1. The Administrator of Personal Data on the website at: www.automationtrader.com, hereinafter referred to as the Website, is Maciej Szczotka, conducting business under the name Automation Trader Maciej Szczotka with the main plant at: ul. Browarowa 21, 43-100 Tychy, entered into the Central Register and Information on Economic Activity, NIP: 6462558521, REGON: 243655030.
2. Respecting your rights as subjects of personal data (data subjects) and respecting applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in in connection with the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), hereinafter referred to as the GDPR, the Act of 10 May 2018 on the protection of personal data (hereinafter referred to as the Act) and other appropriate provisions on the protection of personal data, we are committed to maintaining the security and confidentiality of personal data obtained from you. All employees have been properly trained in the processing of personal data, and our company as the Personal Data Administrator has implemented appropriate security and technical and organizational measures to ensure the highest level of protection of personal data. We have implemented procedures and policies for the protection of personal data in accordance with the GDPR, thanks to which we ensure compliance with the law and reliability of data processing processes, as well as the enforceability of all rights that you have as data subjects. In addition, if necessary, we cooperate with the supervisory authority in the Republic of Poland, i.e. with the President of the Office for Personal Data Protection (hereinafter referred to as PUODO).
3. All queries, applications and complaints regarding the processing of personal data by our company (Personal Data Administrator), hereinafter referred to as Submissions, should be directed to the following e-mail address: firstname.lastname@example.org or in writing to the address of the Personal Data Administrator, i.e. street Browarowa 21, 43-100 Tychy.
4. The content of the Application should clearly indicate:
a) details of the person or persons concerned by the Application,
b) the event which is the reason for the Report,
c) present their requests and the legal basis for those requests,
d) indicate the expected way of settling the matter.
5. On our Website, we collect the following personal data:
a) name and surname - in order to use the services of our Website, you will be asked to provide your name and surname, so that we can provide the services and have the opportunity to contact you,
b) phone number - it happens that we call you in the event of unexpected events while proposing the most favorable solution,
c) e-mail address - via e-mail we send you confirmation of the services you will use as part of the Website, and we will contact you in the event of such a need related to the services provided,
d) NIP - We collect the Tax Identification Number from entrepreneurs and people who request an invoice and have a NIP number,
e) device IP address - information resulting from the general rules of connections implemented on the Internet, such as the IP address (and other information contained in system logs) are used by the administrator of the Website for technical purposes. IP addresses can also be used for statistical purposes, including in particular to collect general demographic information (e.g. about the region from which the connection takes place).
6. Providing the data indicated in the previous point is necessary in the following cases:
a) to contact us using the online contact form provided on the Website,
b) to place an order or request a price.
9. Your personal data is processed by our company as a Personal Data Administrator in order to provide services provided to you (i.e. data subjects) offered as part of the Website. In accordance with the principle of minimization, we process only those categories of personal data that are necessary to achieve the purposes referred to in the previous sentence.
10. We process personal data for the time necessary to achieve the purposes listed in the previous point. Personal data may be processed for a longer period than indicated in the previous sentence, if such permission or obligation imposed on the Personal Data Administrator results from specific legal provisions or if the service we provide is continuous.
11. The source of Personal Data processed by the Administrator are data subjects.
12. Your personal data is not transferred to a third country within the meaning of the provisions of the GDPR.
13. We do not disclose any personal data to third parties without the express consent of the data subject. Personal data without the consent of the data subject may be made available only to public law entities, i.e. authorities and administration (e.g. tax authorities, law enforcement authorities and other entities authorized by generally applicable law).
14. Personal data may be entrusted for processing to entities processing such data for the benefit of our company as a Personal Data Administrator. In this situation, as the Personal Data Administrator, we conclude with the entity processing the contract entrusting the processing of personal data. The processing entity processes the entrusted personal data, but only for the purposes to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to operate as part of the Website. As a Personal Data Administrator, we entrust personal data for processing to entities:
a) providing hosting services for the website on which our Website operates,
b) providing other services to us as the Administrator of personal data that are necessary for the current operation of the Website.
15. Personal data are not subject to profiling by the Personal Data Administrator.
16. Pursuant to the provisions of the GDPR, any person whose personal data we process as the Personal Data Administrator has the right to:
a) being informed about the processing of personal data referred to in art. 12 GDPR - the Administrator is obliged to provide you, as persons whose data will be processed, with information specified in the GDPR (e.g. about their data, IOD contact details, purposes and legal grounds for the processing of personal data, recipients or categories of recipients of personal data, provided that exist whether the period for which the data will be processed or the criteria for determining this period); this obligation should be fulfilled already at the time of obtaining the data (i.e. e.g. when the customer places an order in the online store), and if the data is not obtained from the data subject, but from another source - within a reasonable period, depending on the circumstances; The administrator may refrain from providing this information if the data subject already has it,
b) access to your personal data referred to in art. 15 GDPR - by providing us with personal data, you have the right to access and access them; however, this does not mean that you have the right to access all documents on which your data appears, as they may contain confidential information; However, you have the right to information about your data and for what purpose we process and the right to obtain a copy of your personal data, the first copy is issued free of charge, and for each subsequent one we charge the appropriate administrative fee corresponding to the costs of making a copy,
c) correcting, supplementing, updating, rectifying personal data referred to in art. 16 GDPR - if your personal data have changed, please inform us as a Personal Data Administrator about this fact, so that the data we possess are accurate and current; also in a situation where there has been no change in personal data, but for any reason these data are incorrect or were incorrectly recorded (e.g. due to a typing error), please inform us to correct or correct such data,
d) deletion of data (the right to be forgotten) referred to in art. 17 GDPR - in other words, you have the right to request "erase" the data we have as the Personal Data Administrator and the right to request us as the Personal Data Administrator to inform other administrators to whom we have passed your data about the need to delete them. You can request the deletion of your personal data primarily if:
* the purposes for which personal data have been collected have been achieved, e.g. we have completed the sales contract concluded with you in full,
* the basis for the processing of your personal data was only consent, which was subsequently withdrawn and there are no other legal grounds for further processing of your personal data,
* you raised an objection based on art. 21 GDPR and you believe that we do not have any overarching legal grounds for further processing of your personal data,
* Your personal data has been processed unlawfully, i.e. for unlawful purposes or without any basis for the processing of personal data - please remember that in this case you must have a basis for your request,
* the need to delete your personal data results from legal provisions,
* personal data relates to a minor and has been collected in connection with the provision of information society services,
e) processing restrictions referred to in art. 18 GDPR - you can report to our company with a request to limit the processing of your personal data (which would mean that until the clarification of the weld, our company would primarily only store) if:
* you question the accuracy of your personal data, or
* you believe that we process your data without a legal basis, but at the same time you do not want us to delete this personal data (i.e. you do not use the right referred to in the preceding letter), or
* you have filed the objection referred to in point f of this point, or
* Your personal data is needed to determine, pursue or defend claims e.g. in court,
f) data transfer referred to in art. 20 GDPR - you have the right to obtain your data in a format that allows you to read this data on your computer and the right to send this data in this format to another administrator; you only have this right if the basis for the processing of your data was consent or the data was processed automatically,
g) object to the processing of personal data, as referred to in art. 21 GDPR - you have the right to object if you do not agree to the processing of personal data by us which we have previously processed for legitimate purposes consistent with legal provisions; in particular, you have the right to object to the processing of your personal data for the purposes of direct marketing (e.g. newsletter subscription),
h) not being subject to profiling, referred to in art. 22 in connection from art. 4 point 4 GDPR - on our Website you will not be subject to automated decision making or profiling within the meaning of the GDPR, unless you agree to it; in addition, we will always inform you about profiling if it were to take place,
i) lodging a complaint to the supervisory body (i.e. to the President of the Office for Personal Data Protection) referred to in art. 77 GDPR - if you believe that we process your personal data unlawfully or in any way violate the rights arising from the generally applicable provisions of law on the protection of personal data.
17. With regard to the right to delete data (the right to be forgotten), we point out that, in accordance with the provisions of the GDPR, you do not have the right to exercise this right if:
a) the processing of your personal data is necessary to exercise the right to freedom of expression and information, e.g. if you have posted your data on a blog, in comments, etc.,
b) the processing of personal data is necessary for our company to comply with legal obligations arising from regulations - we cannot delete your data for the period necessary to comply with the obligations (e.g. tax) that impose legal provisions on us,
c) the processing of your data is carried out for the purposes of the investigation, determination or defense of claims.
18. If you want to exercise your rights referred to in the previous point, please use the appropriate tabs on the Website that allow you to delete your account and data collected on our Website or send an email to the following e-mail address: email@example.com.
19. Every identified breach of security is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, such breach of the provisions on the protection of personal data is notified to data subjects and, if applicable, to PUODO.