The protection of Users’ privacy is of particular importance to us. Therefore, the Users of www.jurgal.com.pl website are guaranteed the highest standards of privacy protection. As the data controller, JURGAL Marek Uchman ensures the security of the personal data provided by Users.
Considering the above and in view of the requirements introduced by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016) (referred to as the GDPR), this Privacy Policy has been adopted so that the security of personal data is ensured by JURGAL Marek Uchman.
This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users in connection with their use of the website and other related webpages, communications and services.
A User is any data subject who uses the website and other related webpages, communications and services. (referred to as the User).
The Controller of personal data contained in the website is JURGAL Marek Uchman, address: Plebiscytowa 17, 43-190 Mikołów, NIP (tax ID): 6341465803, REGON: 276992507.
(referred to as the Controller).
To the extent necessary for the performance of a contract between the User and the Controller, to the extent necessary for the Controller to take actions at the User’s request and to the extent necessary to comply with a legal obligation to which the Controller is subject – the User’s personal data are processed in accordance with the law, i.e. Art. 6(1)(b) and (c) of the GDPR, without the need for the User to consent to the processing of their personal data. To the remaining extent, the provision of personal data by the User is voluntary. However, to the extent that the consent to the processing of the User’s personal data was expressed by them only for marketing purposes, the provision of personal data by the User is voluntary, but the refusal to consent or the withdrawal of consent will prevent the Controller from notifying the User about new offers.
The use of the website by the User means that the User accepts that the Controller collects, uses and shares non-personal and personal data in accordance with this Privacy Policy. However, the User has control over the way their data are used and shared, as described in detail in Chapter V of this Privacy Policy, “User Rights”.
If personal data are processed under the User’s consent, they have the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The Controller informs the User about the possibility of withdrawing consent before the User gives their consent.
If there are changes to this Privacy Policy and the User continues to use the website, it is considered as giving consent to the current terms of the Privacy Policy.
1. Obtaining personal data
a. Personal data obtained directly from the User
The Controller obtains personal data in two ways. The first is to obtain personal data directly from the User as follows:
- a message is sent by the User via the contact form available on the website,
- the User creates their own account on the website,
- the User uses services and products offered by the Controller,
- the User contacts the Controller to get technical support.
b. Personal data obtained from other sources
The Controller also obtains personal data from sources other than directly from the User, i.e.:
- by recording how the User uses the Controller’s products and services via cookies and other technologies, and by receiving error reports or usage data from software running on the User’s device,
- from data brokers, from which the Controller purchases demographic data to supplement the data collected independently,
- from service providers who give the Controller information on the location of Users based on their IP addresses,
- from partners with whom the Controller offers products and services or conducts joint marketing activities,
- from publicly available sources, such as publicly available registers or public domains in which the User’s data are shared.
2. Personal data processed by the Controller
The scope of personal data collected by the Controller and concerning Users may vary depending on the purpose of personal data processing.
The Controller collects the following personal and non-personal data:
- Login name,
- First name and surname/company name/first name and surname of the entrepreneur or first names and surnames of entrepreneurs operating as a civil partnership,
- Correspondence address,
- Website address,
- Telephone number,
- Email address,
- NIP,
- REGON,
- Computer IP,
- Payment data if the User makes a purchase on the website.
Furthermore, the Controller collects data on the content of the User’s files and messages when it is required for providing services and products, including: the subject and content of an e-mail message, text or other content of an instant message, audio and video messages, audio recording and transcription of a voice message received by the User or a text message dictated by the User.
The Controller also collects information transmitted by the User, including opinions and feedback on products and services as well as information provided to get technical support. In addition, in the event of contact, the Controller collects the message content.
The manner in which the Controller processes personal data relating to the User depends on the way the User uses the Controller’s products and services. Therefore, the individual purposes of processing of User’s data may differ depending on what product or service is chosen by the User and how they use it.
1. Services (contract performance)
The Controller uses the User’s personal data to authenticate and authorize their access to services, including for the provision of services offered by the Controller.
If the User decides to order the Controller’s products or services for a fee, the Controller will process the User’s personal data to the extent necessary to conclude the contract and ensure the proper performance of the contract concluded with the User for the provision of services.
2. Communication (contract performance, legitimate interest pursued by the Controller)
The Controller uses the User’s personal data to communicate with them in a personalised way. This communication involves sending e-mails, posting notifications on websites, and other means as part of the offered services, including text messages and push notifications. The content communicated to the User concerns the offered services, i.e. the availability of services and the manner of using them, personal data security, network updates, reminders, but also the Controller’s suggested offers.
Communication with the User also concerns the User service. Personal data are used to help the User, solve issues and respond to their complaints.
The Controller also uses the User’s personal data to allow them to comment on the Controller’s activities, services and products.
3. Advertising (consent, legitimate interest pursued by the Controller)
The Controller uses the User’s personal data to offer them advertisements tailored to their needs, if the User has consented to such activities or if an economic relationship is established between the Controller and the User. These advertisements concern the offers of the Controller and entities cooperating with it.
Advertisements presented to the User are adjusted individually to each User through:
- data made available directly by the User,
- data collected when the User uses the Controller’s services,
- information provided by third parties,
- data from advertising technologies, such as cookies,
- web beacons, pixels, ad tags, and mobile identifiers.
The Controller does not share the User’s personal data with third party advertisers or advertising networks without the User’s consent. However, if the User clicks on an advertisement displayed to them, the advertiser will be informed about it.
4. Service improvement (legitimate interest pursued by the Controller)
The Controller uses the User’s personal data for purposes of analytical and statistical activities in order to constantly improve the offered products and services, provide better solutions, add new features and options, gather more recipients and help in networking and finding business opportunities.
Users’ personal data are also used by the Controller for market research, public opinion research and economic analysis to constantly improve the website.
5. Security (legitimate interest pursued by the Controller)
The Controller uses the User’s personal data to monitor, prevent, detect and combat fraud and misuse, to protect other Users against such abuse and to ensure network and information security. If there is a justified suspicion that a crime has been committed, the User’s personal data will be used to investigate the possible crime or other violation of this Privacy Policy by undesirable persons.
6. Exercise of claims (legitimate interest pursued by the Controller)
If the User decides to use the Controller’s services, the Controller may process the User’s personal data to the extent necessary to exercise any claims arising from business activities, as well as to analyse potential violations of the terms of use regarding the Controller’s services.
7. Books of accounts (fulfilment of statutory obligation)
If the User decides to order the Controller’s services for a fee, the Controller will process the User’s personal data to the extent necessary to keep the books of accounts and make settlements for paid services.
The User’s personal data are or may be transferred to the following categories of recipients:
1. providers of advertising or marketing services, in the case of fulfilling the purpose of direct marketing of the Controller’s own services;
2. providers of legal and advisory services and supporting the Controller in exercising due claims (in particular law firms, debt collection companies);
3. entities processing personal data at the Controller’s request, e.g. subcontractors of the Controller’s services;
4. entities authorised to obtain data on the basis of applicable law, e.g. courts or law enforcement authorities, when they make a request based on relevant legal grounds.
The User has the right to decide about their personal data by making a choice regarding the disclosure of individual personal data, including the choice of privacy settings. However, in this situation, the User must be aware that they will not be able to fully use some of the products or services offered by the Controller.
If the User wishes to exercise their rights as a data subject, they may contact the Controller via e-mail sent to the address: biuro@jurgal.com.pl
1. Right of access
The User has the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, the right to access information on the details of data processing, in particular the information about the purpose of processing and categories of processed data.
The Controller also has the right to request a copy of the personal data undergoing processing.
2. Right to rectification
The User has the right to rectify inaccurate personal data. The User has the right to request the replacement, supplementation or removal of errors, faults and misleading information in the entire set of data concerning them.
The subject of supplementation may not be incorrect personal data, i.e. the User may not request the replacement or supplementation of the existing data with incorrect data.
When the processed personal data are incomplete, the User may submit an additional statement to complete it. It is allowed to present such a statement in any form, also by electronic means.
3. Right to erasure (the right to be forgotten)
The User has the right to request the erasure of their personal data where one of the following grounds applies:
1. the User’s personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. the User withdraws consent on which the processing and there is no other legal ground for the processing;
3. The User objects to the processing of personal data concerning them;
4. the personal data have been unlawfully processed;
5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
6. the personal data have been collected in relation to the offer of information society services.
The right to be forgotten is granted to the User only when they exercise the right to erase personal data and only where the personal data concerning them have been made public by the Controller.
4. Right to restriction of processing
The User has the right to restrict the processing of their personal data where one of the following applies:
1. The accuracy of the personal data is contested by the User, for a period enabling the Controller to verify the accuracy of the personal data;
2. the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
3. the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
4. the User has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the User.
Where processing has been restricted, the Controller may process personal data only as follows, with the exception of storage:
1. with the User’s consent or
2. for the establishment, exercise or defence of legal claims, or
3. for the protection of the rights of another natural or legal person or
4. for reasons of important public interest of the Union or of a Member State.
5. Right to data portability
The User has the right to receive the personal data concerning them, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
The User has the right to have the personal data transmitted directly from the Controller to another controller, where technically feasible.
6. Right to object
The User has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning them:
1. in the public interest or in the exercise of official authority vested in the Controller,
2. where personal data are processed for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing,
3. for the legitimate interest of the Controller.
The procedures for examining the objection and all communication are free of charge, and it is also possible to file an objection using electronic means.
7. Right to lodge a complaint
The user has the right to lodge a complaint with the Office for Personal Data Protection, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement.
8. Right not to be subject to a decision based solely on automated processing (including profiling)
The right not to be subject to a decision based solely on automated processing (including profiling) is granted to the User due to the development of technology and marketing techniques based on data collected while using online services.
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to the User, in particular to analyse or predict aspects concerning that User’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
The User may exercise such right in a situation where two conditions are met:
1. firstly, the User is subject to a decision based solely on automated processing of personal data, including profiling,
2. secondly, this decision produces legal effects concerning the User or similarly significantly affects them.
Automated decision-making in individual cases, including profiling, cannot be prohibited if the decision:
1. is necessary for entering into, or performance of, a contract between the User and the Controller;
2. is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the User’s rights and freedoms and legitimate interests; or
3. is based on the User’s explicit consent.
The Controller uses cookies and other similar technologies to improve efficiency and offer Users better website features and more tailored advertisements. Cookie files (“cookies”) are code fragments, which are text files corresponding to HTTP requests sent to the Controller’s server. They ensure optimal service during the User’s visit to the website and enable faster and easier access to information. Stored information or accessing such information does not change the configuration of the User’s device and the software installed in it. Information contained in cookies and similar technologies is considered personal data only in connection with other personal data available about a given User. If the User does not consent to saving and receiving information in cookies, they may change the rules for cookies through the settings of their web browser or the so-called opt-out option on the website of the provider of a given technological solution. Detailed information on the technologies utilised by the Controller is available in the Cookies Policy
1. Personal data security
The Controller introduces various measures to ensure the security of the User’s personal data. Safe use of the offered services is ensured by the systems and procedures protecting against access and disclosure of data to unauthorised persons. The systems and procedures used by the Controller are also regularly monitored to detect possible threats. Personal data obtained by the Controller are stored in computer systems with strictly limited access.
2. Personal data storage
The storage period for the Users’ personal data may differ since different purpose of data processing may be set for personal data of different Users.
The Controller stores personal data for a period necessary to achieve specific goals, i.e.:
1. for analytical and statistical purposes – for the period necessary to achieve the goals related to the effective implementation and development of the website;
2. for services provided to the User – for the duration of the contract and the period of limitation of claims;
3. for the period required by law regarding the purpose of keeping books of accounts and making settlements for the services provided;
4. for processing personal data for marketing purposes – for the duration of the economic relationship with the User, unless the User has objected to the processing for such purposes;
In each of the above cases, after the end of the required processing period, the data may be processed only to secure the exercise of claims.
Users’ personal data are stored in the Controller’s database, in which technical and organisational measures are applied to ensure the security of the processed data in accordance with the requirements set out in applicable law. Only the Controller has access to the database.
3. Changes to the Privacy Policy
In order to update the information contained in this Privacy Policy and ensure its compliance with applicable law, this Privacy Policy may be changed. A change to the document content means that the date of its update is changed, which can be found at the beginning of this Privacy Policy. The User will be notified of any important change via information posted on the website or directly. To obtain information on the personal data protection method, the Controller recommends that Users regularly read these terms of the Privacy Policy.
4. Contact information
If there are any doubts related to personal data protection or in order to obtain information on this Privacy Policy, the User may contact the Controller via e-mail at biuro@jurgal.com.pl and by post to the Controller’s address.