• Home /
  • Privacy policy

Privacy policy

1. GENERAL PROVISIONS

1.1.This Service Website's privacy policy is informational, which means that it is not a source of the Website User's obligations. The privacy policy mainly sets forth the rules for the processing of personal data by the Website Controller, including the bases, purposes and scope of such data processing, as well as data subjects' rights and information on the use of cookies and analytical tools on the Website.

1.2.The Controller of personal data collected via the Website www.autodna.com is ASDIRECT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (LLC) in Lodz (address of registered office and for service: 13C Karolewska St., Suite 31, 90-560 Lodz), entered in the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court for Lodz-Śródmieście in Lodz, 20th National Court Registry Commercial Division, at KRS number 0000349742, seed capital: PLN 12,900, NIP (Taxpayer Identification Number): 5492391545, REGON (National Business Registry Number): 121164104, email address: kontakt@autodna.pl contact telephone number: 48223500128 – hereinafter referred to as “the Controller”.

1.3.Personal data on the Website are processed by the Controller in accordance with the applicable regulations of law, specifically Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDP Regulation”. Official text of GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.4.Making use of the Website, including entering into contracts, is voluntary. Likewise, the provision of personal data by the Website User or Customer, with regard to the use of the Website, is voluntary, subject to two exceptions: (1) entering into contracts with the Controller – failure to provide personal data required for an entry into and performance of an online service contract with and by the Controller, in the cases and the scope set forth on the Website as well as in the Website Rules and the privacy policy herein, shall render the aforesaid entry impossible; in the foregoing event, the provision of personal data is a contractual requirement which any data subject who wishes to enter into a contract with the Controller must meet by providing such data as required; every single time, the scope of data required for the entry thereinto is predetermined on the Service Website and in the Service Website Rules; (2) the Controller's statutory obligations – the provision of personal data is a statutory requirement under the generally applicable regulations of law, placing the Controller under obligation to process personal data (e.g. for fiscal or account bookkeeping purposes), with a failure to provide the same rendering the Controller's fulfillment of the aforesaid obligation impossible.

1.5.The Controller exercises due diligence in protecting the interests of data subjects whose personal data are processed thereby, being specifically responsible for assuring that data collected thereby are: (1) processed in accordance with law; (2) collected for specific legitimate purposes, without being further processed contrary thereto; (3) substantially accurate and appropriate to the purposes of the processing thereof; (4) stored in a form making it possible to identify their respective subject, however not longer than necessary for the purpose of processing; (5) processed in a manner which guarantees their adequate security, including protection from prohibited or unlawful processing, or incidental loss, damage or destruction, by adequate technical or organizational means.

1.6.Given the nature, scope, context and purposes of data processing, as well as the risk of an infringement on natural persons' rights or freedoms, with a various degree of probability and hazard gravity, the Controller establishes appropriate technical and organizational measures for processing to comply with this Regulation and be provable thereby. If need be, the referenced measures are reviewed and updated. The Controller takes the technical measures preventing unauthorized persons from obtaining or modifying personal data sent electronically.

1.7.Any words, expressions and acronyms contained in the privacy policy herein, beginning with a capital letter (e.g. Service Provider, Service Website, Online Service), should be construed as defined by the Online Service Rules available on the Online Service Website pages.

2. LAWFULNESS OF DATA PROCESSING

2.1.The Controller is authorized to process personal data when – and to an extent – minimum one of the undermentioned conditions is met: (1) the data subject has consented to the processing of his/her personal data for one or more specific purposes: (2) processing is necessary for the performance of a contract the data subject is a party to, or for action to be taken as requested by the data subject prior to entry thereinto; (3) processing is necessary for the Controller's fulfillment of the legal obligation binding thereon; or (4), processing is necessary for the purposes resulting from the legitimate interests pursued by the Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2.2.Every single time, the processing of personal data by the Controller requires minimum one of the bases mentioned in pt. 2.1 hereinabove. The specific bases for the processing of personal data of the Online Service Website Users and Customers by the Controller are referenced in the subsequent point of the privacy policy – with reference to each specific purpose of the processing of such data by the Controller.

3. WEBSITE DATA PROCESSING PURPOSE, BASIS, TERM AND SCOPE

3.1.Every single time, the purpose, basis, term, scope and recipients of personal data processed by the Controller result from actions taken by a given Service Website User or Customer.

3.2.The Controller may process personal data on the Service Website for the following purposes, on the following bases, during the following terms, and within the following scope.

Purpose of data processing
Legal basis for data processing and term of data storage
Scope of data processed
Performance of an online service contract or action taken as requested by the data subject prior to entry into such contracts
GDPR, Art. 6 Sec. 1 L. b (performance of a contract)

Data are stored as long as necessary for the performance, termination or other expiration of a contract.
Maximum scope: full name, email address, IP address, contact telephone number, delivery address, principal place of business/registered office (street, street number, suite number, zip code, city, country), legal business name and taxpayer identification number (NIP) of a Service User or Customer.
Direct marketing
GDPR, Art. 6 Sec. 1 L. f (legitimate interest of the controller)

Data are stored for the duration of the legitimate interest pursued by the controller, however not longer than for a period of limitation for claims towards the data subject in relation to the Controller's economic operation. The referenced period of limitation is prescribed by the regulations of law, specifically the Civil Code (the basic period of limitation for claims relating to economic operation being three years).
The Controller may not process data for direct marketing purposes if the data subject has effectively objected thereto.
Full name, telephone number, email address.
Marketing
GDPR, Art. 6 Sec. 1 L. a (consent)

Data are stored until the data subject withdraws his/her consent to the further processing of his/her data for this purpose.
Full name, telephone number, email address.
Account bookkeeping
GDPR, Art. 6 Sec. 1 L. c, in conjunction with Accounting Act of 30 January 2018, Art. 74 Sec. 2 (Journal of Laws 2018, Heading 395)

Data are stored for the statutory period in compliance with the legal obligation to store account books to which the controller is subject (5 years, as of beginning of the year following the fiscal year to which data relate).
Full name, address of residence/principal place of business/registered office, legal business name and taxpayer identification number (NIP) of a Service User or Customer.
Establishing, pursuing or defending claims possibly laid by or against the Controller
GDPR, Art. 6 Sec. 1 L. f

Data are stored for the duration of the legitimate interest pursued by the Controller, however not longer than for a period of limitation for claims towards the data subject in relation to the Controller's economic operation. The referenced period of limitation is prescribed by the regulations of law, specifically the Civil Code (the basic period of limitation for claims relating to economic operation being three years).
Full name, contact telephone number, email address, delivery address (street, street number, suite number, zip code, city, country), address of residence/principal place of business/registered office.

In case of Service Users or Customers that are not consumers, the Controller may additionally process the legal business name and taxpayer identification number (NIP) of a Service User or Customer.

4. WEBSITE DATA RECIPIENTS

4.1.For the sake of the correct operation of the Service Website, including the correct provision of Online Services by the Controller, it is essential that the Controller make use of external contractors' services (such as, for example, a software supplier). The Controller only makes use of services rendered by such processors that give sufficient guarantees of taking adequate technical and organizational measures for processing to meet the requirements under GDPR and protect rights of the data subjects.

4.2.The Controller shall not transfer personal data in all cases or to all recipients or categories of recipients referenced in the privacy policy, transferring the same only when it is necessary for the specific purpose of processing, only to an extent as required therefor.

4.3.The Controller may transfer personal data to a third country, in which case the Controller assures that such a recipient country must ensure that the level of protection of natural persons guaranteed by GDPR should not be undermined and the data subject should be able to obtain a copy of his/her personal data. The Controller shall only transfer personal data collected thereby in case it is necessary for the specific purpose of processing, only to an extent as required therefor, in accordance with the privacy policy herein.

4.4.Personal data of the Service Website Users and Customers may be transferred to the following recipients or categories of recipients:

a.Electronic or card payment operators – in case of a Customer that effects electronic or card payments on the Service Website, the Controller makes his/her personal data collected thereby available to a selected operator handling such payments on the Website, as commissioned by the Controller, to an extent necessary to handle such a Customer's payment(s).

b.Opinion survey questionnaire system provider – in case of a Customer that has consented to give his/her opinion on a sales contract concluded, the Controller makes his/her personal data collected thereby available to a selected opinion survey questionnaire system provider for opinion survey purposes in relation to sales contracts entered into on the Website, as commissioned by the Controller, to an extent necessary for a Customer to give his/her opinion via the opinion survey questionnaire system.

c.Service provider supplying the Controller with technical, IT and organizational solutions, enabling the latter to conduct economic operation, including the Website and online services rendered by means thereof (in particular, a Website software supplier, email and hosting provider, and the Controller's business management and technical support software supplier) - the Controller makes a Customer's personal data collected thereby available to a selected provider/supplier, as commissioned by the Controller, only in case it is necessary for the specific purpose of processing, only to an extent as required therefor, in accordance with the privacy policy herein.

d.Bookkeeping, legal and consulting services provider, offering the Controller bookkeeping, legal and consulting assistance (in particular, an accounting office, law firm or debt collection agency) – the Controller makes a Customer's personal data collected thereby available to a selected service provider, as commissioned by the Controller, only in case it is necessary for the specific purpose of processing, only to an extent as required therefor, in accordance with the privacy policy herein.

e.Cooperating entities and partners, publishing, advertising or making use of the Controller's services on their websites, internet pages, or as part of their services - the Controller makes a Customer's personal data collected thereby available only in order to discharge the obligation under civil law contracts entered into.

f.Entities with capital or personal links to the Controller, for the purposes specified in the privacy policy herein.

g.Other entities, on condition data be anonymized, i.e. such data must not identify any particular service user or customer.

h.Public bodies or entities, with the aim of countering violations of law, frauds and malpractices.

i.In the event of the restructuring or sale of business, in whole or in part, and the transfer of assets, in whole or in part, to a new owner, personal data of Service Users or Customers may be transferred to a Purchaser in order to ensure the continued provision of the Controller's services.

5. WEBSITE PROFILING

5.1.GDPR places the Controller under obligation to notify of automated individual decision-making, including profiling, as referenced in the aforesaid Regulation, Art. 22 Secs. 1 and 4, as well as – at least in such cases – to provide essential information on the principles of such decision-making and the importance and consequences of such processing for the data subject. In view of the foregoing, the Controller hereby informs about possible profiling in this clause of the privacy policy.

5.2.On the Website, the Controller may use profiling for direct marketing purposes, yet decisions it makes on the basis thereof do not apply to an entry into an online service contract or a refusal to enter the same, or the option of making use of online services on the Website. Taking advantage of profiling on the Website may result in, for example, giving a person a discount, sending him/her a discount code, reminding of unfinished shopping, sending a proposal for a product which may be in keeping with a person's interests or preferences, or offering better conditions than those of the Website's standard offer. Notwithstanding profiling, it is a particular person who takes a free decision whether to take advantage of the so given discount or better conditions and make a purchase on the Website.

5.3.Profiling on the Website consists in an automated analysis or forecast of a particular individual's behavior on its pages, e.g. by adding a specific product to the cart, browsing a specific product page, or through an analysis of the preexisting online operations history. Such profiling is conditional upon an individual's personal data in the Controller's possession so that the latter can further send him/her, for instance, a discount code.

5.4.The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

6. RIGHTS OF THE DATA SUBJECT

6.1.Right of access, to rectification, restriction of processing, erasure or portability – the data subject has the right to obtain from the Controller access to his/her personal data, as well as the right to rectification, erasure ('right to be forgotten') or restriction of processing thereof, and the right to object to processing of personal data concerning him or her and to transmit those data. The specific terms of exercising the aforesaid rights are set forth in GDPR, Art. 15-21.

6.2.Right to withdraw consent at any time – the data subject whose data are processed by the Controller based on his/her consent (under GDPR, Art. 6 Sec. 1 L. A, or Art. 9 Sec. 2 L. a) has the right to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

6.3.Right to lodge a complaint with a supervisory authority – the data subject whose data are processed by the Controller has the right to lodge a complaint with a supervisory authority in a mode and form as prescribed in the provisions of GDPR and Polish law, specifically the Act on the Protection of Personal Data. In Poland, the supervisory authority is the Inspector General for the Protection of Personal Data.

6.4.Right to object - the data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6 Sec. 1 L. e (public interest or tasks) or f (legitimate interests of the controller), including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

6.5.Right to object to processing for direct marketing purposes – where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

6.6.In respect of the exercise of the rights referenced in this clause of the privacy policy, those concerned can contact the Controller by sending a relevant message in writing or by email to the Controller's address as first indicated hereinabove or using a form available on the Service Website.

7. WEBSITE COOKIES, OPERATING AND ANALYST'S DATA

7.1.Cookies are small pieces of data in text file format sent by a server and stored on the user's computer by the user's web browser while the user is browsing (e.g. on a computer/laptop hard disk or smartphone SD card – depending on what device our Website visitor is using). For detailed information on cookies, as well as their history, see, inter alia: https://en.wikipedia.org/wiki/HTTP_cookie.

7.2.The Controller may process data contained in cookies while visitors are browsing the Website for the following purposes:

a.identification and display of Service Users as logged on the Website;

b.storing data from completed forms, questionnaires or Website logging data;

c.customization of the Website contents to match a Service User's preferences (e.g. with regard to colors, font size, page layout), and optimization of the Website exploitation;

d.maintaining anonymous statistics representing forms of the Website exploitation;

e.remarketing, i.e. studying the Website visitors' behavior characteristics through an anonymous analysis of their actions (e.g. repeated visits to specific pages, key words, etc.) in order to create their profiles and provide them with advertisements matching their forecasted interests, including while they are visiting other websites in the Googles Inc. and Facebook Ireland Ltd. advertising network.

7.3.As a standard, most web browsers available in the market accept cookie storage by default. Every user can set the terms of using cookies by means of their own web browser settings, which means that the cookie storage option can be partially restricted (e.g. temporally) or fully disabled; in the latter case, this may affect certain functionalities of the Website.

7.4.Web browser settings as regards cookies are important in terms of a consent to the use of cookies by our Website – in accordance with the regulations, that consent may also be given through web browser settings. Users who decline to give their cookie consent should change their web browser settings relating to cookies accordingly.

7.5.Detailed information on how to change browser cookie settings and singlehandedly remove cookies in the most popular web browsers is available in the browser support section or on the undermentioned sites (simply click the applicable link):

7.6.On the Service Website, the Controller may make use of Google Analytics and Universal Analytics services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), as well as services provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and Hotjar Limited (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta). The aforesaid services facilitate the Controller's analysis of the Website traffic. Collected data are processed as part of the referenced services in an anonymized mode (those being so-called operating data, rendering the identification of a person impossible), with the aim of generating statistics helpful in administering the Website. Those data are overall and anonymous, i.e. containing no identifying characteristics (personal data) of a Website visitor. The Controller makes use of the above-mentioned services on the Website to collect those data as sources and media of soliciting Website visitors as well as obtaining information on their behaviors on the Website, devices and browsers from which they visit it, their IP and domain, geographic and demographic data (age, sex), and their interests.

7.7.Everyone can easily disable the dissemination of Google Analytics information on their activities on the Website. To do so, the browser app, made available by Google Inc. on https://tools.google.com/dlpage/gaoptout?hl=pl.

8. FINAL PROVISIONS

8.1.The Service Website may include references to other websites. The Controller encourages visitors going to such other websites to read their own privacy policy. The privacy policy herein is only applicable to the Controller's Website.

Please be informed that this site uses cookies to enable you to use our service, provide optimised content and adjust the Website to your needs. You can manage cookies by changing the settings of your browser. By continuing to use our Website without changing the settings of your browser, you agree for our use of cookies. You can find out more in the privacy policy of our Website.