Privacy Policy
Privacy Policy
TABLE OF CONTENTS:
3. DATA RECIPIENTS ON THE WEBSITE
5. COOKIES IN THE WEBSITE, OPERATIONAL DATA AND ANALYTICS
The data controller of the website sonel.pl is SONEL S.A. located in Świdnica 58-100, at Wokulskiego 11, registered in the Register of Entrepreneurs by the District Court for Wrocław-Fabryczna, IX Commercial Division of the National Court Register, under KRS number 0000090121, VAT ID 884-00-33-448, share capital 1,400,000 PLN, fully paid.
1.2
The privacy policy presents the rules of personal data processing by the Administrator on the website sonel.pl, in particular it defines the purposes and scope of personal data processing and the rights of persons to whom the data relate. The privacy policy also informs about the use of cookies and analytical tools on the website.
1.3
Personal data on the website are processed by the Administrator in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR".
1.4
Making a purchase through the website sonel.pl, i.e., entering into and executing a contract for the provision of Electronic Service with the Administrator requires providing personal data. Providing personal data is a statutory requirement resulting from generally applicable legal provisions imposing the obligation on the Administrator to process personal data (e.g., processing data for the purposes of keeping tax books or accounting records) and the failure to provide such data will prevent the Administrator from fulfilling these obligations. The range of data required to conclude a contract is indicated in the forms on the website.
1.5
The Administrator takes special care to protect the interests of the persons whose personal data he processes, and in particular is responsible and ensures that the collected data are:
a) processed lawfully;
b) collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes;
c) factually correct and adequate in relation to the purposes for which they are processed;
d) stored in a form that allows the identification of persons they relate to, no longer than is necessary to achieve the purpose of processing;
e) processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures
1.6
Considering the nature, scope, context, and purposes of processing as well as the risk of infringement of rights or freedoms of natural persons with varying likelihood and severity, the Administrator implements appropriate technical and organizational measures to ensure processing is in accordance with the GDPR and to demonstrate this compliance. These measures are reviewed and updated as necessary. The Administrator applies technical measures to prevent unauthorized access and modification of personal data transmitted electronically.
The Administrator is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met:
a) the person to whom the data relates has consented to the processing of their personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the person to whom the data relates is party, or to take steps at the request of the person before entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the Administrator is subject;
d) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the person to whom the data relates, which require protection of personal data, especially where the data subject is a child.
2.2
The processing of personal data by the Administrator requires the presence of at least one of the bases indicated in point 2.1 of the privacy policy. Specific bases for processing personal data of users of the website by the Administrator are indicated in the next point of the privacy policy – relating to a given purpose of processing personal data by the Administrator.
2.3
Each time, the purpose, basis, period, and scope, as well as recipients of personal data processed by the Administrator, result from actions taken by a given user on the website.
2.4
The Administrator may process personal data on the website for the following purposes, on the following bases, during the periods, and in the following scope:
a) execution of a sales contract or a contract for the provision of Electronic Service - Article 6(1)(b) of the GDPR (execution of a contract). Data (name and surname, email address) are stored for the period necessary to perform, dissolve, or otherwise terminate the concluded contract. Maximum scope: name and surname; email address; contact phone number; delivery address (street, house number, apartment number, postal code, city, country), residence/business address/headquarters (if different from delivery address). For Service Recipients or Clients who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service Recipient or Client.
b) marketing - Article 6(1)(a) of the GDPR (consent). Data (name, email address) are stored until the consent for further processing of this data for this purpose is withdrawn by the person to whom the data relates.
c) conducting accounting records - Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act of January 30, 2018 (Journal of Laws of 2018, item 395). Data (name and surname; residence/business address/headquarters - if different from delivery address, company name, and tax identification number NIP of the Service Recipient or Client) are stored for the period required by legal provisions obligating the Administrator to keep accounting records (5 years, starting from the beginning of the year following the fiscal year to which the data relate).
d) establishing, investigating, or defending claims - Article 6(1)(f) of the GDPR. Data (name and surname; contact phone number; email address; delivery address (street, house number, apartment number, postal code, city, country), residence/business address/headquarters (if different from delivery address). For Service Recipients or Clients who are not consumers, the Administrator may additionally process the company name and tax identification number NIP of the Service Recipient or Client) are stored for the period of existence of a legally justified interest pursued by the Administrator, but no longer than the period of limitation of claims against the person to whom the data relates, resulting from the Administrator's business activity. The period of limitation is determined by legal provisions, in particular the Civil Code (the basic limitation period for claims related to business activity is three years, and for a sales contract, two years).
For the proper functioning of the Website, including the execution of Sales Agreements or contracts for the provision of Electronic Services, it is necessary for the Administrator to use services provided by external entities (such as software providers, couriers, or payment processing companies). The Administrator uses only those processing entities which provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.
3.2
Data transfer by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator transfers data only when it is necessary for achieving a specific purpose of personal data processing and only to the extent necessary for its realization.
3.3
Personal data of users of the website can be transferred to the following recipients or categories of recipients:
a) carriers / forwarders / courier brokers - in the case of a Client who uses in the website the method of delivery by post or courier, the Administrator provides the collected personal data of the Client to the selected carrier, forwarder or intermediary performing shipments on behalf of the Administrator to the extent necessary to deliver the device to the Client (e.g., sending a meter back after service calibration);
b) entities processing electronic payments or card payments - in the case of a Client who uses electronic or card payments in the website, the Administrator provides the collected personal data of the Client to the selected entity processing the above payments on the website on behalf of the Administrator to the extent necessary to handle the payment made by the Client (e.g., payment for training);
c) service providers supplying the Administrator with technical, IT and organizational solutions enabling the Administrator to conduct business activities, including the website and the services provided through it (in particular, computer software providers to manage the website, email service providers, email marketing service providers and hosting providers, and software providers to manage the company and provide technical support to the Administrator) - the Administrator provides the collected personal data of the user to the selected provider acting on his order only in the case and to the extent necessary to achieve the specific purpose of processing data in accordance with this privacy policy;
d) legal service providers providing the Administrator with legal support (in particular, law firms or debt collection companies) - the Administrator provides the collected personal data of the user to the selected provider acting on his order only in the case and to the extent necessary to achieve the specific purpose of processing data in accordance with this privacy policy.
§ 4. Rights of the Data Subject
4.1
The right to access, rectify, restrict, delete or transfer - the person to whom the data relates has the right to request from the Administrator access to their personal data, their rectification, deletion ("the right to be forgotten") or restriction of processing, and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the aforementioned rights are specified in Articles 15-21 of the GDPR.
4.2
The right to withdraw consent at any time – the person whose data is processed by the Administrator on the basis of expressed consent (based on Article 6(1)(a) or Article 9(2)(a) of the GDPR), has the right to withdraw consent at any time without affecting the legality of the processing carried out on the basis of consent before its withdrawal.
4.3
The right to lodge a complaint with a supervisory authority – the person whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure set out in the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
4.4
The right to object - the person to whom the data relates has the right to object at any time – for reasons related to their particular situation – against processing of their personal data based on Article 6(1)(e) (public interest or exercise of official authority) or (f) (legitimate interests pursued by the administrator), including profiling based on these provisions. The Administrator is no longer allowed to process these personal data unless he demonstrates compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or grounds for the establishment, exercise, or defense of legal claims.
4.5
To exercise the rights mentioned in this point of the privacy policy, you can contact the Administrator by sending an appropriate message by e-mail to [email protected] or in writing to the Administrator's address indicated at the beginning of the privacy policy.
§ 5. Cookies in the Website, Operational Data and Analytics
5.1
Cookies are small text information in the form of text files, sent by a server and saved on the side of the person visiting the website (e.g., on the hard drive of a computer, laptop, or on the memory card of a smartphone – depending on the device used by the visitor of our website). Detailed information about Cookies, as well as the history of their creation, can be found, among others, here: http://pl.wikipedia.org/wiki/Ciasteczko.
5.2
The Administrator may process data contained in Cookies when visitors use the website for the following purposes:
a) remembering data from Order Forms, surveys, or login data to the website;
b) conducting anonymous statistics showing the way of using the website;
c) remarketing, i.e., research into the behavior features of visitors to the website by anonymous analysis of their activities (e.g., repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, also when they visit other websites in the advertising network of Google Inc. and Facebook Ireland Ltd.;
5.3
By default, most web browsers available on the market accept saving Cookies. Everyone has the ability to determine the conditions of using Cookies using the settings of their own web browser. This means that you can, for example, partially restrict (temporarily) or completely disable the possibility of saving Cookies – in the latter case, however, it may affect some of the functionalities of the website.
5.4
Web browser settings in terms of Cookies are important from the point of view of consent to the use of Cookies by our website – according to regulations, such consent may also be expressed through the settings of the web browser. In the absence of such consent, it is necessary to change the settings of the web browser in terms of Cookies accordingly.
5.5
Detailed information on changing the settings for Cookies and their self-removal in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the link):
- in Chrome browser
- in Firefox browser
- in Internet Explorer browser
- in Opera browser
- in Safari browser
- in Microsoft Edge browser
5.6
The Administrator may use in the Website services like Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Administrator analyze traffic on the website. The data collected is processed within the above services in an anonymized manner (these are so-called operational data, which prevents the identification of a person) to generate statistics helpful in managing the website. These data are aggregate and anonymous, i.e., they do not contain identifying characteristics (personal data) of the person visiting the website. The Administrator, using the above services on the website, collects such data as the sources and medium of obtaining visitors to the website and the way they behave on the website, information about the devices and browsers from which they visit the page, geographical data, demographic data (age, gender), and interests.
5.7
It is possible for a person to easily block sharing information about their activity on the website with Google Analytics - for this purpose, one can install a browser add-on provided by Google Inc., available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
§ 6. Final Provisions
The website sonel.pl may contain links to other websites. The Administrator encourages to familiarize oneself with the privacy policy established there after transitioning to other websites. This privacy policy applies only to the Website sonel.pl.
