The Privacy and Cookie Policy is valid from January 8, 2021.
This document defines the conditions for the processing of personal data (hereinafter also referred to as “data”) and cookies within the automade.com website, conducted through the website made available at the URL: automade.com hereinafter referred to as “Website”.
§1. HOW TO CONTACT THE DATA CONTROLLER
The administrator of personal data processed within the Website is AUTOMADE sp. z o.o. with its registered office in Warsaw (00-112) at ul. Bagno 2/73, entered into the Register of Entrepreneurs of the National Court Register under the following KRS number: 0000373797, VAT ID [NIP]: 5252495883 and statistical number [REGON]: 142733942. You can contact the Data Controller using the e-mail address: [email protected].
§2. ON WHAT BASIS DO WE PROCESS YOUR DATA
When collecting personal data, we always inform you about the legal basis for their processing. It stems from the provisions of the GDPR Act (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)). When we inform about:
- 6 point 1(a) of GDPR – it means that we process personal data on the basis of the consent received,
- 6 point 1(b) of GPDR – it means that we process personal data because it is necessary to perform a contract or to take action before it is concluded, upon request,
- 6 point 1(c) of GDPR – it means that we process personal data in order to fulfil a legal obligation,
- 6 point 1(f) of GDPR – it means that we process personal data in order to pursue legitimate interests.
§3. INFORMATION ABOUT THE PROCESSING OF DATA FOR THE CONCLUSION AND EXECUTION OF CONTRACTS, POSSIBLE CLAIMS AND DEFENCE AGAINST THEM
- We may process personal data necessary to fulfil your contract. However, before it is concluded, we may process personal data necessary to take action on your request. The processing of these data shall be carried out based on Article 6 point 1(b) of the GDPR.
- During and after the performance of the contract, we process the personal data of the parties to the contract for the purpose of the possible processing of claims, as well as their recovery. Our legitimate interest is, for example, the possibility to respond to a possible complaint, which we are obliged to do under separate civil law. In such a case, we will process your personal data on the basis of your legitimate interest in defending or asserting any potential claims. The processing of these data shall be carried out on the basis of Article 6 point 1(f) of the GDPR.
- We will store this data for the period necessary to fulfil the stated purposes, not later than until the statute of limitations for claims arising from separate legal regulations.
- You have the right to access, rectification, erasure, restriction of processing, transfer of data, as well as the right to lodge a complaint with the supervisory authority. If you are processing data to consider or assert claims, you also have the right to object to the processing.
- The provision of this data is voluntary, but failure to do so will prevent the conclusion of a contract or its implementation.
- The recipients of this data are: our host provider, email service provider, IT service provider, telecommunication service provider and other service providers that we use for the designated purpose.
§4. INFORMATION ON THE PROCESSING OF DATA FOR THE PURPOSE OF SENDING THE NEWSLETTER
- We enable a subscription to the list of recipients of our newsletter. If you have used this functionality, we process your personal data precisely to send the newsletter. The newsletter may contain advertising, commercial or marketing content.
- The processing of these data shall be carried out on the basis of Article 6 point 1(a) of the GDPR.
- You have the right to revoke your consent at any time. However, the withdrawal of consent shall not affect the lawfulness of prior processing.
- We will retain your data until your consent is withdrawn. If you never revoke it, we will process your data until we stop sending the newsletter.
- You have the right to access, rectification, erasure, restriction of processing, transfer of data, as well as the right to lodge a complaint with the supervisory authority.
- The provision of this data is voluntary, but failure to do so will prevent the newsletter from being sent.
- The recipients of this data are: our hosting provider, newsletter service provider.
- To unsubscribe from the newsletter you can click “unsubscribe” in the newsletter or contact us by email: [email protected].
§5. INFORMATION ON DATA PROCESSING FOR DIRECT MARKETING AND PROFILING
- We may process your personal data for direct marketing purposes. This happens, for example, when we respond to your message by providing details of our offer.
- For direct marketing, we can use profiling, which is automated in making decisions about displaying your ads. This decision is made on the basis of actions taken by you on the Website, in particular on the basis of agreements concluded or pages viewed. In practice, profiling supports the usability of our Service, allowing us to present you with content that may potentially be of interest to you.
- The processing of these data shall be carried out on the basis of Article 6 point 1(f) of the GDPR.
- We will store your data until the time necessary for the purpose of the implementation.
- You have the right to access, rectification, erasure, restriction of processing, transfer, object to the processing of data, as well as the right to lodge a complaint with the supervisory authority.
- You have the right not to be profiled unless you agree to it. However, the basis for processing your data will then be your consent (Article 6 point 1(a) of the GDPR), which can be revoked at any time. Your data will then also be processed until your consent is withdrawn.
- The provision of this data is voluntary, and failure to do so will prevent direct marketing activities.
- The recipients of this data are our hosting provider, telecommunication service provider, advertising service provider and communicator provider available on the Website.
§6. INFORMATION ON DATA PROCESSING FOR SECURITY PURPOSES
- As soon as you start our website, we process data to ensure the security of our services:
- the public IP address of the device from which the query came,
- type and language of the browser,
- date and time of the inquiry,
- number of bytes sent by the server,
- the URL of a previously visited page, if the visit was made using that link,
- information about errors that occurred during the execution of the query.
- Our legitimate interest in this processing is to keep server event logs and protect the Website from potential hacking attacks and other abuses. Including the ability to determine the IP address of a person performing a prohibited activity in the area of the Website, such as attempting to break security, or publishing prohibited content, or attempting to perform prohibited activities using our servers.
- The processing of these data shall be carried out on the basis of Article 6 point 1(f) of the GDPR.
- We will store this data for the period necessary to fulfil the stated purposes, not later than until the statute of limitations for claims arising from separate legal regulations.
- You have the right to access, rectification, erasure, restriction of processing, objection to the processing of your data, as well as the right to lodge a complaint with the supervisory authority.
- Providing this data is a condition of using the Website. Failure to provide these data will prevent the use of the Website.
- The recipient of this data is our hosting provider, a provider of telecommunications services.
§7. INFORMATION ON DATA RECIPIENTS
When processing personal data, we use external services. Therefore third parties may recipients of your personal data. When collecting personal data, we always inform about these recipients, however, due to the primacy of legibility, we do so briefly. Therefore, we hereby clarify that when we communicate the different categories of recipients, they are the following:
- Provider of the automade.com domain – home.pl, ul. Zbożowa 4, 70-653 Szczecin, Poland
- Hosting provider – ATM S.A., ul. Grochowska 21a, 04-186 Warszawa, Poland
- Telecommunication service provider – P4 Sp. z o.o., ul. Taśmowa 7, 02-677 Warszawa, Poland
- CRM service provider – Pipedrive OÜ, Mustamäe tee 3a, Tallinn 10615, Estonia
- Provider of communicator and newsletter service – User.com Sp. z o.o., ul. Grzybowska 87, 00-844 Warszawa, Poland
- Legal / advisory / debt collection service provider – these service providers are established individually, in case of each demand.
At the same time, AUTOMADE sp. z o.o. carries out marketing activities on the basis of the consent given to the following third parties:
- Business Online Services Sp. z o.o., ul. Bagno 2/73, 00-112 Warszawa, Poland, VAT ID [NIP]: 5542853380, statistical number [REGON]: 340647155, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court in Bydgoszcz, XIII Economic Department of the National Court Register under KRS number: 0000340328.
- Varsovia Capital Sp. z o.o., ul. Bagno 2/73, 00-112 Warszawa, Poland, VAT ID [NIP]: 7010119373, statistical number [REGON]: 141387449, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw, 12th Commercial Division of the National Court Register under KRS number: 0000873219.
- AUTOMADE sp. z o.o., ul. Stanisława Zbrowskiego 14, 26-610 Warszawa, Poland, VAT ID [NIP]: 9671434894, statistical number [REGON]: 385884207, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Bydgoszcz, XIII Commercial Department of the National Court Register under KRS number: 0000833442.
§8. INFORMATION ON TRANSFERS OF DATA TO THIRD COUNTRIES
- As we use other providers, your personal data may be transferred outside the European Economic Area, namely to the United States of America (USA).
- The European Commission has established that some countries outside the European Economic Area (EEA) have adequate protection of personal data.
- Since the country to which the personal data is transferred is not considered a secure country, the transfer of data is based on an agreement containing standard data protection clauses adopted by the European Commission.
§9. UNCONDITIONAL RIGHTS OF THE INDIVIDUALS WHOSE DATA IS PROCESSED
When we write about the rights related to the processing of your personal data, we refer to the rights described below. The possibility to exercise the following rights is independent of the legal basis for processing personal data.
The right of access to data
You have the right to obtain confirmation from us whether we are processing personal data about you. In such a case, you have the right to access this data and to receive additional information about:
- processing purposes,
- categories of relevant data,
- the recipients or categories of recipients to whom the data have been or will be disclosed, in particular those in third countries or international organisations,
- as far as possible, the planned period of data retention and, if this is not possible, the criteria for determining that period,
- the right to demand that we correct, delete or restrict data processing, to object to such processing and to lodge a complaint with the supervisory authority,
- the data source, if your data was not collected from you,
- automated decision making, including profiling, and the rules for doing so, as well as the significance and anticipated consequences of such processing for you.
Upon receipt of such a request, we are obliged to provide a copy of the personal data to be processed. If such a request is received electronically, and unless we receive a different objection, we will also provide information electronically.
Right of rectification
You have the right to request that we immediately rectify any personal data concerning you that is incorrect. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by submitting an additional declaration.
The right to delete data (to be forgotten)
You have the right to ask us to delete your personal data about you immediately. We are then obliged to remove personal data without undue delay, not longer than 30 days after AUTOMADE sp. z o.o. receives the notification, if one of the following circumstances occurs:
- you have revoked your consent to the processing of your personal data, and we have no other basis for processing it,
- you have raised an effective objection to the processing of data concerning you,
- your personal data was processed illegally,
- your personal data must be deleted in order to comply with your legal obligation,
- your data was collected in connection with the provision of information society services.
Right to limit processing
You have the right to ask us to restrict processing in the following cases:
- when you question the correctness of the data – for a period that allows us to check it
- the processing is unlawful, and you object to the deletion of the data by requesting a restriction on its use instead,
- we no longer need personal data for processing, but you need it to establish, assert or defend your claims,
- you have objected to the processing of your data – until it has been established whether the legitimate grounds on our part take precedence over those of your objection.
Automated decisions, including profiling
You have the right not to be subject to a decision that is based solely on automated processing, including profiling, and which produces legal effects on you or in a similar way significantly affects you.
The law does not apply if the decision:
- is necessary to conclude or perform a contract between you and us,
- is allowed by the EU law or by the law of the Republic of Poland and which provides for appropriate measures to protect your rights, freedoms and legitimate interests, or
- is based on your explicit consent.
Right to lodge a complaint
You have the right to lodge a complaint with the supervisory authority in connection with the processing of your personal data: President of the Office for the Protection of Personal Data, ul. Stawki 2, 00-193 Warszawa, Poland, tel. 22 531 03 00, fax. 22 531 03 01, e-mail: [email protected].
You have the right to access the data, to rectify the data, to delete the data (to be forgotten), to limit the processing, and not to be subject to automated decisions, including profiling. In order to exercise this right, contact AUTOMADE sp. z o.o. in writing to the address: AUTOMADE sp. z o.o., ul. Stanisława Zbrowskiego 14, 26-610 Radom or by e-mail to [email protected].
§10. THE RELATIVE RIGHTS OF THE INDIVIDUALS WHOSE DATA IS PROCESSED
When we write about the rights related to the processing of your personal data, we refer to the rights described below. The possibility of using them is always dependent on the legal basis for processing personal data.
Right to withdraw consent to processing
If we process your personal data on the basis of your consent, you have the right to revoke this consent at any time. Naturally, the withdrawal of consent does not affect the lawfulness of prior processing of personal data.
Right to transfer data
You have the right to receive your personal data provided by you in a structured and commonly used machine-readable format. You also have the right to send this personal data to another controller without any obstacles on our part if the processing takes place:
- on the basis of consent or on a contractual basis, and
- w sposób zautomatyzowany.
In exercising your right to data transfer, you have the right to request that your personal data be transferred by us directly to another controller, if technically possible. This right must not adversely affect the rights and freedoms of others.
Right to object
Where we process your personal data on the basis of Article 6 point 1(f) of the GDPR, you have the right to object to the processing of these data on the grounds of your particular situation.
We are then no longer allowed to process this personal data unless we can prove its existence:
- important legitimate grounds for processing, which must take precedence over your interests, rights and freedoms, or
- the grounds for establishing, investigating or defending claims.
Even if you object to the processing of your personal data for direct marketing purposes, we will not be able to process them for such purposes.
§11. COOKIES – INTRODUCTION
The site of the Website uses cookies. These are commonly used, small files containing a string of characters that are sent and saved on an end device (e.g. computer, laptop, tablet, smartphone) used when visiting the Website. This information is sent to the memory of the browser you are using, which sends it back when you next visit the site. Cookies can be categorized using three methods of division.
In terms of the purpose of using cookies, we distinguish between three categories:
- Essential files – these files enable the proper functioning of the Website and its functionality, e.g. authentication or security cookies. Without saving them on your device, you will not be able to use the Website.
- Functional files – files that allow you to remember the settings you have chosen and to adjust the Website to your needs and preferences, e.g. in terms of the selected language, font size, website appearance. They allow us to improve the functionality and efficiency of the Website. Without saving them on your device, the use of some functionalities of the Website will be limited.
- Business files – this category includes for example advertising cookies. They allow you to adjust the ads displayed on or off the Website to your preferences. Without saving them on your device, the use of some functionalities of the Website may be limited.
We distinguish between two categories of cookies in terms of their expiry time:
- session files – existing until the end of the session,
- persistent files – existing after the session.
In terms of distinguishing the entity administering the cookies, we extract:
- our cookies,
- third party cookies.
§12. DATA CONTROLLER COOKIES
The cookies we manage allow for:
- access authentication,
- maintaining a session after logging in,
- to protect the Website from hacking attacks,
- “saving” by the browser the content of the fields to be completed (optional),
- adjusting the content of the Website’s site to your preferences.
Thanks to this, using the functionality of the Website becomes easier and more pleasant.
§13. THIRD-PARTY COOKIES
We use cookies administered by Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States of America as part of services:
- Google Ads – they allow for conducting and evaluating the quality of advertising campaigns carried out using the Google Ads service,
- Google Analytics – they allow to evaluate the quality of advertising campaigns carried out with the use of Google Ads service, as well as to study users’ behaviour and traffic and to compile traffic statistics,
- Google Maps – they allow to store information about you, which enables you to use the map functionality available within the Google Maps service. Google Inc. can track your location,
- YouTube – they allow to store user information that enables you to take advantage of the YouTube service. Google Inc. can follow your video playback.
The data collected by Google Inc is anonymous and aggregated. In particular, they do not contain identification features (understood as personal data) of the Website users. When you use these services, we collect data such as the sources of visitors to the Website, as well as information on the Website, information on the devices and browsers you use, IP address, domain, demographic data (age, gender), interests and geographic data.
We use cookies administered by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
We use cookies used by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. These files may be used to link your Facebook account with your account on the Website (as long as we provide such functionality and you use that account). These files can also be used to process your Facebook activities using the “Share” or “Like” buttons. The processing of these activities may be public.
The use of third-party cookies is subject to their privacy and cookie policies. Current third party rules in this area can be found here:
- Google – Privacy Policy,
- Twitter – Privacy Policy,
- Facebook – Privacy Principles, Privacy Explanation, Policies Cookies, Manage Your Privacy.
§14. CONSENT TO THE USE AND MANAGEMENT OF COOKIES
Consent to the processing of cookies is voluntary and can be revoked at any time. Please note, however, that if you do not agree to the use of certain cookies, you may have limitations on your use of the Website and its functionality, or even not be able to use it at all.
The consent to the processing of cookies may be granted by:
- by means of settings of the software installed in the telecommunication end device you use,
- by using the button containing a statement of consent to the processing of cookies or confirming that you have read its terms and conditions.
Most often the browser settings by default allow to place cookies and other information on the end device. If you do not agree to save these files, you must change your browser settings accordingly. It is possible to disable saving for all connections from a given browser or for a specific site and to delete them. The way you manage your files depends on the software you use.
You can find the current rules of file management in the settings of your web browser and here:
§15. CACHE
When you use the Website, we may automatically use the cache installed in your device. Within the local memory, it is possible to store data between sessions, i.e. between subsequent visits to the site of the Website. The purpose of using the cache is to speed up the use of the Website by eliminating the situation in which the same data would be repeatedly downloaded from the Website, thus overloading the User’s Internet connection. The cache can also store data such as the login password.
§16. PIXEL TAGS
We use Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, United States pixel tag technology. These elements are published in digital content and enable recording information, e.g. about the activity carried out on the website, as well as assessing the effectiveness of advertising. Facebook Inc. pixel tag management is possible via Facebook, in its user panel. You can find out more about this here:
- Facebook – Privacy Principles, Privacy Explanation, Policies Cookies, Manage Your Privacy.
§17. LINKS TO OTHER WEBSITES OR SOFTWARE
The site may contain links to other websites or software. We do not take responsibility for the privacy and cookie handling policies of these sites or software. We recommend that you read the privacy and cookie policy of these sites or software when you visit them or before installing them.
§18. CHANGES TO THE PRIVACY POLICY AND COOKIES
- The privacy and cookie policy comes into force on the date of publication on the Website.
- The change of the Privacy Policy and cookies takes place by publishing its new content on the website of the Service.
- The information about the change of the Privacy Policy and cookies is published in the area of the website of the Service, not later than 3 days before the date of its new wording.