Privacy policy of the eo Networks S.A. website.

§1

General information

  1. This Privacy Policy applies to the information provided on the Website and is addressed to the Users of the Website.
  2. The operator of the Website is eo Networks S.A. (ul. Jagiellońska 78, 03-301 Warsaw), entered in the Register of Entrepreneurs of the National Court Register under the number KRS 0000332547, NIP 527-260-44-18, REGON 141905973, holding share capital of PLN 205,937.90 fully paid-up.
  3. Within the scope of the website, eo Networks S.A. processes the User's personal data as a personal data controller (PDC) within the means of electronic distance communication. We have made every effort to ensure the greatest possible protection of personal data processed through the website.
  4. The PDC processes the personal data of the Users of the Site under the terms of this Privacy Policy.
  5. The processing of personal data takes place in accordance with Regulation (EU) 2016/679 of 17 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and in accordance with the Data Protection Act of 10 May 2018.
  6. The website covered by this Privacy Policy is: www.eo.pl (Website or Site).
  7. The Controller has appointed a Data Protection Officer who can be contacted on all rights related to the processing of personal data. Contact with the Data Protection Officer of the PDC:
    • in writing: Jagiellońska 78, 03-301 Warsaw or
    • by e-mail: iod@eo.pl

§2

Providing personal data as a statutory or contractual requirement

  1. PDC, through the Site, obtains information about the Users of the Site and their behaviour in the following ways:
    1)
    by storing cookies (so-called ‘cookies’) in the terminal equipment,
    2)
    by the collection of web server logs by the hosting operator,
    3)
    through the entry of data by the User in the contact form,
    4)
    by sending application documents as part of recruitment procedures.
  2. The User's personal data may be processed by PDC in order to:
    1)
    Administering the website, on the basis of PDC's legitimate interest, which is to ensure the smooth and secure functioning of the website (Article 6(1)(f) GDPR),
    2)
    answering a question asked in the contact form, the processing is necessary for the fulfilment of PDC's legitimate interest of communicating with users (Article 6(1)(f) GDPR),
    3)
    to carry out recruitment processes, detailed information on the purposes and grounds for data processing are included in the information clauses provided under recruitment advertisements.
  3. The website may be used without providing information about the User to PDC, subject to the provisions of § 4 section 2 of this Privacy Policy. The need to provide personal data by the User, within the scope covered by this Privacy Policy, may result from the participation in the recruitment processes or for the purpose of answering the submitted enquiries regarding PDC products or services. Failure to provide personal data may prevent PDC from responding to submitted enquiries or participating in recruitment.
  4. PDC does not provide electronic services via the Website. The Website does not contain sales functionalities.

§3

Information about cookies

  1. The Website uses cookies. Information on how we use cookies is available in the Cookie Policy. The Cookie Policy can be found at www.eo.pl.

§4

Server logs

  1. Information about certain User behaviour is subject to logging at the server layer. This data is used for the administration of the website and to ensure the most efficient operation of the hosting services provided.
  2. The website collects a range of general information when automatically called or invoked by the User. Such information is stored as server logs. The resources viewed are identified by URLs. In addition, the record may be subject to:
    1)
    the time of the request,
    2)
    the time of sending the response
    3)
    user station name - identification via HTTP protocol,
    4)
    information on errors which occurred during the execution of HTTP transactions,
    5)
    URL address of a page previously visited by the User (referer link), in the event that the Website was accessed via a link,
    6)
    information about the User's browser,
    7)
    information about the User's operating system,
    8)
    information about the User's IP address,
    9)
    data of the User's internet service provider.
  3. The above data are not associated with specific persons browsing the website.
  4. The above data is used for the administration of the server on which the website is maintained. This data is not used to build an individual user profile. This data is used for the correct editing and optimisation of the content of the Website. The data may also be used by law enforcement authorities in the event of unlawful activity. This data is also subject to anonymised statistical analysis in order to increase the protection of User data. Anonymous server log data is saved separately from other personal data.

§5

Commenting on

  1. The Website does not allow Users to add individual comments which are generally available on the Website, or to evaluate products or services via the Website.
  2. Publication of photographs of Users or third parties by PDC is only possible with their consent.

§6

External components

  1. The website has integrated Google Analytics components with anonymisation functionality. Google Analytics serves the purpose of web analysis by collecting, aggregating and analysing collected data on the behaviour of users visiting the website. By means of web analysis, information is collected on, among other things, the web pages previously visited by the user, the frequency of visits and the time of viewing. Google Analytics allows analysis reports to be generated. This tool serves to optimise the website and optimise advertising content.
  2. The operator of Google Analytics is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
  3. Google Analytics uses the application ‘_gat. _anonymizeIp’, by means of which the User's IP address, is truncated by Google and anonymised when accessing our websites from an EU or EEA member state.
  4. Google Analytics uses cookies which enable the location of the user. The data acquired in this way is the User's IP address, which is used, among other things, to find out the origin of visitors and clicks.
  5. The user can object to the processing of data generated by Google Analytics. To do this, he or she must install a browser add-on available under the link https://tools.google.com/dlpage/gaoptout. The add-on blocks the transmission of data to Google Analytics. The installation of the browser add-on is understood as an objection to Google for data processing.
  6. Google's data protection policy is available at https://www.google.com/intl/pl/policies/privacy/ and at http://www.google.com/analytics/terms/us. html.
  7. Google LLC and its subsidiaries have signed up to the US-EU Data Protection Framework Agreement ensuring a level of protection of personal data comparable to that in force in the European Union under the provisions of EU Regulation 2016/679 of the General Data Protection Regulation (GDPR).

§7

Sharing of data

  1. Data is only subject to sharing with external parties within the limits of the law.
  2. The data may be transferred to ICT service providers providing services for the technical operation of the website to entities technically implementing certain services related or subordinate to the operation of the website - hosting companies and other ICT service providers for the website.

§8

Time of processing

  1. Depending on the legal basis for processing your data, we will keep it until the purpose for which it was collected has been fulfilled, i.e. when our legitimate interest has been realised, the limitation period for claims under the law has expired, or we will delete it earlier if you object to the processing based on a legitimate interest. Specific data processing times may be indicated in the clauses on the page for each activity.

§9

Rights of the data subject

  1. Right to obtain information about the processing of personal data
    The data subject is a person entitled to obtain from the PDC at any time confirmation as to whether personal data concerning him or her is being processed and to obtain the following information:
    1)
    which of his/her personal data are being processe;
    2)
    the categories of personal data being processed;
    3)
    the purposes of the processing;
    4)
    information on the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    5)
    (where possible) the intended period of storage of the personal data and, where this is not possible, the criteria for determining this period;
    6)
    information on the right to request from the PDC rectification, erasure or restriction of the processing of personal data of the entitled person and to object to such processing;
    7)
    information on the right to lodge a complaint to a supervisory authority;
    8)
    if the personal data have not been collected from the entitled person - any available information about their source;
    9)
    information on automated decision-making, including profiling, and, at least in those cases, relevant information on the modalities of such decision-making, as well as on the significance and the envisaged consequences of such processing for the entitled person,
    10)
    whether personal data are transferred to a third country or an international organisation and the appropriate safeguards related to such transfer.
    The PDC shall provide the data subject with a copy of the personal data being processed upon request.
  2. Right to rectification
    The Data Subject User is a person entitled to request from the PDC the immediate rectification of personal data concerning him/her that are inaccurate. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by providing an additional statement.
  3. Right to be forgotten
    The data subject is a person entitled to request from the PDC the immediate erasure of personal data concerning him/her, and the PDC is obliged to erase the personal data without undue delay if one of the following circumstances applies:
    1)
    the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    2)
    the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
    3)
    the data subject objects to the processing or raises an objection and there are no overriding legitimate grounds for the processing;
    4)
    the personal data have been processed unlawfully;
    5)
    the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the PDC is subject.
    Where the PDC has made the personal data public and has an obligation to erase that personal data on the aforementioned basis, the PDC shall, taking into account the technology available and the cost of implementation, take reasonable steps, including technical measures, to inform the controllers processing that personal data that the data subject requests that those controllers erase any links to, or copies or replications of, that personal data insofar as the processing is not necessary: (a) for the exercise of the right to freedom of expression and information; (b) for compliance with a legal obligation requiring processing under Union law or the law of a Member State to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (c) on grounds of public interest in the field of public health; (d) for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, insofar as the purposes of such processing are likely to be rendered impossible or seriously impeded by law; or (e) for the establishment, exercise or defence of claims.
  4. Right to restrict processing
    The data subject is a person entitled to request the PDC to restrict the processing of his/her personal data in the following cases:
    1)
    the data subject's legitimate person questions the correctness of the personal data - for a period allowing the PDC to verify the correctness of the data;
    2)
    it has become apparent that the processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead the restriction of their use;
    3)
    the PDC no longer needs the personal data for the purposes of the processing, but they are needed by the entitled person to establish, assert or defend his/her claims;
    4)
    the entitled person, has lodged an objection - until it is determined whether the legitimate grounds on the part of the PDC override the grounds of the entitled person's objection.
  5. Right to data portability
    The data subject is a person entitled to obtain from PDC, in a structured, commonly used machine-readable format, the personal data concerning him or her that ADO has provided, and has the right to send that personal data to another controller without hindrance from PDC, if:
    1)
    the processing is based on consent (Article 6(1)(a) or Article 9(2)(a) GDPR) or on the basis of a contract pursuant to Article 6(1)(b) GDPR;
    2)
    the processing is carried out by automated means.
    In exercising the right to data portability, the data subject has the right to request that the personal data be sent by the PDC directly to another controller, insofar as this is technically possible.
  6. Right to object
    The data subject has the right to object at any time - on grounds relating to his or her particular situation - to the processing of personal data concerning him or her based on Article 6(1)(f) GDPR (i.e. where the processing is necessary for the purposes of the legitimate interests pursued by the PDC), including profiling on this basis. The PDC shall no longer be allowed to process such personal data unless the PDC demonstrates that there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
  7. Right to withdraw consent to processing
    The data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
  8. Right to lodge a complaint with a supervisory authority and court
    The data subject has the right to lodge a complaint with the supervisory authority, i.e. the President of the Data Protection Authority at the address: ul. Stawki 2, Warsaw, if he/she believes that the processing of personal data by the Administrator is unlawful.

§10

Data security

  1. The user is obliged, for his/her own safety, to secure his/her own work unit, operating system and Internet browser against hacking attacks by third parties.

§11

Change of privacy policy

  1. eo Networks S.A. reserves the right to change this Privacy Policy, of which Users will be informed at www.eo.pl.
  2. This Privacy Policy is available at https://eo.pl/rodo/polityka-prywatnosci/.