1.1. Administrator – Rowerowyfun Paweł Molek, ul. Biała 40, 33-395 Chełmiec.
1.2. Personal data – all information about a physical person identified or identifiable by one or more specific factors determining a physical, physiological, genetic, psychological, economic, cultural or social identity, including image, voice recording, contact details, location data, information contained in correspondence, information collected via recording equipment or other similar technology.
1.3. Policy – this Policy for processing personal data.
1.4. RODO – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC.
1.5. The data subject – every natural person whose personal data is processed by the Administrator, for example a person visiting the Administrator’s premises or sending a query to him in the form of an e-mail.
2. PROCESSING OF DATA BY THE ADMINISTRATOR
2.1. In connection with its business, the Administrator collects and processes personal data in accordance with the relevant regulations, in particular with the GDPR and the data processing rules provided for in them.
2.2. The administrator ensures transparency of data processing, in particular, always informs about the processing of data at the time of collection, including about the purpose and legal basis of the processing – eg when concluding a contract for the sale of goods or services. The administrator makes sure that the data is collected only to the extent necessary for the indicated purpose and processed only for as long as it is necessary.
2.3. By processing data, the Administrator ensures their security and confidentiality as well as access to information about processing to data subjects. If, despite the security measures applied, there has been a breach of the protection of personal data (eg “leak” or loss of data), the Administrator will inform the data subjects of such an event in a manner consistent with the provisions.
3. CONTACT WITH THE ADMINISTRATOR
3.1. The administrator can be contacted by e-mail firstname.lastname@example.org, contact form at www.rowerowyfun.pl/kontakt, by phone at 501-222-742 or in writing to the address of the seat of RowerowyFun Paweł Molek, ul. Biała 40, 33-395 Chełmiec.
4. SECURITY OF PERSONAL DATA
4.1. In order to ensure the integrity and confidentiality of data, the Administrator has implemented procedures that allow access to personal data only to authorized persons and only to the extent that it is necessary due to the tasks performed by them. The administrator applies organizational and technical solutions to ensure that all operations on personal data are registered and made only by authorized persons.
4.2. In addition, the Administrator undertakes all necessary actions to ensure that its subcontractors and other cooperating entities guarantee appropriate security measures whenever they process personal data at the request of the Administrator.
5. OBJECTIVES AND LEGAL BASIS FOR PROCESSING OF DATA BY BICYCLE.PL
5.1. Personal data of all persons using the Administrator’s internet portal www.rowerowyfun.pl, including IP addresses or other identifiers and information collected via cookies or other similar technologies, are processed:
5.1.1. in order to provide electronic services in the field of making the content collected on the website available to users – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR);
5.1.2. for analytical and statistical purposes – then the legal basis for processing is the Administrator’s legitimate interest (Article 6 (1) letter f) of the RODO consisting in analyzing users’ activity as well as their preferences in order to improve the functionalities and services provided;
5.1.3. in order to possibly set and enforce claims or defend them – the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) letter f) of the RODO consisting in the protection of its rights;
5.2. The user’s activity on the Administrator’s website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities regarding the IT system used to provide services by the Administrator). Information collected in logs is processed primarily for purposes related to the provision of services. The administrator also processes them for technical and administrative purposes, to ensure the security of the IT system and management of this system, as well as for analytical and statistical purposes – in this respect, the legal basis of processing is the legitimate interest of the Administrator (Article 6 paragraph 1 point f) RODO).
5.3. Session, which the user’s web browser establishes with the Administrator’s servers from the moment of logging in to logging out of the website, is protected by the TLS protocol. This means that all data, including personal data, are sent using cryptographic security (encryption).
5.1. The administrator processes personal data of users in order to carry out marketing activities, which may consist in:
5.1.1. conducting activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
COOKIES AND LIKE TECHNOLOGY
5.2. Cookies are small text files installed on the user’s device browsing the site. Cookies collect information that facilitates the use of the website – for example, by memorizing the user’s visits to the website and the activities carried out by him. The legal basis for the processing of such data is the legitimate interest of the Administrator (Article 6 (1) letter f of the RODO).
5.3.1. cookies with data entered by the user (session id) for the duration of the session (user input cookies);
5.3.2. authentication cookies used for services requiring authentication for the duration of the session (authentication cookies);
5.3.3. cookies used to ensure security, e.g. used to detect user centric security (cookies);
5.3.4. session cookies for multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
5.3.5. permanent cookies used to personalize the user interface for the duration of the session or a bit longer (user interface customization cookies),
5.3.6. cookies used to monitor traffic on the website, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the user uses the site, to generate statistics and reports on the operation of the website). Google Analytics also serves the purpose of targeting behavioral advertising to users. Google does not use the collected data to identify you or link this information to allow identification. Detailed information about the scope and rules of data collection in connection with this service can be found under the link: Google – Privacy and Terms.
CONTACT FORMES AVAILABLE AT WWW.ROWEROWYFUN.PL
5.4. The administrator provides the opportunity to contact him using electronic contact forms, available on the Administrator’s websites. Using the form requires providing personal data necessary to contact the user and reply to the request. The user may also provide other data to facilitate contact or service of the inquiry. Providing data marked as mandatory is required in order to receive and service the request, and failure to do so results in a lack of service. Providing other data is voluntary.
5.4. Personal data is processed:
5.4.1. in order to identify the sender and handle the request or answer the question sent via the contact form – the legal basis for processing is the Administrator’s legitimate interest (Article 6 paragraph 1 letter f) and allowing for handling requests and answering questions asked in in particular by persons interested in Administrator’s services;
5.4.2. in order to monitor and improve the quality of services, including customer service – the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the RODO) enabling the improvement of the quality of services provided by the Administrator.
E-MAIL AND TRADITIONAL CORRESPONDENCE
5.5. In the event of referral to the Administrator via e-mail or traditional correspondence, personal data contained in this correspondence is processed solely for the purpose of communication and resolving the matter to which the correspondence relates.
5.5. The legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the RODO) consisting in the correspondence addressed to him in connection with his economic activity.
5.5. The administrator processes only personal data relevant to the case to which the correspondence relates. All correspondence is stored in a manner ensuring the security of personal data (and other information) contained in it and disclosed only to authorized persons.
5.6. In the case of contacting the Administrator by phone, the Administrator may request the provision of personal data only when it is necessary to handle the matter to which the contact relates. The legal basis in this case is the justified interest of the Administrator (Article 6 (1) (f) of the RODO) consisting in enabling the handling of requests and answering questions asked by persons interested in the Administrator’s services.
5.7. The administrator processes the personal data of users visiting Administrator profiles carried out in social media (Facebook, YouTube, Instagram, Twitter). These data are processed only in connection with maintaining the profile, including to inform Users about the activity of the Administrator and to promote various types of events, services and products. The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest (Article 6 (1) letter f) of the RODO, which consists in promoting its own brand.
DATA REQUIRED DURING THE RESERVATION OF THE SPORT EQUIPMENT
5.8. During the registration, it is necessary to provide the following data: name or company, telephone number, e-mail.
The personal data referred to in art. 27 sec. 1 of the Act of 29 August 1997 on the Protection of Personal Data (consolidated text, Journal of Laws 2002, No. 101, item 926, as amended),
5.9. Users for booking bikes make payments via an online bank transfer. They provide their data on the website, which are required for a transfer but because payments are made on the basis of an external service, the Administrator of the RowerowyFun service has no influence on them.
COLLECTION OF DATA IN OTHER CASES
5.10. In connection with the conducted activity, the Administrator collects personal data also in other cases – eg during business meetings, at industry events or through exchange of business cards – for purposes related to initiating and maintaining business contacts. The legal basis for processing is in this case the justified interest of the Administrator (Article 6 (1) (f) of the RODO) consisting in creating a network of contacts in connection with the conducted activity.
5.10.1. Personal data collected in such cases are processed only for the purpose for which they were collected and the Administrator provides them with adequate protection.
6. PROCUREMENT PERIOD OF PERSONAL DATA
6.1. The period of data processing by the Administrator depends on the type of service provided and the purpose of the processing. The data processing period can also result from the rules when they form the basis for processing. In the case of data processing based on the justified interest of the Administrator – for example for security reasons – the data is processed for a period of time enabling this interest to be realized or for reporting effective opposition to data processing. If the processing is based on consent, the data is processed until it is withdrawn. When the processing basis is a necessity to enter into and perform the contract, the data is processed until it is resolved.
6.2. The data processing period may be extended if the processing is necessary to establish or enforce claims or defend against claims, and after this period – only in the case and to the extent that it will be required by law. After the end of the processing period, the data is irreversibly deleted or anonymized.
7. POWERS RELATED TO THE PROCESSING OF PERSONAL DATA OF THE RIGHTS OF PERSONS WHOSE DATA CONCERN
7.1. The data subjects have the following rights:
7.1.1. the right to information about the processing of personal data – on this basis, the person making the request transfers information about data processing, including primarily about the purposes and legal grounds for processing, the scope of data held, entities to which they are disclosed and the planned date of deletion;
7.1.2. the right to obtain a copy of the data – on this basis, the Administrator provides a copy of the data processed concerning the person making the request;
7.1.3. the right to rectify – the Administrator is obliged to remove any incompatibilities or errors of personal data being processed and to supplement them if incomplete;
7.1.4. the right to delete data – on this basis, you can request deletion of data, the processing of which is no longer necessary to pursue any of the purposes for which they were collected;
7.1.5. the right to limit processing – in the event of such a request, the Administrator ceases to perform operations on personal data – except for operations agreed to by the data subject and their storage, in accordance with accepted retention rules or until the reasons for limiting data processing have ceased to exist ( for example, a supervisory decision will be issued allowing further processing of data);
7.1.6. the right to data transfer – on this basis – to the extent that the data is processed in relation to the concluded agreement or expressed consent – the Administrator issues data provided by the person they concern in a format that allows their reading by the computer. It is also possible to request that data to be sent to another entity – provided, however, that there are technical possibilities in this regard on the part of the Administrator as well as the other entity;
7.1.7. the right to object to the processing of data for marketing purposes – the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such objection;
7.1.8. the right to object to other purposes of data processing – the data subject may at any time object to the processing of personal data, which takes place on the basis of the Administrator’s justified interest (eg for analytical or statistical purposes or for reasons related to the protection of property); objection in this respect should contain justification;
7.1.9. the right to withdraw consent – if the data are processed on the basis of the consent given, the data subject has the right to withdraw it at any time, but this does not affect the lawfulness of the processing carried out prior to the withdrawal of the consent.
7.1.10. the right to complaint – if it is decided that the processing of personal data violates the provisions of the RODO or other provisions on the protection of personal data, the data subject may file a complaint to the President of the Office of Personal Data Protection.
SUBMISSION OF DEMANDS RELATED TO THE IMPLEMENTATION OF THE RIGHTS
7.2. An application for the exercise of the rights of data subjects can be submitted:
7.2.1. in writing to the following address: ul. Biała 40, 33-395 Chełmiec.
7.2.2. by e-mail to the following address: email@example.com
7.3. If the Administrator is unable to identify the person submitting the application on the basis of the submitted application, he will ask the applicant for additional information.
7.4. The response to the notification should be given within one month of its receipt. If it is necessary to extend this deadline, the Administrator informs the applicant about the reasons for the delay.
7.5. The answer is given through the same medium through which the application was submitted.
8. CHANGES IN THE POLICY OF PROCESSING OF PERSONAL DATA
The policy is verified on an ongoing basis and updated as necessary. The current version of the Policy was adopted on May 23, 2018.