Datenschutzerklärung

The trust of people whose personal data we process and compliance with legal provisions regarding the protection of personal data are very important to us. We would like to notify you of our principles for collecting, processing, securing, transferring and using personal data and inform you who you can turn to in matters related to personal data.

In accordance with the requirements of the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “Regulation”, we inform as follows:

(1) Personal Data Administrator

The Personal Data Administrator, hereinafter referred to as the “Administrator”, is:

amavat Sp. z o.o. with its registered seat in Szwedzka 5, 55-040 Bielany Wrocławskie
NIP: 0000374411
KRS: 8961511786

The Administrator is responsible for the use of personal data in a safe manner, consistent with the purposes for which it was collected and in accordance with the applicable law.

(2) Contact with the Administrator

Administrator’s contact details:
– phone: +48 71 388 13 00
– e-mail: gdpr@getsix.pl
– correspondence address: Szwedzka 5, 55-040 Bielany Wrocławskie

Contact with the Data Protection Supervisor
– phone: +48 71 388 13 00
– e-mail: gdpr@getsix.pl
– correspondence address: Szwedzka 5, 55-040 Bielany Wrocławskie

General Provisions

We use the personal data collected only for specific, legitimate purposes for which this data was collected. The scope of personal data, the purpose of its processing, the legal basis for such processing, the processing period and the categories of recipients of data result from the legal requirements of the Administrator and the nature and scope of actions taken by the data subject.

(3) The purpose of data processing by the Administrator, the legal basis for processing and the storage period:

(a) The purpose for data processing: Take action at the request of the data subject before concluding a contract (e.g. preparing an offer).

legal basis for processing: Article 6(1)(b) of the Regulation (“the performance of a contract”)
Storage period: The data is stored for the period necessary to complete, terminate or expire a contract and for the period after which any legal claims may expire.

(b) The purpose for data processing: The conclusion and performance of a contract (including providing appropriate quality of services)

legal basis for processing: Article 6(1)(b) of the Regulation (“the performance of a contract”)
Storage period: The data is stored for the period necessary to complete, terminate or expire a contract and any settlements and for the period after which any legal claims may expire.

(c) The purpose for data processing: Conducting direct marketing (directing messages to carefully selected individual clients, in individual contact in order to obtain a direct response (reply))

legal basis for processing: Article 6 (1)(f) of the Regulation (“legitimate interests pursued by the Administrator”)
Storage period: The data is stored for the duration of the legitimate interest pursued by the Administrator and for the period after which any legal claims may expire. In the event of an effective opposition to the use of the data subject’s personal data, the Administrator will no longer process this data for direct marketing purposes.

(d) The purpose for data processing: Conducting marketing

legal basis for processing: Article 6 (1)(a) of the Regulation (“the data subject’s consent”)
Storage period: The data is stored until the data subject withdraws the consent for further processing of their data for marketing purposes.

(e) The purpose for data processing: Issuing, collecting and storing invoices and accounting documents as well as keeping accounting books

legal basis for processing: Article 6 (1)(c) of the Regulation (“compliance with a legal obligation”) in relation to Article 74 (2) of the Accounting Act and Article 86 (1) of the Tax Ordinance Act.
Storage period: The data is stored for the period in which the provisions order the keeping of accounting books and accounting documents (i.e. for 5 years, counting from the beginning of the year following the fiscal year to which the data pertains) and for the period after which any tax liabilities may expire.

(f) The purpose for data processing: Responding to complaints within the period of time and in the form provided for by law

legal basis for processing: Article 6(1)(c) of the Regulation (“compliance with a legal obligation”)
Storage period: The data is stored for the duration of 1 year after the end of the warranty period or settlement of the complaint, and then for the period after which any legal claims may expire.

(g) The purpose for data processing: Expression of the opinion by the Client

legal basis for processing: Article 6 (1)(a) of the Regulation (“the data subject’s consent”)
Storage period: The data is stored until the data subject withdraws the consent for further processing of their data for this purpose.

(h) The purpose for data processing: Detection and prevention of misuse

legal basis for processing: Article 6(1)(c) of the Regulation (“compliance with a legal obligation”)
Storage period: The data is stored for the duration of a contract, and then for the period after which the claims resulting from the contract expire. If the Administrator pursues claims or notifies competent authorities – for the duration of such proceedings and “for 5 years from the beginning of the year following the fiscal year in which operations, transactions and proceedings were finally finished, paid off, settled or expired”.

(i) The purpose for data processing: Specifying, defending and pursuing claims raised by or against the Administrator (including the sale of debt to another entity)

legal basis for processing: Article 6 (1)(f) of the Regulation (“legitimate interests pursued by the Administrator”) in relation to Article 74 (2) of the Accounting Act.

Storage period: The data is stored:

  • for the period after which the claims resulting from a contract expire,
  • if the Administrator pursues such claims in civil proceedings or in criminal or tax proceedings, the accounting proofs (which may contain personal data) must be kept “for 5 years from the beginning of the year following the fiscal year in which operations, transactions and proceedings were finally finished, paid off, settled or expired”,
  • for the period in which the Administrator may incur legal consequences of non-compliance, e.g. be fined with an administrative penalty.

(4) Data recipients

In order to perform a contract and to ensure the proper functioning of the Administrator’s website, he uses the services of third parties cooperating with him (for example: postal services, couriers, payment service entities). Personal data is transferred to third parties only if and to the extent that makes it necessary to achieve the purpose of processing. Personal data provided to third parties may be used only for the purpose of the task ordered by the Administrator.

Personal data may be provided to the following recipients cooperating with the Administrator:

  • members of HLB International – to the extent necessary for the purposes resulting from the legitimate interests pursued by the Administrator, including internal administrative purposes,
  • entities conducting postal, courier and similar activities (e.g. courier brokers) – to the extent necessary to carry out the delivery and correspondence,
  • selected entities acting on behalf of the Administrator when handling accounting, tax, advisory, legal and debt recovery matters (including entities purchasing debt) – to the extent necessary to carry out a specific purpose of processing,
  • entities providing technical assistance services provided to the Administrator and IT solution providers enabling the Administrator to operate (for example, software, e-mail and hosting providers) – the Administrator provides personal data to the trusted provider acting on his behalf only in the case and to the extent necessary to carry out a specific purpose of processing,
  • providers of solutions which serve the purpose of expressing/publishing client opinions – to the extent necessary to express such opinions.

(5) Transferring data outside the EEA

Personal data may be transferred outside the European Economic Area (including the European Union, Iceland, Liechtenstein and Norway) to Google LLC based on appropriate legal safeguards, which are standard contractual clauses of personal data protection, approved by the European Commission; see also point 9 Online Analysis.

(6) The rights of the data subject

The processing of personal data does not require any consent if, among other things: the processing is necessary to perform a contract, or take actions before a contract is concluded, results from a legal obligation of the Administrator or is necessary to carry out the legitimate interest of the Administrator. If the consent is necessary to be able to process personal data for a specific purpose, the Administrator asks for such consent. The consent given can be withdrawn at any time.

In the event of withdrawal of consent, the data will no longer be processed to the extent that the consent was granted, but the withdrawal of the consent will not affect the lawfulness of the processing, which was made on the basis of consent before its withdrawal.

Pursuant to the principles set out in the Regulation, the data subject also has the right: to demand from the Administrator access to the personal data relating to them, rectify it, delete it (“to be forgotten”) or limit its processing, to object to the processing, as well as to transfer such data.

If personal data is processed for direct marketing purposes, one can object at any time to the processing of this data for marketing purposes, including profiling, to the extent to which the processing is related to direct marketing.

In order to perform the above rights, an application should be submitted to the Administrator by e-mail, letter or in person at the Administrator’s office; Administrator’s contact details can be found in point 2 above. To make sure that the person submitting the application is entitled to submit it, the Administrator may ask for additional information confirming the identity of the person submitting.

The provisions of the Regulation indicate to what extent each of these rights can be used. This will depend in particular on the legal basis and purpose of personal data processing by the Administrator. The above rights can be used free of charge not often than once per 6 months. In accordance with Article 12 of the Regulation, if the data subject’s demands are manifestly unjustified or excessive, in particular because of its continuing nature, the Administrator may charge a fee.

The data subject has the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection.

(7) Obligation or no obligation to provide personal data

Using the Administrator’s services and providing personal data to him is voluntary. However, the data subject is obliged to provide it in connection with:

  • concluding a contract with the Administrator – in this case, providing personal data is a contractual condition and the data subject is obliged to provide the required data if they want to conclude a contract with the Administrator. Each time, the extent of data required to conclude a contract is communicated to the data subject. Failure to provide this data results in failure to conclude such contract.
  • implementing the obligations arising from the provisions of law on the Administrator – in this case, providing personal data is a statutory condition resulting from the provisions imposing on the Administrator the obligation to process personal data (e.g. in connection with the obligation to issue, collect and store invoices and accounting documents and keep accounting books). Failure to provide this data will prevent the Administrator from performing the indicated obligations, which will result in failure to conclude a contract.

(8) Use of data for advertising purposes

8.1 Newsletter
The Newsletter is sent only to those Users who have given their consent and provided their e-mail address. At any time, the consent to receive the newsletter may be withdrawn by clicking the resignation link in each newsletter, or by contacting the Administrator at the address given above.

8.2 Banner advertising
A banner ad is an advertisement which takes the User to another website by clicking on it. As part of banner advertising, for example, products that Users have viewed, or similar products are presented to Users. We can also present ads of our partners.

Banner advertising uses cookies or pixels. Direct information about the User is not saved. Only pseudonymised data is used. Additional information about cookies, pixels and retargeting/remarketing is provided below.

8.3 Cookies
The Administrator’s websites use cookies i.e. text files saved on the User’s device. These files allow you to analyse the way of using a website and identifying the User’s web browser. By entering appropriate browser settings, you can block the installation of cookies – this may limit the functionality of the website.

The Administrator may process data contained in cookies for anonymous analysis of visitors’ activities, study their behaviour (e.g. opening specific websites) in order to provide them with advertisements tailored to their expected interests, also when they visit other partner websites of Google Inc. and Facebook Ireland Ltd. advertising network and to improve the administration of Administrator’s websites.

8.4 Onsite Targeting
The Administrator uses cookie technology to conduct the analysis of visitors’ activities (e.g. opening specific subpages) and may present the User with advertisements and/or special offers. The purpose of these activities is to provide the User with content that most closely matches the area of his search.

8.5 Retargeting, third-party cookies and third-party data collection for the purposes of banner advertising
The Administrator’s websites use retargeting technology (remarketing).

The Administrator uses the services of third parties who use cookies on the Administrator’s website, they are:

Google Analytics, Universal Analytics and Google Remarketing provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Detailed information on the functioning of the above services is available at www.google.com/intl/pl/policies/privacy/partners/ see also https://policies.google.com/privacy/update?hl=pl&gl=pl

and

Facebook Pixel provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Detailed information is available at https://www.facebook.com/about/privacy

The User can disable cookies by changing the settings of their web browser.

8.6 How can you block the saving of cookies?
In order to block the saving of cookies, the User should enable the settings in the web browser to accept the saving of cookies only if they agree.

To accept the use of Administrator’s cookies, and at the same time block the use of third-party cookies, select the option “Block third-party websites’ cookies” in the browser settings.

8.7 Competitions, market research and opinion surveys
Each competition and promotional campaign has separate Regulations. In order to take part in them, the User is asked to provide the personal data listed in the Regulations and by giving consent, including the use of telecommunication devices in market research or opinion surveys (phone number, e-mail address) by the competition organizer for the purpose of direct marketing by the Administrator. Shared personal data will be processed for the purpose of conducting the contest, notifying of the winnings and for the needs of market research or opinion survey.

The answers provided as part of market research or opinion survey are not made available to third parties or published.

(9) Online analysis

The Administrator uses Google Analytics provided by Google for analysing website traffic. Google Analytics analyses the User’s behaviour on the website through the use of cookies. The information generated by cookies on the use of the website by the User (including their IP address) is passed to Google and stored on its servers in the USA. Google will use this information to analyse the use of websites by the User, create reports for the websites using Google Analytics and provide other services. Google may also transfer this information to third parties, as required by law, or if third parties process this information on behalf of Google.

By using the website, the User consents to the processing of their data by Google in the manner and for the purposes set out above.

The website is analysed by Google Analytics with the extension “_anonymizeIp ()” and therefore the IP addresses are processed only in abbreviated form, which makes it impossible to directly link the address to a given User.

The User can opt out of cookies by entering the appropriate browser settings. This may limit the functionality of the website and it may not be possible to use all of its functions.

The consent to store and collect personal data can be withdrawn at any time with effect for the future.

In order to prevent the transmission of data generated by a cookie file related to the User’s use of the website (including the IP address) to Google and the processing of such data by Google, it is sufficient to download and install the blocking plug-in available at the following address: https://tools.google.com/dlpage/gaoptout?hl=en

(10) Server log file

The web browser provides data about the User’s activities on the Administrator’s websites, which are saved in the server log files. The data records saved in this way contain the following data: date and time of downloading, name of the page being opened, downloaded data volume, as well as information about the product version of the web browser used, IP address, reference website URL (the address of the website from which the user was redirected).

The server log file data records are analysed in order to remove errors, manage server performance, protect against DDoS attacks, and customize offers.

(11) Automated decision-making and profiling

Personal data will not be used for automated decision-making that will cause legal effects for the data subject, including for profiling.

(12) Final Provisions

Administrator’s websites may contain links to other websites. Such websites operate independently of the Administrator and are not supervised by the Administrator in any way. The Administrator recommends reading privacy policies after going to other websites. The Administrator is not responsible for the principles of data handling on these websites.