I. Preliminary provisions
Certex Polska spółka z ograniczoną odpowiedzialnością is the data controller. The company is based in Poland, Szczecin (70-895), at ul. Lubczyńska 6c, entered in the Register of Entrepreneurs kept by the District Court for Toruń– VII Commercial Division of the National Court Register, under the number 0000375415, with a VAT number: 8883095077(further referred to as “Certex”). Certex can be contacted in writing at the address indicated in the preceding sentence or by e-mail at: firstname.lastname@example.org.
Certex has appointed a Data Protection Officer, who can be contacted at telephone number: +48 54 427 15 45 or e -mail address: email@example.com.
Certex pays particular attention to protecting the privacy and confidentiality of personal data entered or provided by the Clients. It selects and applies, with due diligence, any appropriate technical and organizational measures to protect personal data processed. Only persons duly authorised by Certex have full access to databases. Certex protects personal data against unauthorised access as well as against their processing in violation of applicable laws. Visitors can browse pages on websites run by Certex without registering and providing their personal data.
II. The basis for personal data processing
Personal data are processed by Certex under the applicable law to:
- establish commercial relations, including responding to questions asked by Clients;
- execute and perform contracts for the provision of services by Certex;
- exercise the legitimate interests of Certex, i.e. to market its products or services, investigate and secure any claims;
- provide newsletter service under the terms specified in the regulations concerning the newsletter services;
- meet legal obligations imposed on Certex relating to tax and accounting duties;
- run social profiles and use them to provide Clients with information about the activity of Certex, to promote and advertise organised events, promote the brand, products and services, build and maintain communities associated with Certex, and communicate via the available functionalities;
- organise contests, in particular to select winners and present awards.
Providing data is voluntary, but failure to do so will result in inability to establish business relationship or use the services.
Certex implemented Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
III. Basic principles for processing personal data
Certex processes personal data only to the minimum extent, necessary to achieve the purposes for which they are collected. The purposes of collecting the Clients' personal data are clearly defined and supported by legislation. Certex does not process personal data in a way incompatible with those purposes.
Certex observes the Clients' rights relating to their personal data, in line with the law. It ensures the correctness of the Clients' personal data and responds promptly to any requests to correct or update data.
Certex limits the storage of personal data, in line with the law, only for the period necessary to achieve the purposes for which they are collected unless there are reasons to allow extension of data storage period.
If personal data are made available to other entities, this occurs in a safe manner, contractually secured or in another manner consistent with applicable law.
IV. Rights of the data subjects
Every Client whose personal data are processed by Certex has the right to:
- access the data,
- rectify the data,
- request to delete the data,
- limit processing,
- transfer the data,
- raise objections for reasons relating to their particular situation to the processing of data based on the legitimate interest of Certex,
- object to the processing for direct marketing purposes,
- withdraw consent, if the processing is based on consent (withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal).
The Client may exercise the rights in any way, including by sending to Certex e-mail address a relevant request, together with the Client's full name and e-mail address.
The Client also has the right to lodge a complaint with the supervisory authority if it considers that the processing of personal data by Certex violates applicable law.
V. Fair information practices
Certex accepts the principle of taking an individual action, which requires that individuals have the right to pursue legally enforceable rights in relation to collecting and processing of data that do not respect the law. To comply with fair information practices, in the event Certex breaches the data processed, Certex will inform the persons to whom data breach relates, by e-mail within 7 working days.
VI. Recipients of personal data
Clients' details may be provided to the entities authorised to receive them under applicable law, including competent judicial authorities. Personal data may also be provided to trusted recipients such as carriers, accounting entity, partners providing technical services (development and maintenance of information systems and websites), and collection agencies.
If in the course of processing, personal data are passed on to recipients in other countries, Certex will assess whether these entities guarantee a high level of protection of personal data processed.
VII. Other information regarding data processing
Personal data will be stored only for the period necessary to accomplish the given purpose for which they were collected, and after its expiry, for the period necessary to protect or make any possible claims or to comply with the legal obligation of Certex (resulting from tax or accounting regulations).
Personal data processed to market products or services based on a legitimate interest will be processed until the Client lodges an objection.
Certex uses IP addresses collected during internet connections only for technical purposes, related to a server control. In addition, IP addresses are used to collect general statistical demographic information (such as the region from which the connection is made).
Certex may process personal data in an automated manner, including profiling, however, automated processing will not lead to decisions which have legal effect or similar material impact on the Client. This processing can affect the selection of displayed ads, or the selection of products and services. The Client can receive special offers through personalised e-mail or web advertising.
Certex does not process personal data in a way that would involve only automated decisions relating to the Client with legal effect or similar material impact on the Client.
In principle, Certex uses two types of cookies – "session" and "permanent". Session cookies are temporary files that are stored on the user's device until the user logs out, leaves the website or disables the software (web browser). Permanent cookies are files that are stored on the user's device for the time specified in the cookies parameters or until they are manually deleted by the user.
As part of the websites, Certex uses the following types of cookies which are necessary to provide the services:
- necessary cookies, enabling to use the services available through websites operated by Certex , in particular authentication cookies used for services that require authentication;
- cookies used to ensure safety, in particular, to detect fraud in the area of authentication;
- performance cookies, enabling to collect information about how to use the websites;
- functional cookies allowing to "remember" user-selected settings and customise the user interface;
- advertising cookies, enabling to provide users with advertising content tailored to their interests.
he software used for websites browsing (web browser) usually allows for the storage of cookies on the terminal equipment by default. The Client browsing websites of Certex can independently and at any time change the cookies settings, specifying the terms of storing and accessing their device by cookies. The Client can change the settings referred to in the preceding sentence using web browser settings. These settings can be changed, in particular, in such a way as to block the automatic cookie handling settings in their web browser or inform the Client each time cookies are installed on the Client's device. Detailed information about the possibilities and ways to manage cookies are available in the software (web browser) settings.
Information on how to configure cookies settings in sample web browsers is provided below:
- Internet Explorer https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer
- Chrome https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
- Opera https://help.opera.com/en/latest/web-preferences/
- Mozilla Firefox https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?redirect=no
- Safari https://support.apple.com/en-us/HT201265