- [Preliminary information and terms we use] The protection of personal data has always been treated as one of the most important aspects in the operation of Kerris Group sp. Z o. O. Our goal is also to properly inform you about matters related to the processing of personal data, and the law in this regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (“GDPR”). For this reason, in this document we inform you about the legal basis for the processing of personal data, how to collect and use it, as well as the rights of data subjects related to it. For simplicity, the following is a list of definitions:
- Kerris is a service provider providing a service through the website;
- The GDPR is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Regulation on data protection);
- the service is all Kerris online services currently available on the site;
- the website is the kerrisgroup.com website and the service provided through it;
- personal data or data is any information obtained from you as part of the service and website that can identify you, for a broader definition, see art. 4 point 1 of the GDPR;
- data processing is an operation or a set of operations that we perform on personal data – these include such activities collecting, storing, organizing the use of this data;
- [Data Administrator] As mentioned above, the administrator of your data is Kerris Group sp.z o.o. with headquarters in Warsaw (00-867), Al. Jana Pawła II 27, entered into the Register of Entrepreneurs of the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Department of the National Court Register under the number KRS: 0000412151, NIP: 5213628133, REGON: 146020251, with share capital in the amount of PLN 113,450.
- [Contact regarding data matters] In case of doubts regarding the processing of your personal data by us, please contact us by sending an e-mail to email@example.com or by post to the Kerris registration address.
- [Types of processed data] We process data that you provide as part of the forms available on the website or leave as part of using the services. These are primarily the data necessary to enable you to use the website and contact us, send to your newsletter, as well as the data that you leave as part of navigating our website, i.e. those that are in the so-called cookies (which we explain below). In case of doubts as to which your personal data is being processed by us – please contact us at the e-mail address indicated in point III.
In connection with the use of the website, your following data will be processed: name, surname, e-mail address, telephone number, IP address.
- [the purposes and grounds for processing your data and the period will be processed]
- Data processed on the basis of consent will be processed until consent to their processing is withdrawn or until they lose their usefulness for Kerris,
- data processed on the basis of statutory requirements will be processed for the time when legal regulations require their storage,
- data processed to provide services to the user will be processed until the user ceases to provide these services,
- data processed on the basis of the Administrator’s legitimate interest will be processed until such objection is successfully lodged or the interest ceases, e.g. data processed for the purpose of pursuing or defending against claims will be processed for a period equal to the period of limitation of these claims (which are not longer than 6 years from the end of the year in which data processing on a different basis was completed).
Your personal data is processed for the following purposes:
- providing services to you electronically via the Kerris website, i.e. the performance of the contract for these services, as well as the implementation of the newsletter service provided by Kerris (the legal basis in this case is Article 6 (1) (b) of the GDPR),
- implementation of the legitimate interest of Kerris – service, investigation and defense in the event of mutual claims (the legal basis in this case is Art.6 para. 1 lit.f RODO),
- implementation of the legitimate interest of Kerris – conducting statistical and analytical research in order to improve the functionality of the website and the level of services rendered (the legal basis in this case is Article 6 (1) (f) of the GDPR).
- [Information on the voluntary provision of data] Providing personal data is voluntary. However, please remember that failure to provide data marked as part of the service as necessary to provide services to you will prevent their provision. Providing them is voluntary, but necessary to achieve the objectives indicated above. Also in the event that you provide false or incorrect personal data, we will not be able to provide any services to you.
- [Data recipients] Your personal data may be transferred to other entities. They will always be trusted processors entrusted with carrying out certain activities in order to provide services to you as best as possible. The transfer of your data may be to the hosting provider, entities involved in the analysis of entities providing technical support for the website and services rendered, entities providing marketing tools, entities providing accounting or legal support. It is also possible that we will transfer your personal data to state authorities.
In the event of your data being transferred outside the EEA (European Economic Area), this will be done in compliance with all requirements arising from the provisions of applicable law. If the transfer of your data to a third country occurs on a different basis than your consent or the need to properly perform the contract, or if one of the exceptions indicated in art. 49 GDPR, your data will be transferred in accordance with art. 45 GDPR (a decision of the European Commission, which may find that an adequate level of personal data protection is observed in a given third country – in this case, the transfer of personal data to that country does not require a special permit) or 46 GDPR (data transfer to a third country may occur when adequate safeguards are provided and provided that the enforceable rights of data subjects as well as effective remedies apply in the third-country law system).
Your data may, in particular, go to the United States of America due to the tools used by Kerris. In this case, the transfer of data is based on the EU-US privacy shield and will include only entities of the appropriate reputation that use safeguards to ensure the security of personal data.
- [Rights] Under the GDPR, you have:
(a) the right to access your data, including obtaining a copy of the data;
(b) the right to request correction of data;
(c) the right to delete data (in the cases provided for in the GDPR);
(d) the right to limit the processing of your personal data;
(e) the right to withdraw consent – to the extent that your data is processed on the basis of this consent. Remember that the withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal;
(f) the right to transfer personal data, i.e. to receive your personal data from the administrator in a structured, commonly used machine-readable format. You can send this data to another data administrator – if your data is processed on the basis of your consent or for the purpose of providing services by Kerris.
(g) the right to lodge a complaint with the supervisory body – the President of the Office for Personal Data Protection; To exercise your rights, please contact us at the following email address: firstname.lastname@example.org.
- [Profiling] Kerris does not undertake profiling or automated decision making activities.
- [Data security] Kerris applies technical and organizational measures ensuring the protection of personal data being processed appropriate to the threats and categories of data being protected, and in particular protects the technical and organizational data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of the Act and amendment, loss, damage or destruction. The set of collected personal data is stored on a secured server and the data also protect Kerris internal procedures in the field of personal data processing and information security policy.
Kerris has also implemented appropriate technical and organizational measures, such as pseudonymisation, designed to effectively implement data protection principles, such as data minimization, and to give processing the necessary safeguards to meet the requirements of the GDPR and protect the rights of data subjects.
At the same time, Kerris points out that the use of the Internet and services provided electronically may be at risk of infiltrating your ICT system and device of malware (malware) as well as unauthorized access to your data, including personal data, by third parties. In order to minimize these threats, you should use appropriate technical security measures, e.g. using up-to-date antivirus or identification software on the Internet.
- [“Cookies” / General Information] The entity placing information in the form of cookies (so-called cookies) and other similar technologies on your device and accessing them is Kerris and the entities to which we transfer your data, i.e. entities providing us with for us technical services, including analytical and marketing, our clients and advertisers. Cookies are IT data, in particular text files, which are stored on the user’s terminal device of WPM websites and applications. Cookies usually contain the domain name of the website from which they originate, their storage time on the end device and a unique number. Cookies are not used to identify the user and the user’s identity is not determined on their basis. A website may place a cookie in your browser if your browser allows it. Importantly, the browser allows the website to access only cookies placed by this website and not to files placed by other websites.
[Types of cookies] Due to the lifetime of cookies and other similar technologies, we use two basic types of these files: (a) session files – temporary files stored on the User’s end device until logging out, leaving the website and application or turning off the software (web browser) ; (b) permanent – stored on the User’s end device for the time specified in the cookie file parameters or until they are deleted by the User. Due to the purpose of cookies and other similar technologies, we use the following types: (a) necessary for the operation of the service and application – enabling the use of our services, e.g. authentication cookies used for services requiring authentication; (b) used to ensure security, e.g. used to detect fraud in the field of authentication (c) performance – enabling the collection of information on how to use websites and applications; (d) functional – enabling “remembering” the settings selected by the User and personalizing the interface, eg in terms of the selected language or region from which you come; (e) advertising – enabling delivery of advertising content more tailored to your interests; (f) statistical – used for counting statistics on websites and applications.