CLICO SP. Z O.O. PRIVACY POLICY / CLICO SP. Z O.O. COOKIES POLICY
SECURITY POLICY ON PERSONAL DATA PROCESSING
CLICO Spółka z ograniczoną odpowiedzialnością with its registered seat in Kraków, ul. Oleandry 2, 30-063 Kraków, Poland, at the Kraków-Śródmieście District Court in Kraków, 11th Commercial Division of the National Court Register, under KRS number 0000107000, Tax ID No (NIP) 6770009678, registered capital 51,000.00 PLN.
1. The personal data controller (hereinafter ‘Controller’) is CLICO Spółka z ograniczoną odpowiedzialnością with its registered seat in Kraków, ul. Oleandry 2, 30-063 Kraków, Poland, at the Kraków-Śródmieście District Court in Kraków, 11th Commercial Division of the National Court Register, under KRS number 0000107000, Tax ID No (NIP) 6770009678, registered capital 51,000.00 PLN.
2. Personal data processing is done in accordance with the Personal Data Protection Act of 29 August 1997 and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter ‘the GDPR’).
3. The Controller shall collect and process personal data insofar as it is necessary for the provision of services as well as for marketing, statistical and reporting purposes.
4. The Controller shall collect the following personal data: first name, last name, phone number, and email address.
5. The Controller shall collect and process personal data insofar as it is necessary for the provision of services as well as for marketing, reporting and statistical purposes. In particular, the Controller shall collect personal data for the following purposes:
a) to prepare and present a marketing offer,
b) direct marketing of Controller’s and third parties’ products and services,
c) statistics and analytics,
d) to exercise a right or fulfill an obligation under the law, particularly to make an invoice,
e) for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract,
f) for the purpose of the legitimate interests pursued by the Controller or data recipients, provided that the processing does not violate the rights and freedoms of the data subject.
6. The Controller shall collect personal data:
a) in a registration process via a website,
b) in a registration process via a phone call or email,
c) in a registration process in writing before or during a training, conference or other events organized by the Controller.
7. The Controller shall take necessary technical and organizational measures, in accordance with applicable law, to protect, to the extent possible, customers’ personal data. Personal data shall be processed in a manner that ensures appropriate security and confidentiality of the personal data, including preventing unauthorized access to or use of personal data and the equipment used for the processing. The Controller shall grant any necessary permissions to persons having access to personal data. In order to maintain security and to prevent unlawful processing, the Controller shall evaluate the risks inherent in the processing and implement measures to mitigate those risks. Those measures shall ensure an appropriate level of security, including confidentiality, taking into account the state of the art. In assessing data security risk, the Controller shall consider the risks that are presented by personal data processing, such as accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed which may in particular lead to physical, material, or non-material damage.
8. Customers shall have the right to access their data and to request data rectification, erasure, and processing restriction, the right to data portability, to object to data processing, and to withdraw consent at any time, without affecting the lawfulness of processing based on consent granted before its withdrawal. To do this you shall send your request to ado@clico.pl or submit it by calling 123783700 ext. 1121, or by post: ul. Oleandry 2, 30-063 Kraków, Poland. The Controller shall respond to requests from data subjects without undue delay, at the latest within one month, and to give reasons where the Controller does not intend to comply with any such requests. The Controller shall respond via the channel chosen by the data subject to submit his or her request or inquiry.
9. The Controller shall be responsible for informing customers about the processing of their personal data in a transparent manner. The Controller shall ensure that information relating to the processing of personal data is easy to access and understand, and that clear and plain language is used. In particular, the Controller shall inform data subjects about the Controller’s identity and goals of the processing. The controller shall provide any further information necessary to ensure fair and transparent processing, taking into account specific circumstances and the context of personal data processing. Such information could be provided in an electronic form, for example on a website. The Controller shall inform the data subject whether he or she is obliged to provide the personal data and of the consequences of failing to provide such data. Such information could be provided in an electronic form, for example on a website. The information on the processing of the data subject’s personal data shall be given to him or her at the time of data collection.
10. The Controller shall ensure that personal data is adequate, relevant, limited to what is necessary for the purposes for which it is processed, and stored for the shortest period possible.
11. In order to ensure that personal data is not stored longer than necessary, the Controller shall perform a periodic review once a year. Based on the periodic review and the on-going personal data management, the Controller shall take measures to rectify or erase personal data that are incorrect or their further processing is unjustified.
12. Data shall be processed on the basis of the data subject’s consent or some other legitimate basis laid down by law, particularly in a contract to which the data subject is a party, or in order to take steps at the data subject’s request prior to entering into the contract. The consent shall be expressed voluntarily, clearly and unambiguously.
13. Where processing is carried out in accordance with a legal obligation to which the Controller is subject, or where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, the processing shall be based on the law of the European Union or the Republic of Poland.
14. The Controller shall create and update the Register of Processing Activities. In the Register of Processing Activities, the Controller shall record which data is processed, from which entity, for what purpose, for how long, where, and with which security measures. The Controller shall also record in the Register of Processing Activities the persons having access to personal data and the basis for giving the data to third parties.
15. The Controller shall indicate lawful interests of the Company that justify the possibility of transferring personal data within a group of companies for internal administration purposes. This also applies to the processing of customers and employees’ personal data.
16. Where the processing servers archival or statistical purposes and in the case of further personal data processing, the Controller shall determine whether the processing operation complies with the law and the original purposes of the processing. In such a case, the Controller shall take into account factors such as: any link between those purposes and the purposes of the intended further processing; the context in which the personal data have been collected, in particular the reasonable expectations of data subjects based on their relationship with the Controller as to their further use; the nature of the personal data; the consequences of the intended further processing for data subjects; and the existence of appropriate safeguards in both the original and intended further processing operations.
17. Where personal data are to be disclosed to another recipient, the Controller shall inform the data subject about the first disclosure of the personal data to the recipient. Where the Controller intends to process the personal data for a purpose other than that for which it was collected, prior to that further processing the Controller shall provide the data subject with information on that other purpose and other necessary information.
18. Transfer of personal data to third countries shall be made only in full compliance with the GDPR. The Controller shall ensure that the agreements with third countries include standard data protection clauses used in the European Union.
19. The Controller shall cooperate with competent supervisory authorities with regard to any action taken to ensure compliance with the law on personal data protection. The Controller shall be obliged to cooperate with the supervisory authority and make the Register of Processing Activities available to it on request for the purposes of monitoring those processing operations. The Controller shall submit reports to the supervisory authorities insofar as it is laid down by law, the GDPR in particular.
20. The Controller shall communicate to the data subject a personal data breach, without undue delay, where that personal data breach is likely to result in a high risk to the rights and freedoms of the natural person in order to allow him or her to take the necessary precautions. The communication shall describe the nature of the personal data breach as well as recommendations for the natural person concerned to mitigate potential adverse effects. Such communications to data subjects shall be made as soon as reasonably feasible and, when necessary, in close cooperation with the supervisory authority, observing guidance provided by this or other relevant authorities such as law-enforcement authorities.
21. The Controller shall take necessary steps to implement relevant provisions set forth in agreements with third countries and cooperating entities in order to ensure secure personal data processing. To this end, the Controller periodically reviews relevant contractual provisions and identifies applicable clauses that comply with the law.
22. The Controller reserves the right to make changes to this Security Policy on Personal Data Processing.
23. Questions and concerns regarding this Security Policy on Personal Data Processing can be sent to ado@clico.pl.
24. This Policy was approved under a resolution made by the Management Board of the Company dated 24 May 2018 and has been in force since 25 May 2018.
CLICO SP. Z O.O. COOKIES POLICY
1. CLICO Spółka z ograniczoną odpowiedzialnością with its registered seat in Kraków, ul. Oleandry 2, 30-063 Kraków, Poland, at the Kraków-Śródmieście District Court in Kraków, 11th Commercial Division of the National Court Register, under KRS number 0000107000, Tax ID No (NIP) 6770009678, registered capital 51,000.00 PLN (hereinafter ‘the Company’) informs that is uses cookies at www.clico.pl (hereinafter ‘the Website’).
2. Cookies are computer files, specifically text files, which are stored on the Website user’s terminal device, and their purpose is to allow the user to use the Website. Cookies usually contain the name of the Internet page they come from, information on how long they have been stored on the device, and a unique number.
3. Cookies are used to:
a) customize the content of Website pages depending on user preferences, and to optimize the use of websites; in particular, cookies enable the identification of the Website user’s terminal device, which allows the displayed page to be tailored to the individual user’s preferences;
b) generate statistics to help understand how the Website is used, so as to improve its structure and content;
c) share data with third parties and redirect third-party websites’ users, including social media users.
4. Cookies used by Clico Sp. z o.o. shall not record any personal data of Website users.
5. When a user is visiting the Website for the first time, he or she shall grant their consent for the installation of cookies that are activated only if the user grants his or her consent.
In order to complete this process, a window is displayed at the Website’s home page to indicate that if the user continues to browse through the Website, he or she agrees to install cookies on their device. The user can withdraw such consent at any time by changing the web browser settings to block storing cookies, bearing no costs other than transmission costs according to standard data plans. In the web browser settings, the user can choose to accept storing cookies only when he or she agrees to it. Clico Sp. z o.o. emphasizes that withdrawing the consent for storing cookies and cookie data processing is valid only for the computer and the web browser for which the settings were changed.
6. Website users may change cookie settings at any time. In particular, such settings may be changed so that the automated service of cookies is blocked in the web browser settings, or information about every placement of cookies in the user’s equipment is displayed. Detailed information about the possibility and ways of service of cookies is available in the settings of the software (web browser).
7. The user can change the way cookies are stored or collected by changing the settings in the web browser, including Internet Explorer, Mozilla Firefox, Chrome, and Safari.