1. General information
- This policy applies to the Website available at the URL: www.horlop.pl
- The website operator and the Controller of personal data is: HORPOL J.I.A.T. Horeczy Sp. k. 86-005 Białe Błota, Lipniki, ul. Lipowa 3.
- Operator’s e-mail address for contact purposes: email@example.com
- The operator is the Controller of your personal data in relation to data provided voluntarily on the Website.
- The Website uses personal data for the following purposes:
- Sending the newsletter
- Handling of queries by the form
- Implementation of the ordered services
- Presentation of the offer or information
- The Website performs the functions of obtaining information about users and their behaviour as follows:
- By voluntarily entered data in the forms, which are entered into the Operator’s systems.
- By saving cookies in end devices.
2. Selected methods of data protection applied by the Operator
- Personal data stored in the database shall be encrypted in such a way that only the Operator who has the key can read it. This allows the data to be protected in the event of a database being stolen from the server.
- The Operator shall periodically change its administrative passwords.
- In order to protect the data, the Operator regularly makes backup copies.
- An important element of data protection is the regular update of all software used by the Operator to process personal data, which in particular means regular updates of programming components.
- The website is hosted (technically maintained) on the operator’s server: Webtom.pl
- Hosting company registration data:
Webtom.pl Sp. z o.o., registered in the Register of Entrepreneurs of the National Court Register kept by the District Court Poznan Nowe Miasto and Wilda in Poznan, IX Commercial Division of the National Court Register under KRS number 0000967376, REGON (National Business Registry Number): 521791596, NIP (Taxpayer identification number) 7642708632.
- Hosting company:
- uses security measures preventing loss of data (e.g. disk arrays, regular backup copies),
- applies adequate measures for protection of processing sites in case of fire (e.g. special firefighting systems),
- applies adequate measures to protect the processing systems in the event of a sudden power failure (e.g. dual power lines, power generating units, UPS backup systems),
- applies measures of physical protection of access to data processing sites (e.g. access control, surveillance cameras),
- applies measures to ensure appropriate environmental conditions for servers which are elements of the data processing system (e.g. control of environmental conditions, professional air conditioning systems),
- uses organisational solutions to ensure a high level of protection and confidentiality (training, internal regulations, password policy, etc.),
- appointed the Data Protection Officer.
- The hosting company in order to ensure technical reliability is keeping logs on the server level. The log file may cover:
- resources specified in the URL (addresses of requested resources – websites, files),
- time of the request,
- time of sending the response,
- name of the client’s station – identification provided by HTTP protocol,
- information on errors that occurred in the implementation of HTTP transactions,
- URL of the website previously visited by the user (referrer link) – if the directing to the Website took place via a link,
- information about the user’s browser,
- IP address information,
- information related to the process of ordering services on one’s own via loggers on the website,
- information related to handling of e-mails sent to the Operator and sent by the Operator.
4. Your rights and additional information on the use of data
- In some situations, the Controller has the right to transfer your personal data to other recipients if this is necessary for the performance of an agreement concluded with you or to fulfil the obligations incumbent on the Controller. This applies to such groups of recipients:
- authorised employees and associates who use the data for the purpose of implementation of objectives of actions of the party,
- companies providing marketing services to the Controller.
- Your personal data will be processed by the Controller no longer than it is necessary to perform activities related to it, which are specified in separate regulations (e.g. accounting). With regard to marketing data, the data will not be processed for more than 3 years.
- You have the right to demand from the Controller:
- to access your personal data,
- to rectify it,
- to remove it,
- to limit its processing,
- to transfer data.
- You have the right to object to the processing specified in point 3.3 (c) in relation to processing of personal data for the purpose of performing the legitimate interests pursued by the Controller, including profiling, and the right to object will not be exercised in the case of valid legitimate grounds for processing, overriding the data subject’s interests, rights and freedoms, in particular the establishment, exercise or defence of claims.
- In relation to the Controller’s actions, you may file a complaint to the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
- Providing personal data is voluntary, but necessary to operate the Website.
- You may be subject to activities consisting in automated decision-making, including profiling for the purpose of providing services under the concluded agreement and for the purpose of direct marketing by the Controller.
- Personal data shall not be transferred from third countries within the meaning of the provisions on personal data protection. This means that we do not send them outside the European Union.
5. Information in forms
- The Website collects information provided voluntarily by the user, including personal data, if provided.
- The Website can save information about the connection parameters (time, IP address).
- The Website may, in some cases, save information facilitating the link between the data in the form and the e-mail address of the user who fills the form. In such a case, the user’s e-mail address will appear inside the URL of the form page.
- The data provided in the form is processed for the purpose resulting from the function of a specific form, e.g. in order to process a service request or business contact, registration of services, etc. Each time the context and description of the form clearly indicates its purpose.
6. Controller Logs
- User behaviour on the Website may be subject to logging. This data is used to administer the Website.
7. Relevant marketing techniques
- The Operator uses remarketing techniques, allowing for adjustment of advertising messages to the user’s behaviour on the website, which may give the illusion that the user’s personal data is used to track them, but in practice there is no transfer of any personal data from the Operator to advertising operators. A technological condition for such activities is enabling cookies.
- The Operator uses a solution that examines user behaviour by creating a heat map and recording behaviour on the website. This information shall be anonymised before it is sent to the service provider in such a way that it does not know to which natural person it relates. In particular, passwords and other personal data shall not be recorded.
- The Operator uses a solution that automates the functioning of the Website with regard to users, e.g. it is capable of sending an e-mail to the user after a specific subpage has been visited, provided that they agree to receive business correspondence from the Operator.
8. Information on cookies
- Cookies are IT data, in particular text files, which are stored in the end device of the Website User and are intended for use on the Website pages. Cookies usually contain the name of the website from which they come, their storage time on the end device and a unique number.
- The entity placing cookies on the end device of the Website User and accessing them is the Website Operator.
- Cookies are used for the following purposes:
- maintaining the Website user session (after logging in), thanks to which the user does not have to re-enter login and password on each subpage of the Website;
- implementation of the objectives set out in the “Relevant marketing techniques” section above;
- Two basic types of cookies are used within the Website: “session cookies” and “persistent cookies”. Session cookies are temporary files stored in the User’s end device until they log out, leave the website or disable the software (web browser). Persistent cookies are stored in the User’s end device for a period specified in the parameters of cookies or until their removal by the User.
- Web browsing software (web browser) usually allows cookies to be stored in the User’s end device by default. Website Users may change the settings in this respect. The web browser allows you to delete cookies. It is also possible to automatically block cookies. Detailed information on this topic can be found in the help or documentation of the web browser.
- Cookies placed in the end device of the Website User may also be used by entities cooperating with the Website Operator, in particular the following companies: Google (Google Inc. with its registered office in the USA), Facebook (Facebook Inc. with its registered office in the USA), Twitter (Twitter Inc. with its registered office in the USA).
9. Managing cookies – how to accept and withdraw consent in practice?
- If the user does not want to receive cookies, they can change setting of their browser. We reserve that disabling cookies necessary for processes of authentication, security and maintaining user preferences may hinder or, in extreme cases, prevent the use of websites
- In order to manage cookies, select from the list below the web browser you use and follow the instructions: