Privacy Policy

Table of contents
  1. General provisions
  2. Aim and scope of data collecting 
  3. Basis and period of data processing 
  4. Right to control, access and rectify personal data
  5. ‘Cookies’
  6. Final provisions

I. General provisions

  1. The controller of personal data collected via the website www.gpnt.pl is Pomorska Specjalna Strefa Ekonomiczna sp. z o.o. [Pomeranian Special Economic Zone Ltd.], with its registered office in Sopot (81-703) at ul. Władysława IV 9, entered in the register of entrepreneurs kept by the District Court for Gdańsk–Północ in Gdańsk, 8th Commercial Division of the National Court Register under KRS number 0000033744, Taxpayer’s Identification Number [NIP] 5880019192, National Official Business Register No [REGON] 190315182, e-mail address: office@gpnt.pl, hereinafter referred to as the ‘Controller’ or ‘PDC’.
  2. Personal data of the Users are processed in accordance with the Regulation of the European Parliament and of the Council (EU) No 2016/679 of 27 June 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – the GDPR).
  3. The controller takes special care to protect the interests of data subjects, and in particular they ensure that the data collected by them are:
    1. lawfully processed,
    2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes,
    3. substantively correct and adequate to what is necessary in relation to the purposes for which they are processed, and kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  4. You can contact the Data Protection Officer (DPO) at the e-mail address: rodo@strefa.gda.pl or by mail to the address indicated in section 1.

II. Aim and scope of data collecting

  1. Users’ personal data collected by the Controller are used for:
    1. contacting the User (client)
    2. information purposes and other activities relating to the Controller’s activity on the website www.gpnt.pl
    3. implementing agreements and commercial processes
    4. marketing purposes (Newsletter)
  2. The Controller may process the following personal data of  the Users:
    1. First name and surname,
    2. Address,
    3. E-mail address,
    4. Other.
  3. The Controller may process the following data characterising the User’s use of services provided electronically (operational data):
    1. Marks identifying the termination of a telecommunications network or IT system used by the User.
    2. Information on starting, ending and scope of each use of the service provided electronically to the User.
    3. Information on using by the User of services provided electronically.
    4. Providing personal data referred to in section 2 may be necessary for the Controller to carry out the activities carried out at www.gpnt.pl
  4. The Controller may entrust data to:
    • Authorised public authorities,
    • Entities being the Controller’s clients in cases relating to these orders,
    • Entities providing mail,
    • Entities providing consultancy services,
    • Entities providing hosting services,
    • Other entities providing services to the Controller in accordance with section II(1).

III. Basis and period of data processing

  1. Using the functionality of the website, which involves the need to provide personal data, is completely voluntary. The data subject independently decides to use the functionality of the website www.gpnt.pl in accordance with the Rules and Regulations.
  2. In accordance with the Regulation of the European Parliament and of the Council (EU) No 2016/679 of 27 June 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), personal data will be processed on the basis of Article 6(1)(a, b, c, f) of the GDPR, i.e.:
    • the data subject has given consent to data processing,
    • data processing is necessary for the performance of a contract to which the data subject is party to,
    • or it is necessary to take steps at the request of the data subject prior to entering into a contract,
    • and it is necessary for compliance with a legal obligation to which the Controller is subject and for the purposes of the legitimate interests pursued by the Controller.
  3. The processing of personal data by the Controller always takes place within the grounds for the admissibility of their processing listed in section 2.
  4. Personal data will be processed for the period necessary to achieve the purposes of processing. Within the scope of the Agreement performance, for the period until its termination, after that time the data will be processed for the period required by law or for the period necessary to pursue claims. Withing the scope of the implementation of DPO’s legitimate interests, the data will be processed until the objection to the data processing has been positively considered.

IV. Right to control, access and rectify personal data

  1. The User is entitled to access their personal data and correct them.
  2. Each person has the right to control the processing of their data included in the Controller’s data set, in particular the right to request that their personal data be supplemented, updated and rectified, that the processing of the data be temporarily or permanently suspended or that the data be deleted, if they are incomplete, outdated, incorrect or have been collected in violation of the law or are no longer necessary to achieve the purpose for which they were collected.
  3. The rights referred to in sections 1 and 2 may be exercised by sending an appropriate e-mail to the address: 
    rodo@strefa.gda.pl or by mail to the address indicated in section I(1).
  4. The recipient has the right to lodge a complaint to the supervisory authority. In Poland, the relevant authority is the President of the Personal Data Protection Office.

V. Cookies

  1. The Controller’s website uses cookie files. If the User does not change browser settings, it means that they consent to the use of ‘cookies’.
  2. The installation of cookie files is necessary for the functionality of the website. Cookie files contain information necessary for the proper functioning of the website, in particular those requiring authorisation.
  3. Within the website the following types are used:
    • session cookies
    • persistent cookies
    • analytical cookies
  4. Session cookie files are temporary files that are stored on the User’s end device until the User leaves the website.
  5. Persistent cookie files are stored on the User’s end device for the time specified in the parameters of these cookie files or until the User removes them.
  6. Analytical cookie files enable better understanding of the User’s interaction in the scope of the content of the website, and better organise its layout. Analytical cookie files collect information on how the website is used by Users, type of the website from which the User was redirected, and the number of visits and the time of the User’s visit to the website. This information does not record specific User’s personal data, but is used to compile statistics on the use of the website.
  7. The User is entitled to decide on the access of cookie files to their computer by selecting them in their browser first. Detailed information on the possibilities and ways of handling cookie files is available in the software settings (web browser).

VI.Final provisions

  1. The Controller uses technical and organisational measures to ensure the protection of the processed personal data, appropriate to the threats and categories of the data protected, and in particular they protect the data against disclosure to unauthorised persons, removal by an unauthorised person, processing in violation of applicable laws, and alteration, loss, damage or destruction.
  2. The Controller provides appropriate technical measures to prevent the acquisition and modification by unauthorised persons of personal data sent electronically.