The Controller of personal data collected via the fgenergy.pl website is a business entity called FG Energy Spółka z ograniczoną odpowiedzialnością Spółka komandytowa, registered in the Central Registration and Information on Business of the Republic of Poland, subject to approval of the competent minister for economy, place of business: ul. 3 Maja 11, 95-100 Zgierz, address for service: ul. 3 Maja 11, 95-100 Zgierz, NIP: 9820378558, REGON: 367544980, e-mail address: email@example.com, hereinafter referred to as “Controller”.
Personal data collected by Controller via the website is processed according to Regulation (EU) of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repeal of Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and Act on Personal Data Protection of 10 May 2018.
TYPE OF PROCESSED PERSONAL DATA, PURPOSE AND SCOPE OF DATA COLLECTION
PURPOSE OF PROCESSING AND LEGAL BASIS. Controller processes personal data via the fgenergy.pl website in case of:
use of contact form by the user. Personal data is processed based on art. 6 par. 1 f) of GDPR as a legitimate interest of Controller.
subscription of the user to Newsletter to receive trade information by electronic means. Personal data is processed on basis of a separate consent, based on art. 6 par. 1 a) of GDPR.
TYPE OF PROCESSED PERSONAL DATA. Controller processes the following categories of user’s personal data:
Name and surname,
PERIOD OF PERSONAL DATA ARCHIVING. Controller stores personal data of users:
if data processing is basis for performance of an agreement as long as it is necessary for the performance of an agreement, and thereafter for a period of limitation for claims. Unless otherwise specified by a specific provision, a period of limitation for claims is six (6) years, and for claims for periodic benefits and claims for business purposes – three (3) years.
if processing of personal data is based on a consent, as long as a consent is not withdrawn, and after a consent is withdrawn for a period of time corresponding to a period of limitation for claims which Controller can present or which can be presented against Controller. Unless otherwise specified by a specific provision, a period of limitation for claims is six (6) years, and for claims for periodic benefits and claims for business purposes – three (3) years.
When using the website, additional information can be collected, in particular: IP address assigned to the user’s PC or an external IP address of the Internet provider, domain name, browser type, access time, operating system type.
Also, navigation data, including information on links users decide to access, or other actions taken at the website, can be gathered from users. Legal basis for such actions is a legitimate interest of Controller (art. 6 par. 1 f) of GDPR), consisting in facilitating use of services rendered by electronic means and improving functionality of the above services.
Provision of personal data by the user is voluntary.
Also, personal data will be processed by automated means as profiling, if the user gives their consent, based on art. 6 par. 1 a) of GDPR. In consequence, profiling will consist in assigning a person a profile to make decisions in their regard, or an analysis or prediction of their preferences, behaviours and attitudes.
Controller takes the utmost care to protect the interests of the parties in regard of their data, and in particular ensures that the data collected is:
processed in accordance with local law,
collected for specified purposes, in accordance with local law, and not subject to further processing which is incompatible with the purpose,
essentially correct and adequate to purposes for which it is processed and stored in a form allowing for identification of persons in regard of their data, no longer than it is necessary to achieve the purpose of processing.
DISCLOSURE OF PERSONAL DATA
Personal data of users is transmitted to providers of services, used by Controller when running the website. Service providers, to whom personal date is transmitted, depending on contractual agreements and circumstances, either are subject to Controller’s command as far as purposes and methods of processing of such data (processors) are concerned, or independently define purposes and methods of data processing (controllers).
Personal data of users are stored only on the territory of European Economic Area (EEA).
RIGHT TO CONTROL, ACCESS, AND CORRECT OWN DATA
A person, in regard of their data, has the right to access own data and to correct, remove, limit processing, transfer own data, and the right to object, and withdraw the consent for the processing of data at any time, with no effect on compatibility with the right to process, which has been effected based on the consent before the latter was withdrawn.
Legal basis for user’s claims:
Access to personal data – art. 15 of GDPR
Correction of personal data – art. 16 of GDPR.
Removal of data (e.g. right to be forgotten) – art. 17 of GDPR.
Limitation of processing – art. 18 of GDPR.
Transmission of data – art. 20 of GDPR.
Objection – art. 21 of GDPR
Withdrawal of consent – art. 7 par. 3 of GDPR.
To exercise the rights referred to in item 2, an e-mail with an applicable content can be sent at: firstname.lastname@example.org.
If user issues claims resulting from the above rights, Controller shall either meet the request or refuse to meet the request immediately, however no later than within a month after its receipt. If, however – due to a complex nature of the request or a number of requests – Controller is not be able to meet the request within a month, they shall meet the request within two subsequent months, notifying the user beforehand within a month from the receipt of the claim – on the intended extension of the deadline and its reasoning.
If personal data processing is found to infringe provisions of GDPR, a person, in regard of their data, may lodge a complaint with the President of the Personal Data Protection Office (Poland).
Installation of cookies is necessary for a correct rendering of services at the website. Cookies contain information necessary for the website to function correctly, and allow for preparation of general statistics for visit to the website.
At the website, session and permanent cookies are used.
Session cookies are temporary files which are stored in user’s end device until logging out (leaving the website).
Permanent cookies are stored in user’s end device throughout the period specified in cookies parameters or until cookies are removed by the user.
Controller uses own cookies to learn how user interacts as far as the website contents is concerned. Cookies collect information on how the website is used by the user, type of website from which the user was redirected and number of visits and visit time of the user on the website. This information does not record any specific personal data given by the user, but is used to prepare statistics on the website use.
The user has the right to decide on access of cookies to their PC by choosing cookies beforehand in the browser’s box. Detailed information on possibility and methods of handling of cookies are available in software (web browser) settings.
Controller takes technical and organisational measures to ensure protection of personal data being processed, adequate to hazards and category of personal data under protection, and in particular secures the data against being disclosed to unauthorized parties, collected by unauthorized parties, processed with an infringement of applicable provisions, and modification, loss, damage or destruction.
Controller makes appropriate technical measures available to prevent collection and modification, by unauthorized parties, of personal data sent by electronic means.