Privacy policy
PRIVACY POLICY FOR
EPP SP. Z O.O.
TABLE OF CONTENTS
- Definitions
- Data Processing in Connection with the Use of the Website
- Purposes of and Legal Basis for Data Processing on the Website
- Cookies and Similar Technology
- Analytical and Marketing Tools Used by the Controller’s Partners
- Managing Cookie Settings
- Duration of Personal Data Processing
- User Rights
- Data Recipients
- Transfer of Data outside the EEA
- Personal Data Security
- Contact Details
- Amendments to Privacy Policy
PRIVACY POLICY
- Definitions
- Controller – EPP Office – O3 Business Campus Sp. z o.o. with its registered office in Warsaw, ul. Konstruktorska 12a, entered in the Register of Business Entities, part of the National Court Register, kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Business and the National Court Register Division, under No. KRS 0000403665, identified by NIP (tax ID No.) 5252522692 (hereinafter: the “Controller”).
- Personal Data – information about a natural person who is identified or identifiable by one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity, including the device IP, location data, internet identifier, and information collected through cookies and other similar technologies.
- Policy – this Privacy Policy.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- Website – the website operated by the Controller at: https://o3businesscampus.com.pl/
- User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.
- Data processing in connection with the use of the website
- In connection with the User’s use of the Website, the Controller collects data to the extent necessary to provide the individual services offered and information about the User’s activity on the Website. The following describes the specific principles and purposes of the processing of the Personal Data collected during the User’s use of the Website.
- Purposes of and legal basis for data processing on the website
Use of the website
- Personal data of all persons using the Website (including IP addresses or other identifiers and information collected through cookies or other similar technologies) are processed by the Controller:
- in order to provide electronic services in terms of providing Users with access to content collected on the Website, in which case the legal basis for the processing is the necessity of the processing for the performance of a contract (Article 6(1)(b) GDPR);
- for analytical and statistical purposes, in which case the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in conducting analyses of Users’ activity and their preferences in order to improve the functionalities used and services provided;
- for the purposes of possible establishment, exercise or defence of legal claims, in which case the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in the protection of its rights.
- The Users’ activity on the Website, including their Personal Data, is recorded in system logs (a special computer programme used to keep a chronological record containing information on events and activities that relate to the IT system used to provide services by the Controller). The information collected in the logs is processed primarily for the purposes of providing services. The Controller also processes them for technical and administrative purposes, for the purposes of ensuring security and managing the IT system, as well as for analytical and statistical purposes, in which case the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).
- Personal data of all persons using the Website (including IP addresses or other identifiers and information collected through cookies or other similar technologies) are processed by the Controller:
- Analytical and marketing tools used by the controller’s partners
- The Controller and its Partners apply various solutions and tools used for analytical purposes. Below is some basic information on these tools. Please refer to the privacy policy of the respective Partner for further details.
- Social plug-ins
The Website uses social network plug-ins (LinkedIn). These plug-ins allow the Users to share content published on the Website with the social network of their choice. As a result of the use of plug-ins on the Website, the respective social network receives information about the User’s use of the Website and may attribute this information to the User’s profile created on the respective social network. The Controller has no knowledge of the purpose or scope of data collection by social networks. Detailed information can be found at the links below:
- Duration of personal data processing
- The duration of the data processing by the Controller depends on the type of service provided and the purpose of the processing. As a general rule, data are processed for the duration of the service, until the consent given is withdrawn or an effective objection is made to the processing in cases where the legal basis for the processing is the Controller’s legitimate interest.
- The data processing period may be extended, if the processing is necessary for the establishment, exercise or defence of possible legal claims, and thereafter only if and to the extent required by law. After the expiry of the processing period, the data are irreversibly deleted or anonymised.
- User rights
- The User has the right to access the content of the data and to request their rectification, erasure or restriction of processing, the right to data portability, and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory authority dealing with the protection of Personal Data.
- To the extent that User data are processed on the basis of consent, this consent may be withdrawn at any time by contacting the Controller or using the functionalities provided on the Website.
- The User has the right to object to the processing of data for marketing purposes, if the processing is carried out in connection with the Controller’s legitimate interest, and, for reasons related to the User’s particular situation, in other cases where the legal basis for the data processing is the Controller’s legitimate interest (e.g. in connection with the pursuit of analytical and statistical purposes).
- For more information on your rights under GDPR, please click tutaj.
- Data recipients
- In connection with the provision of services, Personal Data will be disclosed to third parties, including, without limitation, IT service providers, in particular hosting service providers, providers responsible for the operation of IT systems, analytical service providers, marketing agencies (to the extent of marketing services), and entities related to the Controller, including member companies of its group.
- If the User’s consent is obtained, his or her data may also be made available to other entities for their own purposes, including marketing purposes.
- The Controller reserves the right to disclose selected information concerning the User to the competent authorities or to third parties, if they make a request for such information on the basis of appropriate legal grounds and in accordance with the provisions of the applicable law.
- Transfer of data outside the EEA
- The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate degree of protection ensured, primarily by:
- cooperation with processors of Personal Data in countries for which a relevant adequacy decision of the European Commission has been issued confirming that the country provides adequate level of protection of Personal Data;
- the use of standard contractual clauses issued by the European Commission;
- the application of binding corporate rules approved by the competent supervisory authority;
- in the case of data transfers to the USA, cooperation with entities participating in the Privacy Shield framework approved by a decision of the European Commission.
- The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate degree of protection ensured, primarily by:
- Personal data security
- The Controller conducts risk analysis on an ongoing basis to ensure that Personal Data are processed by the Controller in a secure manner, primarily by ensuring that only authorised persons have access to the data and only to the extent necessary for their tasks. The Controller also ensures that all operations on Personal Data are recorded and carried out only by authorised employees and associates.
- The Controller shall take any and all necessary measures to ensure that its subcontractors and other cooperating entities likewise guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Controller.
- Contact details
- You may contact the Controller via the e-mail address rodo@epp-poland.com
- The Controller has appointed the Personal Data Protection Coordinator whom you may contact via e-mail rodo@epp-poland.com on any matters concerning the processing of Personal Data.
- Amendments to privacy policy
- This Policy is reviewed on a regular basis and updated as necessary.