The trust of those whose personal data we process and compliance with data protection legislation are very important to us. We would like to inform you of our principles regarding the collection, processing, security, transfer and use of personal data, as well as to indicate whom you can contact in matters relating to your personal data.
In accordance with the requirements of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the ‘Regulation’, we inform you as follows:
(1) Personal Data Controller
The controller of the personal data, hereinafter referred to as ‘Administrator’, is:
getsix® Services Sp. z o.o. with its registered office at 45 Zwycięska Street, 53-033 Wrocław
NIP: 8971696072
KRS: 0000210805
The Administrator is responsible for the secure use of personal data, in accordance with the purposes for which they were collected and in compliance with the applicable law.
(2) Contacting the Administrator
The Administrator’s contact details:
– telephone: +48 71 388 13 00
– e-mail: gdpr@getsix.pl
– correspondence address: 45 Zwycięska Street, 53-033 Wrocław
Contact with the Data Protection Inspector:
– Mr. Sebastian Możejko
– phone: +48 71 388 13 00
– e-mail: gdpr@getsix.pl
– correspondence address: 45 Zwycięska Street, 53-033 Wrocław
General provisions
We use the collected personal data only for the specified, justified purposes for which they were collected. The scope of the personal data, the purpose of the processing, the legal basis for the processing, the storage period and the categories of recipients of the data result from the legal requirements towards the Controller and the nature and scope of the activities undertaken by the data subject.
(3) Purpose of data processing by the Controller, legal basis for processing and storage period:
(a) Purpose of processing: To take action at the request of the data subject before entering into a contract (e.g. preparation of an offer).
Legal basis: Article 6(1)(b) of the Regulation (‘performance of a contract’)
Storage period: The data shall be stored for the period necessary for the performance, termination or expiry of the contract and until the statute of limitations for possible claims.
(b) Purpose of processing: To conclude and perform the contract (including ensuring the quality of service)
Legal basis: Article 6(1)(b) of the Regulation (‘performance of the contract’)
Storage period: Data shall be stored for the period necessary for the performance, termination or expiry of the contract and until the statute of limitations for any claims.
(c) Purpose of processing: To carry out direct marketing (targeting messages to selected individual customers for direct response)
Legal basis: Article 6(1)(f) of the Regulation (‘legitimate interests of the Administrator’)
Storage period: Data are stored for the duration of the Administrator’s legitimate interests and until the statute of limitations for claims. In the event of an effective objection, the data will not be processed for direct marketing purposes.
(d) Purpose of processing: To carry out marketing activities
Legal basis: Article 6(1)(a) of the Regulation (‘consent of the data subject’)
Storage period: Data is stored until consent is withdrawn.
(e) Purpose of data processing:
Issuing, collecting and storing invoices and accounting documents, as well as bookkeeping.
Legal basis for processing:
Article 6(1)(c) of the Regulation (‘fulfilment of a legal obligation’) in connection with Article 74(2) of the Accounting Act and Article 86(1) of the Tax Ordinance.
Storage period:
The data shall be retained for the period required for the maintenance of accounts and accounting documents (i.e. for 5 years, calculated from the beginning of the year following the financial year to which the data relate) and for the period after which tax liabilities become statute-barred.
(f) Purpose of data processing:
To process complaints within the period and form provided for by law.
Legal basis for processing:
Article 6(1)(c) of the Regulation (‘fulfilment of a legal obligation’).
Storage period:
The data are stored for 1 year after the end of the warranty period or the handling of the complaint, and thereafter for the period after which legal claims become time-barred.
(g) Purpose of data processing:
The expression of opinions by the Customer.
Legal basis for processing:
Article 6(1)(a) of the Regulation (‘consent of the data subject’).
Storage period:
The data are stored until the data subject withdraws consent.
(h) Purpose of data processing:
Detection and prevention of abuse.
Legal basis for processing:
Article 6(1)(c) of the Regulation (‘fulfilment of a legal obligation’).
Storage period:
The data are stored for the duration of the contract and thereafter for the period of limitation of claims arising from the contract. If the Administrator pursues a claim or reports the matter to the authorities, the data are kept for the duration of the proceedings and ‘for 5 years from the beginning of the year following the financial year in which operations, transactions and proceedings are finally completed, paid off, settled or barred’.
(i) Purpose of data processing:
To establish, defend and assert claims made by or against the Administrator (including the sale of claims to another entity).
Legal basis for processing:
Article 6(1)(f) of the Regulation (‘legitimate interests of the Administrator’) in conjunction with Article 74(2) of the Accounting Act.
Storage period:
The data are stored for the period of limitation of contractual claims. If the Administrator is pursuing such claims in civil, criminal or tax proceedings, accounting evidence (which may contain personal data) must be kept ‘for 5 years from the beginning of the year following the financial year in which operations, transactions and proceedings have been finally completed, paid off, settled or barred’, as well as for the period in which the Administrator may suffer legal consequences, e.g. be subject to an administrative fine.
Data retention period
Data shall be stored:
for the period after which contractual claims become time-barred,
if the Administrator is pursuing such claims in civil, criminal or tax proceedings, the accounting evidence (which may include personal data) must be kept ‘for 5 years from the beginning of the year following the fiscal year in which operations, transactions and proceedings are finally completed, paid off, settled or barred.’
for the period during which the Controller may suffer the legal consequences of non-compliance, such as being subject to an administrative penalty.
(4) Recipients of data
In order to fulfil the contract and ensure the proper functioning of the website, the Administrator uses the services of third parties cooperating with him (e.g. postal services, courier services, payment service providers). Personal data are provided to third parties only if and to the extent necessary for the purpose of processing.
Personal data shared with third parties may only be used for the purpose of carrying out a task commissioned by the Administrator. Data may be shared with the following recipients who cooperate with the Administrator:
Subsidiaries of the getsix® Group – getsix Wrocław Sp. z o.o., getsix Poznań Sp. z o.o., getsix Szczecin Sp. z o.o., getsix Warsaw Sp. z o.o., getsix Katowice Sp. z o.o., getsix Services Sp. z o.o., getsix Polska Sp. z o.o. – to the extent necessary for the purposes of the legitimate interests pursued by the Administrator, including administrative purposes,
to postal, courier and similar businesses (e.g. courier brokers) to the extent necessary for the delivery and correspondence,
to selected entities acting on behalf of the Administrator with regard to the handling of accounting, tax, advisory, legal and debt recovery matters (including debt buyers) – to the extent necessary to carry out the specific purpose of processing,
to entities providing technical support services to the Administrator and to providers of IT solutions enabling the Administrator to function (e.g. software, e-mail and hosting providers) – the Administrator transfers personal data to a trusted provider acting on its behalf only to the extent and to the extent necessary to achieve the specific purpose of the processing,
providers of customer feedback/publication solutions – to the extent necessary for the expression of these opinions.
(5) Transfers of data outside the EEA
Personal data may be transferred outside the European Economic Area (including the European Union, Iceland, Liechtenstein and Norway) to Google LLC on the basis of appropriate legal safeguards, which are standard data protection clauses approved by the European Commission; see also section 9 Online analysis.
(6) Rights of the data subject
The processing of personal data does not require consent if, inter alia:
the processing is necessary for the performance of a contract or to take steps prior to entering into a contract,
arises from a legal obligation of the Controller,
is necessary for the Administrator’s legitimate interest.
If the processing of personal data requires consent, the Administrator asks for it. The consent granted may be withdrawn at any time.
If consent is withdrawn, the data will no longer be processed to the extent for which consent was granted, but the withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
In accordance with the principles set out in the Regulation, the data subject also has the right to:
request from the Controller access to, rectification, erasure (‘right to be forgotten’) or restriction of processing of personal data concerning him/her,
object to the processing,
transfer the data.
In the case of the processing of personal data for the purposes of direct marketing, you may object at any time to the processing of your data for these purposes, including profiling, insofar as it is related to direct marketing.
In order to exercise the above rights, a request must be made to the Controller by email, letter or in person at the Controller’s office; the contact details of the Controller are set out in section 2 above. In order to confirm the identity of the person making the request, the Administrator may ask for additional information confirming the identity of the applicant.
The provisions of the Regulation indicate the extent to which each of these rights may be exercised. This will depend in particular on the legal basis and purpose of the processing of personal data by the Controller. The above rights can be exercised free of charge no more than once every 6 months. Pursuant to Article 12 of the Regulation, if the data subject’s requests are manifestly unfounded or excessive, in particular because of their repetitive nature, the Controller may impose a fee.
The data subject has the right to lodge a complaint with the supervisory authority, i.e. the President of the Data Protection Authority.
(7) Obligation or lack of obligation to provide personal data
The use of the Administrator’s services and the provision of personal data is voluntary. However, the data subject is obliged to provide such data in connection with:
entering into a contract with the Administrator – in this case, the provision of personal data is a contractual condition and the data subject is obliged to provide such data if he/she wishes to enter into a contract with the Administrator. The extent of the data required to conclude a contract is communicated to the data subject in each case. Failure to provide such data shall result in the impossibility to conclude such a contract,
fulfilment of legal obligations imposed on the Administrator – in this case providing the personal data is a statutory condition resulting from the provisions which impose an obligation to process the personal data on the Administrator (e.g. in relation to issuing, collecting and storing invoices and accounting documents and keeping accounting records). Failure to provide such data will prevent the Administrator from fulfilling the indicated obligations, which will result in the impossibility to conclude a contract.
(8) Use of data for advertising purposes
8.1 Newsletter
Our newsletter is only sent to persons who have agreed to receive it by providing their e-mail address. You can withdraw your consent to receive the newsletter at any time by clicking on the unsubscribe link included in each message sent or by contacting the Administrator at the above address.
Necessary personal data may be transferred to countries outside the European Economic Area in connection with the provision of the newsletter service by the Administrator. The transfer of data is therefore necessary for the provision of services to you. In this case, the transfer of data is carried out on the basis of appropriate safeguards in accordance with data protection legislation.
The Administrator currently sends the newsletter via the MailChimp platform, therefore the recipient of your data is The Rocket Science Group LLC with registered office at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.
This entity guarantees the security of personal data transferred to the United States by protecting it in accordance with the EU-US agreement – see also Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate level of protection provided by the EU-US Privacy Shield (notified under document C(2016) 4176) (Text with EEA relevance).
For more information on security measures, how to obtain a copy and where to access them, please contact the Administrator at the above address.
8.2 Banner advertising
Banner advertising is a form of advertising that takes the User to another page when they click on it. Banner adverts may display the products you are viewing or similar products. We may also display advertisements from our partners.
Banner ads use cookies or pixels. Direct information about the User is not saved – only pseudonymised data is used. Additional information about cookies, pixels and retargeting/remarketing can be found below.
8.3 Cookies
The Administrator’s websites use cookies, i.e. text files stored on the User’s device. They make it possible to analyse the use of the website and identify the User’s browser. It is possible to block the installation of cookies through appropriate browser settings, which may however limit the website’s functionality.
The Administrator may process the data contained in the cookies in order to analyse anonymously the activity of the visitors, to study their behaviour (e.g. opening specific pages) in order to present advertisements tailored to the anticipated interests, also when visiting other websites of partners belonging to the advertising networks of Google Inc. and Facebook Ireland Ltd. as well as to improve the administration of the Administrator’s websites.
8.4 Website targeting
The Administrator uses cookie technology to analyse visitor activity (e.g. opening specific pages) and may present the User with advertisements and/or special offers. The purpose of these activities is to provide content that is best suited to the User’s area of interest.
8.5 Retargeting, third-party cookies and data collection by third parties for the purposes of banner advertising
The Administrator’s websites use retargeting (remarketing) technology.
The Administrator uses third parties that use cookies on the Administrator’s website:
Google Analytics, Universal Analytics and Google Remarketing provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Detailed information on the operation of the aforementioned services is available at: www.google.com/intl/pl/policies/privacy/partners and https://policies.google.com/privacy/update?hl=pl&gl=pl.
Facebook Pixel provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Detailed information is available at: https://www.facebook.com/about/privacy
The user can disable cookies by changing the settings of their web browser.
8.6 How do I block the storing of cookies?
In order to block the storage of cookies, the User should enable the settings in his/her browser to allow the storage of cookies only if he/she has given his/her consent.
In order to accept the Administrator’s cookies while blocking third party cookies, the User should select the ‘Block third party cookies’ option in the browser settings.
8.7 Competitions, market research and opinion polls
Each competition and promotional campaign has separate rules and regulations. In order to participate in them, the User is asked to provide the personal data specified in the regulations and to give his/her consent, including the use of telecommunication devices for market research or opinion surveys (telephone number, e-mail address) by the competition organiser for the purposes of direct marketing carried out by the Administrator.
The personal data provided will be processed for the purposes of the competition, notification of winning and for market research or opinion surveys.
Responses to market research or opinion surveys will not be shared with third parties or published.
9 Online analysis
The Administrator uses Google Analytics provided by Google to analyse website traffic. Google Analytics analyses User behaviour on the website by means of cookies. The information generated by the cookies about your use of the website (including your IP address) is transmitted to Google and stored on its servers in the USA.
Google uses this information to analyse your use of the website, to compile reports for website owners using Google Analytics and to provide other services. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the data on Google’s behalf.
By using the website, you consent to the processing of your data by Google in the manner and for the purposes set out above.
The website is analysed by Google Analytics with the extension ‘_anonymizeIp()’, so that IP addresses are only processed in an abbreviated form, making it impossible to directly link the address to the User concerned.
The user can opt out of cookies by changing the relevant browser settings. However, this may limit the functionality of the website and prevent you from using some of its functions.
Consent to the storage and collection of personal data may be withdrawn at any time with effect for the future.
To prevent the data generated by the cookies related to your use of the website (including your IP address) from being transmitted to Google and processed by Google, simply download and install the blocking plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=en
10 Server log file
The Internet browser provides data about the User’s activities on the Administrator’s websites, which are stored in server log files. The data stored in this way includes the following information: date and time of the download, name of the page opened, volume of data downloaded, as well as information about the version of the Internet browser product, IP address, URL of the referring page (address of the page from which the User was redirected).
The data stored in the server log files is analysed for the purposes of debugging, server performance management, protection against DDoS attacks and customisation of offers.
11 Automated decision-making and profiling
Personal data will not be used for automated decision-making which may produce legal effects for the data subject, including profiling.
12 Final provisions
The websites of the Controller may contain links to other websites. These websites operate independently of the Controller and are not supervised by the Controller in any way. The Administrator recommends familiarising oneself with the privacy policies after visiting other websites. The Administrator is not responsible for the data processing principles on these websites.
