EPP
EN PL
Privacy policy

Privacy policy

 

  1. PRIVACY POLICY

  1.  DEFINITIONS

    1. Controller – EPP spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, address: Al. Jana Pawła II 22, 00-133 Warsaw (hereinafter: the “Company” or the “Controller”).

    2. Personal Data – information on an individual identified or identifiable by one or several specific features determining his/her physical, physiological, genetic, psychic, economic, cultural or social identity, including the equipment IP, location data, an online ID, and information collected via cookies and other similar technology.

    3. Policy – this Privacy Policy.

    4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

    5. Service – the Internet service operated by the Controller at the following address: https://pl.epp-poland.com/.

    6. User – any individual visiting the Service or using one or more services or functionalities described herein.

  1.  DATA PROCESSING IN CONNECTION WITH USING THE SERVICE

    1.  In connection with the User’s making use of the Service, the Controller collects data to the extent necessary to provide individual offered services as well as information on the User’s activity in the Service. The detailed terms and conditions and the purposes of processing the Personal Data collected during the User’s use of the Service are described below.

  2.  PURPOSES AND LEGAL BASIS FOR DATA PROCESSING IN THE SERVICE

  1. USING THE SERVICE

    1. The Personal Data of all individuals using the Service (including IP address or other identification details and information collected via cookies or other similar technologies) are processed by the Controller:

      1. for purposes of providing electronically supplied services to the extent of making available to the Users the contents collected in the Service – in this case, the legal basis for processing is that the processing is necessary for the performance of a contract (Article 6(1)(b) GDPR);

      2. for analytical and statistical purposes – in this case, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in conducting the analyses of the Users’ activity and their preferences in order to improve the functionalities applied and the services provided;

      3. for purposes of determining and seeking or defending against claims, if any – in this case, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in the protection of its rights.

    2. The User’s activity in the Service, including his/her Personal Data, is recorded in system logs (a special computer programme used for storing chronological records with information on events and actions relating to the IT system used for providing the services by the Controller). The information collected in logs are processed predominantly for purposes connected with the provision of services. They are also processed by the Controller for technical and administrative purposes, for the purpose of ensuring IT system security and managing such IT system, as well as for analytical and statistical purposes – in this case, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).

  1. NEWSLETTER

    1. The Controller provides the newsletter service on terms and conditions set out in the Regulations to those individuals who provided their e-mail address for this purpose. The provision of data is required for the purposes providing the newsletter sending service and the failure to provide the same results in the inability to send it.

    2. The Personal Data are processed:

      1. for the purposes of providing the newsletter sending service – in this case, the legal basis for processing is that the processing is necessary for the performance of a contract (Article 6(1)(b) GDPR);

      2. in the case of sending to the User marketing contents in a newsletter – in this case, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in connection with the User’s consent to receive a newsletter;

      3. for analytical and statistical purposes – in this case, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in conducting the analyses of the Users’ activity in the Service in order to improve the functionalities applied;

      4. for purposes of determining and seeking or defending against claims, if any – in this case, the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in the protection of its rights.

  1.  SOCIAL NETWORKING SERVICES

    1. The Controller processes the Personal Data of the Users visiting the Controller’s profiles in the social media (Facebook, YouTube, Instagram, Twitter). These data are processed exclusively in connection with operating the profile, including for the purpose of informing the Users on the Controller’s activity and promoting various types of events, services, and products. The legal basis for the Personal Data processing by the Controller for this purpose is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in the promotion of its own brand.

  2.  COOKIES AND SIMILAR TECHNOLOGY

    1. Cookies are small text files installed in the device of the User viewing the Service. Cookies collect information facilitating the website operation, e.g., through remembering the User’s visits to the Service and the actions performed by him/her.

  1. SERVICE” COOKIES

    1. The Controller uses the so-called service cookies predominantly for the purpose of providing electronically supplied services to the User and improving the quality of such services. Accordingly, the Controller and other entities providing analytical and statistical services for the Controller use cookies by storing information or obtaining access to the information already stored in the User’s telecommunications end device (computer, telephone, tablet, etc.). The cookies used for this purpose include:

      1. cookies with data input by the User (session ID), for the duration of the session (user input cookies);

      2.  authentication cookies used for services which require authentication, for the duration of the session;

      3. user centric security cookies, e.g., cookies used for identifying any abuse in the field of authentication;

      4. multimedia player session cookies (e.g., flash player cookies), for the duration of the session;

      5. the User’s interface customisation persistent cookies, for the duration of the session or a bit longer.

  1.  ANALYTICAL AND MARKETING TOOLS USED BY THE CONTROLLER’S PARTNERS

    1. The Controller and its Partners apply various solutions and tools used for analytical and marketing purposes. Essential information on such tools is given below. For detailed information, see relevant partner’s privacy policy.

  1. GOOGLE ANALYTICS

    1. Google Analytics cookies are the files used by Google for the purpose of analysing how the Service is used by the User and for generating statistics and reports on the Service operation. Google does not use the collected data to identify the User nor combines such information for the purpose of enabling such identification. For detailed information on the scope and the terms and conditions of collecting data in connection with these services, see: https://www.google.com/intl/pl/policies/privacy/partners.

  1. SOCIAL MEDIA PLUGINS

    1. The Service uses social media plugins (Facebook, Google+, LinkedIn, Twitter). These plugins enable the User to share the contents published in the Service in a selected social networking service. Due to the use of such plugins in the Service, a given social networking service receives information on the User’s making use of the Service and may assign such information to the User’s profiles created in such social networking service. The Controller does not have knowledge on the purpose or scope of data collection by social networking services. For detailed information, see:

      1. Facebook: https://www.facebook.com/policy.php

      2. Google: https://privacy.google.com/take-control.html?categories_activeEl=sign-in

      3. LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL

      4. Twitter: https://twitter.com/en/privacy

  1.  MANAGING COOKIES SETTINGS

    1. Any use of cookies for the purpose of collecting data via such cookies, including obtaining access to data stored on the User’s device, requires the User’s prior consent. Such consent can be withdrawn at any time.

    2. Such consent is not required only in the case of cookies whose application is necessary to provide the telecommunications services (data transmission for the purpose of displaying contents).

    3. You can withdraw your consent for using cookies in your Internet browser settings. For detailed information, see:

      1. Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies

      2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka

      3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647

      4. Opera: http://help.opera.com/Windows/12.10/pl/cookies.html

      5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB

  2.  PERSONAL DATA PROCESSING PERIOD

    1. The period of data processing by the Controller depends on the type of the service provided and the processing purpose. As a rule, data are processed for the duration of the service provision, until the withdrawal of the consent granted or until making an effective objection against data processing in cases where the legal basis for data processing is the Controller’s legitimate interest.

    2. The data processing period may be extended in the case where the processing is necessary to determine and seek or defend against claims, if any, and after the expiry of this period only in the case and to the extent required by legal regulations. Following the processing period expiry, the data become irreversibly deleted or anonymised.

  3.  USER’S RIGHTS

    1. The User shall have the right to have access to the data and to request from the Controller their rectification or erasure or restriction of processing, the right to data portability, the right to object against data processing, and the right to lodge a complaint with a supervisory authority dealing with the Personal Data protection.

    2. To the extent the User’s data are processed, such consent can be withdrawn at any time by contacting the Controller or using the functionalities available via the Service.

    3. The User has the right to object against data processing for marketing purposes, if such processing takes place in connection with the Controller’s legitimate interest as well as, for reasons related to the User’s special situation, in other cases where the legal basis for data processing is the Controller’s legitimate interest (e.g., in connection with pursuing analytical and statistical purposes).

    4. For more information on rights under GDPR, click here [link to Transparency Policy].

  4.  DATA RECIPIENTS

    1. In connection with the provision of services, the Personal Data will be disclosed to third party entities, including, without limitation, providers of IT services, in particular hosting services, providers responsible for IT system operation, providers of analytical services, marketing agencies (to the extent of marketing services) and the Controller’s affiliates, including member entities of the Controller’s group of companies.

    2. If the User’s consent is obtained, his/her data can also be made available to other entities for their own purposes, including marketing ones.

    3. The Controller reserves the right to disclose selected information on the User to competent authorities or third parties who require the provision of such information, relying on relevant legal basis and in compliance with applicable legal regulations.

  5.  DATA TRANSFER OUTSIDE EEA

    1. The Personal Data protection level outside the European Economic Area (EEA) differs from the one which the European law ensures. For this reason, the Controller transfers the Personal Data outside the EEA only in the case where it is necessary and subject to ensuring appropriate protection level, mainly through:

      1. the cooperation with the Personal Data processors in the countries for which the European Commission issued a decision declaring that an appropriate level of the Personal Data protection is ensured therein (adequacy decision);

      2. the application of standard contractual clauses issued by the European Commission;

      3. the application of binding corporate rules approved by the competent supervisory authority;

      4. in the case of data transfer to the USA – the cooperation with the entities participating in the Privacy Shield approved by the European Commission decision.

  6.  PERSONAL DATA SAFETY

    1. The Controller conducts the risk analysis on an ongoing basis for the purpose of ensuring that the Personal Data are processed by the Controller safely, in a manner that warrants first of all that data access is granted only to authorised persons and only to such extent as may be necessary in the light of the duties they perform. The Controller shall also see to it that any and all operations on the Personal Data are registered and performed by authorised employees and associates only.

    2. The Controller shall take any such measures as may be necessary to ensure that its subcontractors and other associates equally warrant the application of appropriate security measures each time they process the Personal Data on the Controller’s instruction.

  7.  CONTACT DETAILS

    1. The Controller can be contacted by writing at rodo@epp-poland.com or at its mailing address: Al. Jana Pawła II 22, 00-133 Warsaw.

    2. The Controller has appointed the Personal Data Protection Coordinator who can be contacted by writing at rodo@epp-poland.com in any issues related to Personal Data processing.

  8.  AMENDMENTS TO PRIVACY POLICY

    1.  This Policy is subject to ongoing verification and is updated whenever necessary.