Controller – Trugot, ul. Krótka 6, 83-112, Rokitki, Poland
Personal Data – any information relating to a natural person identified or identifiable by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including an IP of a device, location data, an online ID and information collected through cookies or any other similar technology
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
Website – the website run by the Controller under the address: trugot.pl
User – any natural person who visits the Website
In connection with the use of the Website by the Users, the Controller shall collect data to the extent necessary for the Website’s operation; further, it shall collect information on the Users’ activity on the Website.
Data Processing Purposes
The Controller shall process the Personal Data of all the persons who use the Website (including an IP address or other identifiers and information collected through the cookies or any other similar technology).
The data shall be processed in order to electronically provide services consisting in sharing the Website’s content with the Users and providing contact forms (a legal basis for the processing shall involve the necessity of the processing for the performance of a contract – Art. 6.1.b of the GDPR).
The data shall be processed for analytical and statistical purposes (a legal basis for the processing shall involve the legitimate interest pursued by the Controller that consists in analysing the Users’ activities and preferences in order to enhance functionalities and services rendered – Art. 6.1.f of the GDPR).
The data shall be processed in order to potentially determine and pursue claims or defend against claims (a legal basis for the processing shall involve the legitimate interest pursued by the Controller that consists in the defence of the Controller’s rights – Art. 6.1.f of the GDPR).
The data shall be processed in order to send correspondence, either by e-mail or by standard post, to the Controller, unrelated to any services provided for a sender or any other contract entered into with the sender (a legal basis for the processing shall involve the legitimate interest pursued by the Controller, pursuant to Art. 6.1.f of the GDPR, that consists in exchanging correspondence addressed to the Controller in connection with its business activity).
The data shall be processed for the Controller’s marketing purposes. The Controller shall process the Users’ Personal Data in order to carry out marketing activities that might consist in:
displaying not customised marketing content to the User.
The Controller shall process the Users’ Personal Data for marketing purposes in connection with targeting the Users with contextual advertising (i.e. not customised one) – in such a case, the Personal Data are processed due to the pursuit of the Controller’s legitimate interest (Art. 6.1.f of the GDPR);
displaying to the User marketing content corresponding to the User’s interests. The Controller shall process the Users’ Personal Data, including the Personal Data collected through the cookies or any other similar technology, for marketing purposes in connection with targeting the Users with behavioural advertising (i.e. customised one). In such a case, the Personal Data processing shall also include profiling of the Users. The Personal Data collected with the above technology shall be used for marketing purposes based on the Controller’s legitimate interest and only provided that the User has given consent to the use of the cookies. The consent to the use of the cookies may be expressed through the appropriate configuration of a browser; further, it may be withdrawn at any time, in particular by deleting the cookies’ history and turning off the support of the cookies in the browser’s settings. The consent may be withdrawn at any time. More information is available under the address: polityce cookies;
sending e-mail notifications about interesting offers and content in some cases including commercial information, or carrying out other types of activities related to direct marketing of goods and services (sending commercial information by electronic means, and telemarketing activities).
The Controller can be contacted through electronic contact forms. In order to use the form, it is necessary to provide the Personal Data required to contact the User and to reply to an inquiry. The User may also provide other data in order to facilitate contact or the reply to the inquiry. The provision of the data marked as obligatory is required to accept and handle the inquiry, and failure to provide them shall result in the inability to handle the inquiry. The provision of the other data shall be voluntary.
The Personal Data shall be processed:
in order to identify a sender and handle their inquiry sent via the form (a legal basis for the processing shall involve the necessity of the processing for the performance of a service contract – Art. 6.1.b of the GDPR);
for analytical and statistical purposes (a legal basis for the processing shall involve the legitimate interest pursued by the Controller that consists in keeping statistics of the inquiries made by the Users via the Website in order to enhance its functionality – Art. 6.1.f of the GDPR).
Social Networking Platforms
The Controller shall process the Personal Data of the Users visiting the Controller’s profiles in social media (Facebook, YouTube, Instagram, LinkedIn, Twitter, Google +, Pinterest). The data shall be processed exclusively in connection with keeping such profiles, including in order to inform the Users about the Controller’s activities and to promote various events, services and products, and also in order to communicate with the Users via functionalities available in social media (a legal basis for the processing shall involve the legitimate interest pursued by the Controller, pursuant to Art. 6.1.f of the GDPR, that consists in promoting its brand, and building and maintaining a community centred around the brand).
The Users’ Rights
Data subjects shall have the following rights:
the right to information on the processing of the Personal Data – on this basis, the Controller shall provide a person making the request with information on the processing of the Personal Data, including predominantly the purposes and legal basis for the processing, the scope of the data held, entities with which the Personal Data are shared, and the planned date of the erasure of the Personal Data;
the right to obtain a copy of the data – on this basis, the Controller shall provide a copy of the Personal Data undergoing processing to a person making the request;
the right to rectification – on this basis, the Controller shall rectify any potential inaccuracies or errors concerning the Personal Data undergoing processing, and complete or update the data if they are incomplete or have changed;
the right to erasure – on this basis, the User may request to have the data erased when the processing thereof is no longer necessary to pursue any of the purposes for which they have been collected;
the right to restriction of processing – on this basis, the Controller shall discontinue any operations on the Personal Data, except for the operations to which the data subject has given consent, including storing thereof, according to adopted retention rules or until reasons for the restriction of the data processing cease (e.g. a decision of a supervisory body allowing for the further processing of the data is issued);
the right to data portability – on this basis, to the extent in which the data are processed in connection with a contract entered into or consent provided, the Controller shall release the data provided by the data subject in a machine-readable format. The User may also request to have the data transmitted to another entity, provided that both the Controller and such an entity have technical capacities in this regard;
the right to object to the data processing for marketing purposes – the data subject may at any time object to the processing of the Personal Data for marketing purposes, without necessity to justify such objection;
the right to object to other purposes of the data processing – the data subject may at any time object to the processing of the Personal Data based on the Controller’s legitimate interest (e.g. for analytical or statistical purposes or due to reasons related to property protection). The objection in this regard should be justified and shall be subject to the Controller’s evaluation;
the right to withdraw consent – if the data are processed based on consent, the data subject may withdraw it at any time; however, this does not affect the compliance with law of the processing prior to the withdrawal of the consent;
the right to complaint – if the Personal Data are deemed to be processed in breach of the GDPR or any other personal data protection related provisions, the data subject may file a complaint with the President of the Personal Data Protection Office.
A request for the exercise of the data subjects’ rights may be filed:
in writing, to the address: Trugot, ul. Krótka 6, 83-112, Rokitki, Poland
by e-mail to the address: email@example.com.
Where possible, the request should specify the subject matter that the request pertains to, i.e. in particular:
the right the applicant wants to exercise (e.g. the right to receive a copy of the data, the right to erasure, etc.);
the processing practice the request pertains to (e.g. the use of a specific service, an activity on a specific website, the receipt of a newsletter with commercial information at a specific e-mail address, etc.);
If the Controller is unable to determine the content of the request or to identify the applicant based on the notification received, it shall contact the applicant with a request for additional information.
A reply to the request shall be provided within a month as of its receipt. If the time limit needs to be prolonged, the Controller shall inform the applicant about reasons for such extension.
The reply shall be provided to the e-mail address from which the request has been sent and in case of the requests sent by post – via a standard letter to the address specified by the applicant, unless the request stipulates that the reply be sent to an e-mail address (in such a case, the e-mail address should be specified).
Personal Data Recipients
The Controller only
Personal Data Security
The Controller shall analyse a risk on an ongoing basis in order to ensure that it processes the Personal Data in a secure manner that above all guarantees that the data may be accessed by authorised persons only and only to the extent in which this is necessary due to the performance of their assignments. The Controller shall take proper care that all the Personal Data operations be registered and carried out only by authorised employees and associates.
The Controller shall undertake any required activities so as to ensure that also its subcontractors and other cooperating entities guarantee to apply appropriate security measures whenever they process the Personal Data at the Controller’s request.
The Controller can be contacted at the e-mail address: firstname.lastname@example.org or at the correspondence address: Trugot, ul. Krótka 6, 83-112, Rokitki, Poland.
The Policy shall be reviewed on an ongoing basis and updated, if needed.