years – with reference to the personal data needed to fulfil the tax law obligations;
- Until the withdrawal of the consent or to the realization of the processing goal, however, no longer than 5 years – with reference to the personal data processed based on the consent;
- Until the successful challenge or to fulfilling the processing goal, however, no longer than 5 years – with reference to the personal data processed based on the legitimate interest of the Administrator or for marketing purposes;
- The period in years is counted from the end of the year that the personal data processing started in order to improve the process of deleting or destroying the personal data. A separate period for each entry would cause organizational and technical issues as well as significant financial costs. Therefore, establishing one date of deleting or destroying personal data allows a smooth administration of the process. Certainly, if you decide to use “the right to be forgotten”, the claim will be handled individually.
- An additional year of the personal data retention period for the data collected to realise the agreement stems from the fact that, theoretically, you may raise claims shortly before the end of the period, the claim may be delivered with significant delay or you may incorrectly state the date of your claim.
11. Data subjects rights
- We kindly inform you that you have the right to:
- Access to your personal data
- Correct your personal data
- Delete your personal data
- Limit processing of your personal data
- Object against the processing of your personal data
- Transfer your personal data
- We respect your rights under the provisions of GDPR and we try to make their realization as easy as possible.
- The mentioned rights are not absolute. Therefore, in some cases, we may refuse their realization according to the law. If we, however, refuse the claim, we do so after thorough analysis and only if the refusal is necessary.
- Regarding the right to object, you can object to your personal data processing based on the legitimate interest of the administrator (described in section 3) due to your specific circumstances at any time. However, you need to remember that we may refuse to take your objection into account if we prove that:
- There are legitimate grounds for the data processing that are superior to your interests, rights and freedoms or;
- There is a basis to establish, investigate and defend claims.
- What is more, you may object to the processing of your personal data for marketing purposes. In this case, we cease to process your personal data after receiving the objection.
- You can realise your rights through:
- Sending an e-mail directly to the company address biuro@at-s.pl
- Sending and e-mail to the Data Protection Officer at the address: tomasz.sosnowski@at-s.pl
12. The right to raise complaints
If you think that your personal data is processed with violation of applicable laws, you may raise complaint to the President of Personal Data Protection Office.
13. Final provisions
- In matters not covered by this Privacy Policy, the provisions on the protection of personal data shall apply.
- You shall be informed about any changes and amendments to this Privacy Policy via e-mail.
- This Privacy Policy is valid from 5th November 2020.