RODO Disclosure Requirement
Who is the data controller?
The Personal Data Administrator (hereinafter referred to as the Administrator) is the company "3WINDY sp. z o.o.", located at: 367 Ciezynska Street, 43-300 Bielsko-Biała, with Tax Identification Number (NIP) assigned: 5472196361, with KRS number assigned: 0000722953, which provides services electronically through the Service
How can one contact the data controller?
The Administrator can be contacted in one of the following ways
Postal address - 3Windy sp. z o.o., 367 Ciezynska St., 43-300 Bielsko-Biala
Email address - email@example.com
Telephone connection - +48 570 555 465
Has the Administrator appointed a personal data inspector?
The Administrator has appointed a Data Protection Supervisor, who is Roberto Ventura.
The Supervisor can be contacted via:
- by e-mail by writing to: firstname.lastname@example.org, .
- by telephone at: +48 570 555 465,
- or in writing by writing to ul. Cieszynska 367, 43-300 Bielsko-Biała.
Where do we get personal data from and what are their sources?
Data is obtained from the following sources:
- from the data subjects .
- in the case of registrations through social networks, with the informed consent of such persons, from such social networks
What is the scope of the personal data we process?
The site processes ordinary personal data, voluntarily provided by the data subjects
. (e.g. name, login, email address, phone, IP address, etc.)
What are the purposes of our data processing?
Personal data voluntarily provided by users are processed for one of the following purposes:
- Realisation of electronic services:
- Services for registering and maintaining the User's account on the Site and related functionalities .
- Newsletter services (including sending advertising content upon consent) .
- Services of commenting/ liking posts on the Service without registration
- Administrator's communication with Users on issues related to the Service and data protection .
- Providing for the legitimate interest of the Administrator
What is the legal basis for data processing?
The Service collects and processes Users' data based on:.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
- Article 6(1)(a)
. the data subject has consented to the processing of his or her personal data for one or more specific purposes
- Article 6(1)(b)
processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract
- Article 6(1)(f)
The processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party
- Article 6(1)(a)
- The Personal Data Protection Act of May 10, 2018 (Official Gazette 2018, item 1000)
- Law of July 16, 2004. Telecommunications Act (Official Gazette 2004 No. 171, item 1800)
- Law of February 4, 1994 on copyright and related rights (Official Gazette 1994 No. 24 item 83)
What is the legitimate interest pursued by the Administrator?
- For the purpose of the possible establishment, investigation or defense of claims - the legal basis for processing is our legitimate interest (Article 6(1)(f) RODO) in protecting our rights, including, but not limited to;
- For the purpose of risk assessment of potential clients
- For the purpose of evaluating planned marketing campaigns
- For direct marketing purposes
For what period of time do we process personal data?
Generally speaking, the personal data indicated are kept only for the period of service provision within the scope of the service provided by the Administrator. They are deleted or anonymized within a maximum period of 30 days after the termination of service provision (e.g., deletion of a registered user's account, cancellation of newsletter subscription, etc.).
In exceptional situations, in order to ensure the legitimate interest pursued by the Administrator, this period may be extended. In such a case, the Administrator will retain the indicated data, from the time of the User's request for cancellation, for a period not exceeding 3 years in case of violation or suspected violation of the provisions of the Terms of Service by the data subject..
Who is the recipient of the data, including personal data?
Normally, the only recipient of data is the Administrator..
Data processing may, however, be outsourced to other entities that perform services for the Administrator in order to maintain the operations of the Service.. Such entities may include, but are not limited to:
- Hosting companies that provide hosting or related services to the Administrator .
- Companies through which the Newsletter service is provided .
- IT service and support companies that maintain or are responsible for maintaining the IT infrastructure
- Companies brokering online payments for goods or services offered on the Site (when making purchase transactions on the Site)
- Companies responsible for maintaining the Administrator's accounts (when making purchase transactions on the Service)
- Companies responsible for delivery of physical products to the User (postal/courier services in case of purchase transactions on the Service)
Will the User's personal data be transferred outside the European Union?
Personal data will not be transferred outside the European Union unless it is posted as a result of an individual User action (e.g., posting a comment or entry), which will make the data available to any visitor to the Service.
Will personal data be the basis for automated decision making?"
Personal data will not be used for automated decision making (profiling).
What rights do you have in relation to the processing of personal data?
Right to access personal data
. Users have the right to obtain access to their personal data, exercised upon request to the Administrator
Right to rectification of personal data
. Users have the right to request the Administrator to promptly rectify erroneous personal data and/or complete incomplete personal data, exercised upon request submitted to the Administrator
Right to delete personal data
. Users have the right to request the Administrator to immediately delete their personal data, exercisable upon request submitted to the Administrator.
In the case of user accounts, the deletion of data consists of anonymization of the data that allow the identification of the User.
In the case of the Newsletter service, the User has the option to independently delete his or her personal data using the link in each e-mail message sent.
Right to restrict processing of personal data
. Users have the right to restrict the processing of personal data in the cases specified in Article 18 of the RODO, such as questioning the correctness of personal data, exercised upon request submitted to the Administrator
Right to portability of personal data
. Users have the right to obtain from the Administrator personal data concerning them in a structured, commonly used and machine-readable format, exercised upon request submitted to the Administrator
Right to object to the processing of personal data
. Users have the right to object to the processing of their personal data in the cases provided for in Article 21 of the RODO, which can be exercised upon request submitted to the Administrator
Right to lodge a complaint
Users have the right to lodge a complaint with a supervisory authority dealing with the protection of personal data.