The administrator of personal data collected through the website www.qualityark.pl is Krzysztof Adynowski conducting business activity under the name QUALITYARK SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ registered in the Central Register and Information on Economic Activity by the minister responsible for the economy, with its registered office and delivery address at Kpt. Pilota Żwirki 6, 90-450 Łódź, Poland, NIP: 7252332254, REGON: 525530993, email address: firstname.lastname@example.org, phone number: +48 797 460 658, hereinafter referred to as the „Administrator” and also the „Service Provider.”
Personal data collected by the Administrator through the website are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR.
TYPES OF PERSONAL DATA PROCESSED, PURPOSE, AND SCOPE OF DATA COLLECTION
DATA PROCESSING PURPOSE AND LEGAL BASIS. The Administrator processes personal data of Service Users of www.qualityark.pl in the following cases:
Subscribing to the Newsletter for sending commercial information electronically. Personal data are processed with the express consent of the user, based on Article 6(1)(a) of the GDPR.
Using the Application Form to submit a CV to the Administrator, based on Article 6(1)(f) of the GDPR (the legitimate interest of the entrepreneur).
Using the Contact Form to send a message to the Administrator, based on Article 6(1)(f) of the GDPR (the legitimate interest of the entrepreneur).
TYPES OF PERSONAL DATA PROCESSED. The Service User provides, in the case of:
Newsletter: email address.
Application Form: first name and last name, email address, phone number, CV attachment containing data such as PESEL number, address, education.
Contact Form: first name, company, email address.
RETENTION PERIOD OF PERSONAL DATA. The personal data of Service Users are stored by the Administrator:
In cases where the basis for data processing is the performance of a contract, for as long as necessary to perform the contract, and afterward for a period corresponding to the statute of limitations. Unless a specific provision states otherwise, the limitation period is six years, and for claims related to periodic services and claims related to business activities, it is three years.
In cases where the basis for data processing is consent, until consent is withdrawn, and after withdrawal, for a period corresponding to the statute of limitations of claims that the Administrator can raise or that can be raised against the Administrator. Unless a specific provision states otherwise, the limitation period is six years, and for claims related to periodic services and claims related to business activities, it is three years.
Additional information may be collected when using the Service, including IP address assigned to the user’s computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.
With the user’s separate consent, based on Article 6(1)(a) of the GDPR, data may also be processed for sending commercial information electronically or making telephone calls for direct marketing, including profiling, if the user has given the appropriate consent.
Navigation data, including information about links and references the user decides to click on or other actions taken within the Service, may also be collected. The legal basis for such activities is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) to facilitate the use of electronically provided services and improve their functionality.
Providing personal data by the Service User is voluntary.
The Administrator takes special care to protect the interests of the data subjects, ensuring that the data collected are:
Collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes.
Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed and stored in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the data are processed.
DISCLOSURE OF PERSONAL DATA
The personal data of Service Users are disclosed to service providers used by the Administrator in the operation of the Service, especially to:
Software providers for business operations.
Entities providing email systems.
Software providers needed for the operation of the website.
Service providers mentioned in point 1 of this paragraph, to whom personal data are disclosed, depending on contractual arrangements and circumstances, either follow the Administrator’s instructions regarding the purposes and methods of processing this data (data processors) or independently determine the purposes and methods of their processing (controllers).
RIGHT TO CONTROL, ACCESS TO OWN DATA CONTENT, AND CORRECTION
The data subject has the right to access their personal data and the right to rectify, erase, restrict processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Legal bases for the Service User’s requests:
Access to data – Article 15 of the GDPR.
Rectification of data – Article 16 of the GDPR.
Erasure of data (right to be forgotten) – Article 17 of the GDPR.
Restriction of processing – Article 18 of the GDPR.
Data portability – Article 20 of the GDPR.
Objection – Article 21 of the GDPR.
Withdrawal of consent – Article 7(3) of the GDPR.
To exercise these rights, the Service User can send a relevant email to: email@example.com.
In case of a request from the Service User based on the above rights, the Administrator will fulfill the request or refuse to fulfill it immediately, but no later than within one month from its receipt. However, due to the complex nature of the request or the number of requests, the Administrator may extend the period for two more months after informing the Service User within one month from receiving the request about the intended extension and the reasons for it.
If the data subject finds that the processing of personal data violates the provisions of the GDPR, they have the right to lodge a complaint with the President of the Office for Personal Data Protection.
The Administrator’s website uses „cookies.”
The installation of „cookies” is necessary for the proper provision of services on the website. „Cookies” contain information necessary for the proper functioning of the site and provide the possibility to compile general statistics of website visits.
Two types of „cookies” are used within the site: „session” and „persistent.”
„Session cookies” are temporary files that are stored on the Service User’s device until they
log out (leave the site).
„Persistent cookies” are stored on the Service User’s device for a specified period as defined in the „cookies” parameters or until the Service User deletes them.
The Administrator uses their own cookies to better understand the interactions of Service Users regarding the site’s content. These cookies collect information about the Service User’s use of the website, the type of site from which the Service User was redirected, the number of visits, and the time of the Service User’s visit to the website. This information does not register specific personal data of the Service User but serves to compile statistics on website usage.
The Administrator uses external cookies to collect general and anonymous statistical data through Google Analytics (external cookie administrator: Google LLC, based in the USA).
Cookies may also be used by advertising networks, in particular the Google network, to display ads tailored to the way the Service User uses the Service. For this purpose, they may retain information about the Service User’s browsing path or the time spent on a given page.
The Service User has the right to decide on the extent of access to „cookies” on their computer by selecting them in the settings of their web browser.
Detailed information about the possibilities and methods of handling „cookies” is available in the software settings (web browser).
ADDITIONAL SERVICES RELATED TO USER ACTIVITY ON THE SITE
The website uses social plugins (‘plugins’) of social networks. By displaying the www.jkmglobal.pl website containing such a plugin, the Service User’s browser establishes a direct connection with Facebook and Google servers.
The content of the plugin is transferred directly from the respective provider to the Service User’s browser and integrated into the website. Through this integration, the providers receive information that the Service User’s browser has displayed the www.jkmglobal.pl website, even if the Service User does not have a profile with a given provider or is not currently logged in. This information (along with the Service User’s IP address) is sent by the browser directly to the provider’s server (some servers are located in the USA) and stored there.
If the Service User logs into one of the above social networks, this provider can directly assign a visit to the www.jkmglobal.pl website to the Service User’s profile on that social network.
If the Service User uses a particular plugin, e.g., by clicking the „Like” button or the „Share” button, the corresponding information is also sent directly to the provider’s server and stored there.
The purpose and scope of data collection and further processing and use of data by providers, as well as the Service User’s rights in this regard and the possibility of setting up to protect the privacy of Service Users, are described in the privacy policies of the providers:
If the Service User does not want social networks to assign data collected during visits to the www.jkmglobal.pl website directly to their profile on that network, they must log out of the network before visiting the website www.jkmglobal.pl. The Service User can also completely prevent the loading of plugins on the website by using the appropriate extensions for the browser, such as blocking scripts using „NoScript.”
The Administrator employs technical and organizational measures to protect the processed personal data that are appropriate to the threats and categories of data subject to protection, in particular, ensuring that the data is not made available to unauthorized persons, taken by unauthorized persons, processed in violation of the applicable law, and changed, lost, damaged, or destroyed.
The Administrator provides appropriate technical measures to prevent unauthorized access and modification of personal data transmitted electronically.