1. GENERAL PROVISIONS
- The Controller of personal data collected via this website is LeanTrixsp.zo.o.[Ltd.], with its registered office in: ul. Jesionowa 49/81, 50-504 WROCLAW, POLAND, correspondence address: ul. Jesionowa 49/81, 50-504 WROCLAW, POLAND, entered into the Register of Entrepreneurs under the number KRS [National Court Register Number]: 0000547982, NIP[Tax Identification Number]: 8992764040, REGON[Statistical Identification Number, Register of National Economy Entities]: 361010125, with the share capital of: PLN 5,000, electronic mail address: firstname.lastname@example.org hereinafter referred to as “Controller,” which is also the Service Provider; place of business activity: ul. Jesionowa 49/81 50-504 WROCLAW WROCLAW, POLAND, correspondence address: ul. Jesionowa 49/81 50-504 WROCLAW, POLAND, NIP: 8992764040, REGON: 361010125, e-mail address: email@example.com, hereinafter referred to as “Controller”.
- Personal data collected by the Controller via the website is processed in accordance with (i) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and (ii) the Polish Act of 10 May 2018 on the Protection of Personal Data.
2. THE TYPE OF THE PROCESSED PERSONAL DATA, PURPOSE AND SCOPE OF DATA COLLECTION
- THE PROCESSING PURPOSE AND LEGAL BASIS. The Controller processes personal data via the website in the case of:
- the use of the contact form by the User.Personal data is processed pursuant to Article 6(1)(f) of the GDPR for the purposes of the legitimate interests pursued by the Controller.
- subscribing to the Newsletter by the User in order to electronically send commercial information.Personal data is processed upon the data subject’s consent pursuant to Article 6(1)(a) of the GDPR.
- in order to correctly implement the contract – training,
- in order to enable contact via email and telephone,
- in order to issue a certificate of participation in the training,
- in order to send advertising mail,
- in order to statistically analyse the behaviour of visitors to our website (cookies),
- in order to answer any sent queries,
- in order to issue invoices for our services and products,
- TYPE OF PROCESSED PERSONAL DATA. The Controller processes the following categories of the user’s personal data:
- For all: Name, Surname, Telephone number, Email address, Function and job post, Company name, Company address
- PESEL, Seria/nr dowodu, Dane antropometryczne,For open training participants, additionally: PESEL [Personal Identification Number], Series/number of ID card, Anthropometric data,
- For participants of training sessions or conferences: Image,
- Other data that are needed to enable us to provide our services.
- PERIOD OF ARCHIVING PERSONAL DATA. Users’ personal data is stored by the Controller:
- if the data is processed for the performance of a contract – for as long as it is necessary for the performance of the contract, and afterwards for a period corresponding to the limitations period; unless provided otherwise, the limitation period shall be six years for claims concerning periodical performance or three years for claims connected with conducting business activity.
- if the data is processed upon the data subject’s consent – until the consent is revoked, and afterwards [after the revocation of consent] for a period of time corresponding to the limitations period for claims that may be raised by the Controller or claims that may be raised against the Controller; unless provided otherwise, the limitation period shall be six years for claims concerning periodical performance or three years for claims connected with conducting business activity.
- Additional information may be collected when using the website, in particular: the IP address assigned to the user’s computer, or the external IP address of the Internet provider, domain name, type of browser, access time, type of operating system.
- Navigational data may also be collected from users, including information about links and references in which they decide to click, or other activities undertaken on the website. The legal basis for this type of activity is the Collector’s legitimate interest (Article 6(1)(f )of the GDPR), which involves the facilitation of the use of electronic services and the improvement of the functionality of these services.
- Providing personal data by the user is voluntary.
- Personal data will also be processed in an automated way in the form of profiling upon the user’s agreement pursuant to Article 6(1)(a) of the GDPR. The consequence of profiling will be the assignment of a given profile to a person in order to make decisions about them, or to analyse or predict their preferences, behaviours and attitudes.
- The Collector uses special diligence to protect the interests of people that data refers to, and in particular ensures that the collected data is:
- processed in accordance with the law,
- collected for specified, lawful purposes and not subjected to further processing that is incompatible with those purposes,
- factually correct and adequate in relation to the purposes for which they are processed, and stored in a form that enables the identification of persons to whom they relate for no longer than it is necessary to achieve the purpose of processing.
3. SHARING OF PERSONAL DATA
- Personal data of the users are transferred to the service providers that run/maintain the Controller’s website. The service providers to which the personal data are transferred, depending on the contractual arrangements and circumstances, either follow the Controller’s instructions concerning the purposes and methods of data processing (then they become/are considered the processing entities) or determine the purposes and methods of data processing independently/on their own (then they become/are considered the controllers).
- The users’ personal data is stored only within the European Economic Area (EEA).
4. RIGHT OF CONTROL, ACCESS TO OWN CONTENT AND ITS CORRECTION
- The person that the data refers to has the right to access their personal data and the right to rectify, delete, limit the processing, transfer data, object, or withdraw consent at any time without affecting the lawfulness of the processing that has been carried out based on consent placed before its withdrawal.
- Legal grounds of the user’s request:
- Access to data – Article 15 of the GDPR
- Rectifying data – Article 16 of the GDPR.
- Deleting data (the so-called right to be forgotten) – Article 17 of the GDPR.
- Restriction of processing – Article 18 of the GDPR.
- Data transfer – Article 20 of the GDPR.
- Opposition – Article 21 of the GDPR
- Withdrawal of consent – Article 7, item 3 of the GDPR.
- In order to exercise the rights referred to in point 2, an appropriate e-mail to the address: firstname.lastname@example.org can be sent.
- In the event a user wants to exercise the above rights, the Controller shall immediately fulfil the request or explicitly refuse to fulfil it, but no later than within one month after receiving the request. However, if – due to the complicated nature of the request or the number of requests – the Controller is not able to fulfil the request within one month, the Controller shall fulfil it within another two months, informing the user in advance within one month of receiving the request about the planned extension of the deadline and the reasons behind the extension.
- If the personal data processing is found to violate the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Office for Personal Data Protection.
5. “COOKIES” FILES
- The Collector’s website uses “cookies”.
- The installation of “cookies” is necessary for the proper provision of services on the website. The “cookies” files contain information that are necessary for the proper functioning of the website, and also provide the opportunity to develop general statistics of website visits.
- The website uses “cookies” of a permanent type.
- “Permanent cookies” are stored on the user’s end device for the time specified in the parameters of the “cookies” or until they are deleted by the user.
- The Controller uses his own cookies to better understand how the user interacts in the area of the website content. The files collect information on how the user uses the website, the type of page from which the user was redirected, and the number of visits and the time of the user’s visit to the website. This information does not record specific personal data of the user, but is used to compile statistics on the use of the website.
- The user has the right to decide on the access of “cookies” to his computer by selecting them first in his browser window. Detailed information about the possibilities and ways of handling “cookies” is available in the software (web browser) settings.
6. FINAL PROVISIONS
- The Controller uses technical and organizational measures in order to ensure the protection of processed personal data that is appropriate to the threats and categories of protected data, and in particular protects the data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable laws, and change, loss, damage or destruction.
- The Controller provides appropriate technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.