as of 26rd September 2018
§2. Purpose of data processing by the Controller
- Within the meaning of regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC („GDPR”) L 119/40 PL Official Journal of the European Union 4.5.2016., Personal Data Controller is Sunrise System sp. z o.o. sp. k., NIP: 7831707183, REGON: 302598908, KRS 0000489705, with headquarters in 61-894 Poznań, Plac Andersa 3, tel: 61 655 95 55, e-mail: email@example.com
- Controller designates Data Protection Officer who can be contacted:
- by email: firstname.lastname@example.org
- by post: Plac Andersa 3, 61-894 Poznań
§3. Scope of data processing by the Controller
- User entrusts the Controller with processing of personal data in order to complete the inquiry and / or order made via contact form, including sending to the User a personalized commercial message ordered by the User.
- Submitting by the User a phone number constitutes a consent for contact by phone for purposes defined in point 1 above.
- Submitting by the User an email address constitutes a consent for contact by email for purposes defined in point 1 above.
- Giving consent by submitting contact data is voluntary, although in some cases might make the processing of inquiry / order, submitted via contact form, impossible.
- User's personal data might be shared with the following recipients: processor from within the Controller's capital group and Controller's partners, with whom the Controller cooperates, combining products or services. In a situation when the cooperation is established, the data might also be available to subcontractors (processors), such as: bookkeeping companies.
- Controller reserves the right to submit an inquiry to the User – during processing of inquiry / order – via phone and / or email concerning further consent for processing of personal data with the purpose of direct marketing and use of telecommunications devices. Without User’s consent the data will not be processed for this purpose.
§4. Rights of the User, whose data are processed
- User's data:
- name and surname,
- contact phone number,
- contact email address,
- IP addresses,
- www address of the domain, which the User wants to promote via the Controller's services.
- Scope of processing of data described above also includes making backup copies.
- An automated system, which allows to monitor user’s behavior and adjusting content to user's preferences, works on the website. This system is integrated with our website and every user might object to it at any time.
- Controller uses cookie files in order to ensure correct operation of the website, especially to adjust the content of pages to user preferences and to optimize the use of pages. These files especially allow to recognize basic parameters of user's device (such as: device type, resolution, country of visit) and, as a result, appropriately display the website adjusted to user's needs.
Data about users and events on our website are stored on Google Analytics servers for 50 months.
- User can independently and at any time change cookie files’ settings, defining conditions of their storage and conditions of gaining access by cookie files to user's device. User can change these settings in web browser settings. These settings can be changed especially to block automatic cookie files support in web browser's settings or inform each time cookies are put on user's device. Detailed information on possibilities and methods of cookie files support are available in software’s (web browser’s) settings.
- User can remove cookie files by using functions available within the web browser used.
- Limiting cookie files support might influence some of the functions available on the website.
In order to display to the users personalized ads the Controller uses:
- In all of the above ad systems we also adjust ads on the basis of demographic and location criteria.
§5. Period of personal data processing by the Controller
- User has right to:
- access personal data,
- correct personal data,
- remove personal data,
- limit processing of personal data,
- transfer personal data,
- object to processing of personal data.
- To exercise these rights, the User should send an email to: email@example.com
- Controller processes User's request immediately, with the reservation that removal, limitation, transfer or objection to data processing might influence the possibility or scope of correct processing of the inquiry / order placed, including sending personalized marketing message.
Controller stores Users’ personal data for a period no longer than it is necessary to process inquiry / order placed, including preparation of personalized commercial offer and allowing the Controller to fulfill their obligations. After this time the data are stored only for the purpose of securing legal claims. Please remember, that Users can request to remove data at any time.
§6. Controller's obligations
Personal Data Controller undertakes measures to secure processing of personal data with regard to the Regulation, especially to:
- protect data from being shared with unauthorized persons, from being appropriated by an unauthorized person, changed, damaged or destroyed,
- allow to process personal data only by persons with authorization submitted by the Controller,
- ensure control over correct personal data processing,
- maintain a record of persons authorized to process personal data, take special care that persons authorized to process personal data keep it secret, also after processing by the Controller ended, including but not limited to informing them about legal consequences of breaching data confidentiality and collecting statements on the obligation of keeping this data confidential,
- ensure that devices and IT and telecommunications systems used to process personal data comply with the requirements of the Regulation of 29 April 2004 by the Minister of Internal Affairs and Administration as regards personal data processing documentation and technical and organizational conditions which should be fulfilled by devices and computer systems used for the personal data processing.