1.2.The Controller of personal data collected via the Website www.autodna.com is ASDIRECT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (LLC) in Lodz (address of registered office and for service: 13C Karolewska St., Suite 31, 90-560 Lodz), entered in the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court for Lodz-Śródmieście in Lodz, 20th National Court Registry Commercial Division, at KRS number 0000349742, seed capital: PLN 12,900, NIP (Taxpayer Identification Number): 5492391545, REGON (National Business Registry Number): 121164104, email address: firstname.lastname@example.org contact telephone number: 48223500128 – hereinafter referred to as “the Controller”.
1.3.Personal data on the Website are processed by the Controller in accordance with the applicable regulations of law, specifically Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDP Regulation”. Official text of GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.5.The Controller exercises due diligence in protecting the interests of data subjects whose personal data are processed thereby, being specifically responsible for assuring that data collected thereby are: (1) processed in accordance with law; (2) collected for specific legitimate purposes, without being further processed contrary thereto; (3) substantially accurate and appropriate to the purposes of the processing thereof; (4) stored in a form making it possible to identify their respective subject, however not longer than necessary for the purpose of processing; (5) processed in a manner which guarantees their adequate security, including protection from prohibited or unlawful processing, or incidental loss, damage or destruction, by adequate technical or organizational means.
1.6.Given the nature, scope, context and purposes of data processing, as well as the risk of an infringement on natural persons' rights or freedoms, with a various degree of probability and hazard gravity, the Controller establishes appropriate technical and organizational measures for processing to comply with this Regulation and be provable thereby. If need be, the referenced measures are reviewed and updated. The Controller takes the technical measures preventing unauthorized persons from obtaining or modifying personal data sent electronically.
2.1.The Controller is authorized to process personal data when – and to an extent – minimum one of the undermentioned conditions is met: (1) the data subject has consented to the processing of his/her personal data for one or more specific purposes: (2) processing is necessary for the performance of a contract the data subject is a party to, or for action to be taken as requested by the data subject prior to entry thereinto; (3) processing is necessary for the Controller's fulfillment of the legal obligation binding thereon; or (4), processing is necessary for the purposes resulting from the legitimate interests pursued by the Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
3.1.Every single time, the purpose, basis, term, scope and recipients of personal data processed by the Controller result from actions taken by a given Service Website User or Customer.
3.2.The Controller may process personal data on the Service Website for the following purposes, on the following bases, during the following terms, and within the following scope.
Data are stored as long as necessary for the performance, termination or other expiration of a contract.
Data are stored for the duration of the legitimate interest pursued by the controller, however not longer than for a period of limitation for claims towards the data subject in relation to the Controller's economic operation. The referenced period of limitation is prescribed by the regulations of law, specifically the Civil Code (the basic period of limitation for claims relating to economic operation being three years).
The Controller may not process data for direct marketing purposes if the data subject has effectively objected thereto.
Data are stored until the data subject withdraws his/her consent to the further processing of his/her data for this purpose.
Data are stored for the statutory period in compliance with the legal obligation to store account books to which the controller is subject (5 years, as of beginning of the year following the fiscal year to which data relate).
Data are stored for the duration of the legitimate interest pursued by the Controller, however not longer than for a period of limitation for claims towards the data subject in relation to the Controller's economic operation. The referenced period of limitation is prescribed by the regulations of law, specifically the Civil Code (the basic period of limitation for claims relating to economic operation being three years).
In case of Service Users or Customers that are not consumers, the Controller may additionally process the legal business name and taxpayer identification number (NIP) of a Service User or Customer.
4.1.For the sake of the correct operation of the Service Website, including the correct provision of Online Services by the Controller, it is essential that the Controller make use of external contractors' services (such as, for example, a software supplier). The Controller only makes use of services rendered by such processors that give sufficient guarantees of taking adequate technical and organizational measures for processing to meet the requirements under GDPR and protect rights of the data subjects.
4.4.Personal data of the Service Website Users and Customers may be transferred to the following recipients or categories of recipients:
a.Electronic or card payment operators – in case of a Customer that effects electronic or card payments on the Service Website, the Controller makes his/her personal data collected thereby available to a selected operator handling such payments on the Website, as commissioned by the Controller, to an extent necessary to handle such a Customer's payment(s).
b.Opinion survey questionnaire system provider – in case of a Customer that has consented to give his/her opinion on a sales contract concluded, the Controller makes his/her personal data collected thereby available to a selected opinion survey questionnaire system provider for opinion survey purposes in relation to sales contracts entered into on the Website, as commissioned by the Controller, to an extent necessary for a Customer to give his/her opinion via the opinion survey questionnaire system.
e.Cooperating entities and partners, publishing, advertising or making use of the Controller's services on their websites, internet pages, or as part of their services - the Controller makes a Customer's personal data collected thereby available only in order to discharge the obligation under civil law contracts entered into.
g.Other entities, on condition data be anonymized, i.e. such data must not identify any particular service user or customer.
h.Public bodies or entities, with the aim of countering violations of law, frauds and malpractices.
i.In the event of the restructuring or sale of business, in whole or in part, and the transfer of assets, in whole or in part, to a new owner, personal data of Service Users or Customers may be transferred to a Purchaser in order to ensure the continued provision of the Controller's services.
5.2.On the Website, the Controller may use profiling for direct marketing purposes, yet decisions it makes on the basis thereof do not apply to an entry into an online service contract or a refusal to enter the same, or the option of making use of online services on the Website. Taking advantage of profiling on the Website may result in, for example, giving a person a discount, sending him/her a discount code, reminding of unfinished shopping, sending a proposal for a product which may be in keeping with a person's interests or preferences, or offering better conditions than those of the Website's standard offer. Notwithstanding profiling, it is a particular person who takes a free decision whether to take advantage of the so given discount or better conditions and make a purchase on the Website.
5.3.Profiling on the Website consists in an automated analysis or forecast of a particular individual's behavior on its pages, e.g. by adding a specific product to the cart, browsing a specific product page, or through an analysis of the preexisting online operations history. Such profiling is conditional upon an individual's personal data in the Controller's possession so that the latter can further send him/her, for instance, a discount code.
5.4.The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
6.1.Right of access, to rectification, restriction of processing, erasure or portability – the data subject has the right to obtain from the Controller access to his/her personal data, as well as the right to rectification, erasure ('right to be forgotten') or restriction of processing thereof, and the right to object to processing of personal data concerning him or her and to transmit those data. The specific terms of exercising the aforesaid rights are set forth in GDPR, Art. 15-21.
6.2.Right to withdraw consent at any time – the data subject whose data are processed by the Controller based on his/her consent (under GDPR, Art. 6 Sec. 1 L. A, or Art. 9 Sec. 2 L. a) has the right to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
6.3.Right to lodge a complaint with a supervisory authority – the data subject whose data are processed by the Controller has the right to lodge a complaint with a supervisory authority in a mode and form as prescribed in the provisions of GDPR and Polish law, specifically the Act on the Protection of Personal Data. In Poland, the supervisory authority is the Inspector General for the Protection of Personal Data.
6.4.Right to object - the data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6 Sec. 1 L. e (public interest or tasks) or f (legitimate interests of the controller), including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
6.5.Right to object to processing for direct marketing purposes – where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
7.1.Cookies are small pieces of data in text file format sent by a server and stored on the user's computer by the user's web browser while the user is browsing (e.g. on a computer/laptop hard disk or smartphone SD card – depending on what device our Website visitor is using). For detailed information on cookies, as well as their history, see, inter alia: https://en.wikipedia.org/wiki/HTTP_cookie.
7.2.The Controller may process data contained in cookies while visitors are browsing the Website for the following purposes:
a.identification and display of Service Users as logged on the Website;
b.storing data from completed forms, questionnaires or Website logging data;
c.customization of the Website contents to match a Service User's preferences (e.g. with regard to colors, font size, page layout), and optimization of the Website exploitation;
d.maintaining anonymous statistics representing forms of the Website exploitation;
e.remarketing, i.e. studying the Website visitors' behavior characteristics through an anonymous analysis of their actions (e.g. repeated visits to specific pages, key words, etc.) in order to create their profiles and provide them with advertisements matching their forecasted interests, including while they are visiting other websites in the Googles Inc. and Facebook Ireland Ltd. advertising network.
7.3.As a standard, most web browsers available in the market accept cookie storage by default. Every user can set the terms of using cookies by means of their own web browser settings, which means that the cookie storage option can be partially restricted (e.g. temporally) or fully disabled; in the latter case, this may affect certain functionalities of the Website.
7.5.Detailed information on how to change browser cookie settings and singlehandedly remove cookies in the most popular web browsers is available in the browser support section or on the undermentioned sites (simply click the applicable link):
7.6.On the Service Website, the Controller may make use of Google Analytics and Universal Analytics services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), as well as services provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and Hotjar Limited (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta). The aforesaid services facilitate the Controller's analysis of the Website traffic. Collected data are processed as part of the referenced services in an anonymized mode (those being so-called operating data, rendering the identification of a person impossible), with the aim of generating statistics helpful in administering the Website. Those data are overall and anonymous, i.e. containing no identifying characteristics (personal data) of a Website visitor. The Controller makes use of the above-mentioned services on the Website to collect those data as sources and media of soliciting Website visitors as well as obtaining information on their behaviors on the Website, devices and browsers from which they visit it, their IP and domain, geographic and demographic data (age, sex), and their interests.
7.7.Everyone can easily disable the dissemination of Google Analytics information on their activities on the Website. To do so, the browser app, made available by Google Inc. on https://tools.google.com/dlpage/gaoptout?hl=pl.