1. General provisions
- The controller of personal data collected via the website www.gpnt.pl is Pomorska Specjalna Strefa Ekonomiczna sp. z o.o. [Pomeranian Special Economic Zone Ltd.], with its registered office in Gdańsk (80-172) at ul. Trzy Lipy 3, entered in the register of entrepreneurs kept by the District Court for Gdańsk–Północ in Gdańsk, 7th Commercial Division of the National Court Register under KRS number 0000033744, Taxpayer’s Identification Number [NIP] 5880019192, National Official Business Register No [REGON] 190315182, e-mail address: firstname.lastname@example.org, hereinafter referred to as the ‘Controller’ or ‘PDC’.
- Personal data of the Users are processed in accordance with the Regulation of the European Parliament and of the Council (EU) No 2016/679 of 27 June 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – the GDPR).
- The controller takes special care to protect the interests of data subjects, and in particular they ensure that the data collected by them are:
- lawfully processed,
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes,
- substantively correct and adequate to what is necessary in relation to the purposes for which they are processed, and kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- You can contact the Data Protection Officer (DPO) at the e-mail address: email@example.com or by mail to the address indicated in section 1.
2. Aim and scope of data collecting
- Users’ personal data collected by the Controller are used for:
- contacting the User (client)
- information purposes and other activities relating to the Controller’s activity on the website www.gpnt.pl
- implementing agreements and commercial processes
- marketing purposes (Newsletter)
- The Controller may process the following personal data of the Users:
- First name and surname,
- E-mail address,
- The Controller may process the following data characterising the User’s use of services provided electronically (operational data):
- Marks identifying the termination of a telecommunications network or IT system used by the User.
- Information on starting, ending and scope of each use of the service provided electronically to the User.
- Information on using by the User of services provided electronically.
- Providing personal data referred to in section 2 may be necessary for the Controller to carry out the activities carried out at www.gpnt.pl
- The Controller may entrust data to:
- Authorised public authorities,
- Entities being the Controller’s clients in cases relating to these orders,
- Entities providing mail,
- Entities providing consultancy services,
- Entities providing hosting services,
- Other entities providing services to the Controller in accordance with section II(1).
3. Basis and period of data processing
- Using the functionality of the website, which involves the need to provide personal data, is completely voluntary. The data subject independently decides to use the functionality of the website www.gpnt.pl in accordance with the Rules and Regulations.
- In accordance with the Regulation of the European Parliament and of the Council (EU) No 2016/679 of 27 June 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), personal data will be processed on the basis of Article 6(1)(a, b, c, f) of the GDPR, i.e.:
- the data subject has given consent to data processing,
- data processing is necessary for the performance of a contract to which the data subject is party to,
- or it is necessary to take steps at the request of the data subject prior to entering into a contract,
- and it is necessary for compliance with a legal obligation to which the Controller is subject and for the purposes of the legitimate interests pursued by the Controller.
- The processing of personal data by the Controller always takes place within the grounds for the admissibility of their processing listed in section 2.
- Personal data will be processed for the period necessary to achieve the purposes of processing. Within the scope of the Agreement performance, for the period until its termination, after that time the data will be processed for the period required by law or for the period necessary to pursue claims. Withing the scope of the implementation of DPO’s legitimate interests, the data will be processed until the objection to the data processing has been positively considered.
4. Right to control, access and rectify personal data
- The User is entitled to access their personal data and correct them.
- Each person has the right to control the processing of their data included in the Controller’s data set, in particular the right to request that their personal data be supplemented, updated and rectified, that the processing of the data be temporarily or permanently suspended or that the data be deleted, if they are incomplete, outdated, incorrect or have been collected in violation of the law or are no longer necessary to achieve the purpose for which they were collected.
- The rights referred to in sections 1 and 2 may be exercised by sending an appropriate e-mail to the address:
firstname.lastname@example.org or by mail to the address indicated in section I(1).
- The recipient has the right to lodge a complaint to the supervisory authority. In Poland, the relevant authority is the President of the Personal Data Protection Office.
- The Controller uses technical and organisational measures to ensure the protection of the processed personal data, appropriate to the threats and categories of the data protected, and in particular they protect the data against disclosure to unauthorised persons, removal by an unauthorised person, processing in violation of applicable laws, and alteration, loss, damage or destruction.
- The Controller provides appropriate technical measures to prevent the acquisition and modification by unauthorised persons of personal data sent electronically.