§1 General information
- The Website is owned and administered by eo Networks S.A. (ul. Jagiellońska 78, 03-301 Warsaw), entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000332547, Tax Identification Number (NIP): 527-260-44-18, National Business Registry Number (REGON): 141905973, having a share capital in the amount of PLN 205 937,90 fully paid.
- As the legally defined Personal Data Controller eo Networks S.A. processes the Website User's personal data within the Website as part of an electronic means of distance communication. Eo Networks S.A. has made every effort to ensure the maximum protection of personal data being processed via the Website. The Personal Data Controller will be hereinafter referred to as the "Controller".
- Personal data shall be processed in accordance with Regulation (EU) 2016/679 of 17 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR) and in accordance with the Act of 10 May 2018 on Personal Data Protection.
- in writing: Jagiellońska 78, 03-301 Warszawa or
- by email: firstname.lastname@example.org
§2 Providing personal data as a statutory or contractual requirement
- Via the Website, the Controller shall obtain information about Website Users and their activities in the following ways:
- by saving cookie files in end devices (so-called "cookies"),
- by collecting web server logs by the hosting operator.
- Processing of personal data shall be lawful only if and to the extent that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Article 6(1)(a) of the GDPR);
- processing is necessary for the performance of a contract, to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR);
- processing is necessary for compliance with a legal obligation to which the Controller is subject (Article 6(1)(c) of the GDPR);
- processing is necessary in order to protect the vital interests of the data subject or any other natural person (Article 6(1)(d) of the GDPR);
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller (Article 6(1)(e) of the GDPR);
- processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Article 6(1)(f) of the GDPR);
- The Controller was entrusted with processing personal data by another Controller.
- The Controller does not provide services by electronic means via the Website. The website does not have sales functionalities.
§3 Information about cookies
- Cookies are files containing data, text files in particular, that are stored on the User's end device and are intended to be used by a web server. Cookies usually contain the name of the website from which they originate, their storage time on the end device, as well as a unique number. It consists of a string of characters through which websites and servers can be assigned to the specific web browser in which the cookie was stored. These files allow the User's device to be recognized by its IP address, location and language used, and properly display the website tailored to his or her individual preferences.
- Cookies are sent to the end device of the Website User and accessed by the Controller.
- Cookies are used to create anonymous, aggregated statistics that help to understand how Users use websites, which allows improving their structure and content, excluding the User's personal identification.
- Two basic types of cookies can be used on the Website: "session" cookies and "persistent" cookies. Session cookies are temporary files that are stored on the User's end device till log out time, leaving the website or disabling the software (web browser). Persistent cookies are stored on the User's end device within time specified in the parameters of the cookies or until they are deleted by the User. They can be deleted at any time via a web browser (see § 5).
- The software used for website browsing (a web browser) usually allows for default storing of cookies on the User's end device. Users of the Website may change the settings in this area. The web browser allows the User to delete cookies. It is also possible to block cookies automatically. Check the help function or the documentation of the web browser for more detailed information. Therefore, the User should make an informed decision concerning cookies settings within the web browser.
- In terms of information about User preferences collected by the Google advertising network, the User can view and edit information obtained from cookies using the tool: https://www.google.com/ads/preferences/.
§4 Managing cookie files - how to give and withdraw consent in practice
- If the User does not wish to receive cookies, he/she may change browser settings. Please note that disabling cookies that are necessary for the processes of authentication, security, storing of the User preferences can hinder, and in some cases, prevent the User from viewing web pages.
- In order to manage cookie settings, follow the instructions of your web browser.
§5 Server logs
- Information on certain activities of Users is subject to logging in the server layer. This data is used only to administer the Website and to provide the most efficient hosting services.
- The website collects an amount of general information about automatic or User-induced activities. This information is stored as server logs. The browsed resources are identified by URL addresses. In addition, the following may be recorded:
- request receipt time;
- response sending time;
- name of the User station - identification performed by the HTTP protocol;
- information about errors that occurred during the execution of the HTTP transaction;
- URL address of the page previously visited by the user (referrer link) - in the case when the transition to the Website was made via link;
- information about the User's browser;
- information about the User's operating system;
- information about the User's IP address;
- Internet service Provider's data.
- The above data is not associated with specific individuals browsing the websites.
- The above data is used for the purpose of administering the server on which the Website is maintained. This data is not used to build an individual User profile. This data helps to correctly edit and optimize the content of the Website. This data may also be used by law enforcement authorities in the event of illegal activity. This data is also subject to anonymized statistical analysis in order to increase the protection of User's data. Anonymous server log data is saved separately from other personal data.
- There is no option of adding comments or assesment of products or services via the Website.
- Publishing photographs of Users or third parties is only possible with their consent.
§7 External components
- The Website has integrated Google Analytics components with anonymization functionality. Google Analytics is used to analyse the Internet network by collecting, storing and analysing collected data on users activities on the website. The network analysis gathers, among other things, information about websites previously visited by the User, frequency of visits and time of display. Google Analitics is used to generate analysis reports. This tool is used to optimize the website and optimize advertising content.
- The operator of Google Analytics is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
- Google Analytics uses the application "_gat. _AnonymizeIp", through which the User's IP address is shortened by Google and anonymized when accessing our websites from an EU or EEA Member State.
- The User has the right to object to the processing of data generated by Google Analytics. To do this, the User can install a browser add-on that is available at https://tools.google.com/dlpage/gaoptout. The add-on blocks the data transfer to Google Analytics. The installation of the browser add-on is understood as objection to Google data processing.
- Google's data protection policy is available at https://www.google.com/intl/en/policies/privacy/ and at http://www.google.com/analytics/terms/us. html.
- Google LLC and its subsidiaries have acceded to the EU-US Privacy Shield Agreement ensuring protection of personal data at a level comparable to that in force in the European Union within the meaning of EU Regulation 2016/679 of the General Data Protection Regulation (GDPR) - https://www.privacyshield.gov/ .
§8 Data sharing
- The data shall be made accessible to third parties solely within the limits of law.
- Based on lawful requests and within the scope of such a request, the Controller may be obligated to provide authorised bodies with information collected by the Website. The Controller has the right to transfer data to public authorities and entities professionally involved in the recovery of debts, if it is necessary to determine, assert or defend claims or as part of the administration of justice by courts.
- The data may be transferred to: companies providing technical support services for the functioning of the Website, entities performing some related technical services or subordinated to the operation of the Website, hosting companies and other providers of ICT services for the Website.
§9 Data processing time
- The criteria used to determine the period of storage of personal data is the respective statutory retention periods. After this period, the relevant data is deleted as a matter of routine when it is no longer necessary to perform the contract, settle all dues resulting from the contract (until the limitation period) or initiate its conclusion in line with the will of the User.
- The Controller processes and stores the User's personal data only for the period necessary to achieve the purpose for which it was obtained and based on a specific legal basis. The Controller deletes the data in the event of the end of the purpose or legal basis, in particular after the expiry of the period for which the data was acquired.
§10 Rights of the data subject
- THE RIGHT TO BE INFORMED ABOUT THE PROCESSING OF PERSONAL DATA
The data subject shall have the right to obtain from the Controller at any time confirmation as to whether or not personal data concerning him or her is being held and, where that is the case, access to the personal data and the following information and, where that is the case, access to the personal data and the following information:
The Controller shall, if requested by the data subject, provide a copy of the personal data undergoing processing.
- what personal data is being processed,
- the categories of personal data concerned,
- the purposes of the processing,
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
- the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing,
- the right to lodge a complaint with a supervisory authority,
- where the personal data is not collected from the data subject, any available information as to their source,
- the existence of automated decision-making, including profiling, and - at least in these cases - meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject,
- where personal data is transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards related to such transfer.
- RIGHT TO RECTIFICATION
The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- RIGHT TO ERASURE ('RIGHT TO BE FORGOTTEN')
The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
If the Controller has made personal data public, and is obliged to delete this personal data on the aforementioned basis, then - taking into account the available technology and cost of implementation - it takes reasonable steps, including technical measures, to inform the administrators processing this personal data that the data subject requests them to erase all links to, or copies or replications of that personal data, provided that their processing is not necessary: a) to exercise the right to freedom of expression and information; b) to comply with a legal obligation requiring processing under Union or Member State law to which the administrator is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the administrator; c) for reasons of public interest in the field of public health; d) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes, in so far as the right (to be forgotten) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or, e) for the establishment, exercise or defence of legal claims.
- the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed,
- the data subject withdraws the consent on which the processing is based and where there is no other legal ground for the processing,
- the data subject objects to the processing and there are no overriding legitimate grounds for processing,
- the personal data has been unlawfully processed,
- the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject,
- the personal data has been collected in relation to the offer of information society services.
- RIGHT TO RESTRICTION OF PROCESSING
The data subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;
- the Controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing - pending the verification whether the legitimate grounds of the Controller override those of the data subject.
- RIGHT TO DATA PORTABILITY
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another Controller without hindrance from the Controller to which the personal data has been provided, where:
as long as it does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller. In exercising his or her right to data portability the data subject shall have the right to have the personal data transmitted directly from one Controller to another where technically possible.
- the processing is based on the data subject’s consent pursuant to (Article 6(1) (a) or Article 9(2)(a) GDPR) or under the agreement pursuant to Article 6(1)(b) GDPR; and
- personal data is processed by automated means,
- RIGHT TO OBJECT
- The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on Article 6(1)(e) or (f) GDPR (i.e. when processing is necessary to perform a task carried out in the public interest or as part of exercising public authority entrusted to the administrator, or when the processing is necessary for purposes arising from legitimate interests pursued by the Controller), including profiling on that basis. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
- Where personal data is processed for scientific or historical research purposes or statistical purposes, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
- To exercise the right to object please contact the Controller at any time. Furthermore, notwithstanding Directive 2002/58/EC (Directive on privacy and electronic communications), the data subject may exercise his or her right to object by automated means using technical specifications.
- INFORMATION ON AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
- If the decision does not concern specific personal data and a) is necessary for entering into, or performance of, a contract between the data subject and Controller; or b) is authorised by Union or Member State law to which the Controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or c) is based on the explicit consent of the data subject, the Controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express his or her point of view and to contest the decision.
- THE RIGHT TO WITHDRAW THE CONSENT TO PROCESSING
The data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time. The withdrawal of the consent shall not affect the lawfulness of processing based on the consent before its withdrawal.
- THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY AND COURT
- If the Controller does not take action in connection with the request of the data subject, it shall immediately inform the data subject - at the latest within one month of receipt of the request - about the reasons for not taking action and about the possibility of submitting a complaint to the supervisory body and the use of legal protection measures before a court.
- Without prejudice to other administrative or legal protection measures before the court, any data subject may submit a complaint to the supervisory authority, in particular in the Member State of his habitual residence, place of work or place of alleged infringement, if he or she thinks that the processing his or her personal data breaches the GDPR. The data subject shall have the right to lodge a complaint to the court against the decision of the supervisory authority.
- Without prejudice to available administrative or extrajudicial remedies, including the right to lodge a complaint with a supervisory authority, any data subject shall have the right to an effective remedy before a court if he considers that his rights under the GDPR have been violated as a result of the processing of his personal data in violation of this GDPR. Proceedings against the Controller shall be brought before the courts of the Member State where the Controller has an establishment. Alternatively, such proceedings may be brought before a court of a Member State where the data subject has his or her habitual residence.
- Please note that the supervisory authority competent for the place of residence of the Controller is the President of the Office for Competition and Consumer Protection.
§11 Data protection
- The Website User is obliged to protect his own working unit, operating system and web browser against hacker attacks by third parties.