Privacy policy
1. DEFINITION
| Personal Data | All information about a natural person who is identified or can be identified by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, or online identifier. |
| Policy | This Privacy Policy. |
| GDPR | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. |
| Service | The website operated by the Controller at SVIZOO.PL. |
| User | Any natural person visiting the Service or using one or more services or functionalities described in this Policy. |
2. PERSONAL DATA CONTROLLER
The Controller of your personal data is SVI Spółka z ograniczoną odpowiedzialnością, with its registered office in Folwark, Folwark 49, 63-900 Rawicz, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court Poznań – Nowe Miasto i Wilda in Poznań, IX Commercial Division of the National Court Register under KRS number: 0000866094, NIP: 6991966289, REGON: 387353342, with share capital of PLN 9,000,000.00.
If you wish to contact the Controller regarding detailed rules and conditions related to the processing of personal data, please direct your inquiries to: odo@svizoo.pl.
If you wish to contact the Controller regarding detailed rules and conditions related to the processing of personal data, please direct your inquiries to: odo@svizoo.pl.
3. PERSONAL DATA
Your personal data is processed by the Controller for purposes related to the functioning of the SVIZOO.PL Service and the provision of services offered therein.
Below you will find information regarding specific personal data processing operations.
a) Handling Complaints, Requests, and Inquiries
Below you will find information regarding specific personal data processing operations.
a) Handling Complaints, Requests, and Inquiries
| Handling Complaints, Requests, and Inquiries | |
|---|---|
| Purpose of Processing | Handling inquiries, notifications, and requests. |
| Scope of Personal Data | Personal data provided in the contact form, data regarding the use of services that are the subject of the complaint/request/inquiry, data contained in documents attached to the complaint/request/inquiry. |
| Legal Basis | – Legitimate interest (Art. 6(1)(f) GDPR), – user consent (Art. 6(1)(a) GDPR). |
| Data Retention Period |
Data will be processed for the period necessary to consider the inquiry, complaint, or request, but no longer than 3 years from receipt. If the message constitutes or may constitute evidence in proceedings before a court or other public authority, such messages and the personal data contained therein may be retained until the final conclusion of the proceedings.
|
b) Analytical Activities
| Analytical Activities | |
|---|---|
| Purpose of Processing | Analysis of the manner in which the Service is used, in order to adapt the website to the needs and behavior of Users (see Cookie Policy for more details). |
| Scope of Personal Data | Personal data obtained via cookies, as described in section 7 below. |
| Legal Basis | – Legitimate interest (Art. 6(1)(f) GDPR), – user consent (Art. 6(1)(a) GDPR). |
| Data Retention Period |
Data will be processed until the expiry of the validity period or withdrawal of consent for cookies.
|
c) Pursuit of Claims
| Pursuit of Claims | |
|---|---|
| Purpose of Processing | Establishment, exercise, or defense of potential claims related to the services provided. |
| Scope of Personal Data | Personal data indicated in the contact form. |
| Legal Basis | Legitimate interest (Art. 6(1)(f) GDPR). |
| Data Retention Period |
Data will be processed until the expiry of the limitation period for claims or until an objection to the processing of personal data is accepted.
|
d) Satisfaction Surveys
| Satisfaction Surveys | |
|---|---|
| Purpose of Processing | Surveying user satisfaction with services provided by the Controller. |
| Scope of Personal Data | Personal data contained in separate consent forms and data regarding activity in the Service, recorded and stored via cookies. |
| Legal Basis | Legitimate interest (Art. 6(1)(f) GDPR). |
| Data Retention Period |
Data will be processed until the expiry of the limitation period for claims or until an objection to the processing of personal data is accepted.
|
4. MARKETING ACTIVITIES
Within the SVIZOO.PL Service, the Controller conducts profiling solely upon obtaining the User’s consent.
Profiling consists of the automated assessment of which products or services may be of interest to you, using information about the content you have viewed.
Profiling consists of the automated assessment of which products or services may be of interest to you, using information about the content you have viewed.
| MARKETING ACTIVITIES | |
|---|---|
| Purpose of Processing | Direct marketing, including the display of personalized advertisements. |
| Scope of Personal Data | Personal data contained in separate consent forms and data regarding activity in the Service, recorded and stored via cookies. |
| Legal Basis | – Legitimate interest (Art. 6(1)(f) GDPR), – user consent (Art. 6(1)(a) GDPR). |
| Data Retention Period |
Data will be processed until the expiry of the validity period or withdrawal of consent for cookies.
|
5. RECIPIENTS OF PERSONAL DATA
The SVIZOO.PL Service utilizes the services of external entities that support its operations. The Controller entrusts your data to these entities, which process the data on documented instructions from the Controller.
Your personal data will not be processed by entities outside the European Union.
a) Service Providers: Your personal data is transferred to service providers used by the Controller in the operation of the Service. Depending on contractual arrangements and circumstances, service providers either act on the Controller’s instructions regarding the purposes and means of processing (processors) or independently determine the purposes and means of processing (controllers).
b) Processors: The Controller uses providers who process your personal data solely on the Controller’s instructions. They provide cloud hosting services, online marketing systems, web push notification systems, email delivery, traffic analysis, marketing campaign effectiveness analysis, and support for certain services and functionalities.
c) Controllers: The Controller uses providers who do not act solely on the Controller’s instructions and independently determine the purposes and means of processing personal data. They provide remarketing campaign services and conduct statistical research. The Service also uses Facebook and Google APIs. The terms of use for these services are available at: https://www.facebook.com/privacy/explanation, and https://www.google.com/policies/privacy.
d) Public Authorities: The Controller may disclose your personal data to authorized public authorities, in particular to organizational units of the prosecutor’s office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.
Service providers are mainly based in Poland and other countries of the European Economic Area (EEA), e.g., Ireland. Some providers may be based outside the EEA. In connection with the transfer of data outside the EEA, the Controller ensures that its providers guarantee a high level of personal data protection.
Your personal data will not be processed by entities outside the European Union.
a) Service Providers: Your personal data is transferred to service providers used by the Controller in the operation of the Service. Depending on contractual arrangements and circumstances, service providers either act on the Controller’s instructions regarding the purposes and means of processing (processors) or independently determine the purposes and means of processing (controllers).
b) Processors: The Controller uses providers who process your personal data solely on the Controller’s instructions. They provide cloud hosting services, online marketing systems, web push notification systems, email delivery, traffic analysis, marketing campaign effectiveness analysis, and support for certain services and functionalities.
c) Controllers: The Controller uses providers who do not act solely on the Controller’s instructions and independently determine the purposes and means of processing personal data. They provide remarketing campaign services and conduct statistical research. The Service also uses Facebook and Google APIs. The terms of use for these services are available at: https://www.facebook.com/privacy/explanation, and https://www.google.com/policies/privacy.
d) Public Authorities: The Controller may disclose your personal data to authorized public authorities, in particular to organizational units of the prosecutor’s office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.
Service providers are mainly based in Poland and other countries of the European Economic Area (EEA), e.g., Ireland. Some providers may be based outside the EEA. In connection with the transfer of data outside the EEA, the Controller ensures that its providers guarantee a high level of personal data protection.
6. USER RIGHTS
In connection with the provision of personal data to the Controller, you are entitled to the following rights:
1) Right to Withdraw Consent: You have the right to withdraw your consent at any time. Withdrawal of consent is effective from the moment of withdrawal and does not affect processing carried out lawfully prior to withdrawal.
Legal basis: Art. 7(3) GDPR
2) Right to Object to Data Processing: You have the right to object at any time to the processing of your personal data. If the objection is justified and the Controller has no other legal basis for processing your personal data, the Controller will delete the data to which the objection relates.
Legal basis: Art. 21 GDPR
3) Right to Erasure: You have the right to request the erasure of all or some of your personal data. Notwithstanding such a request, the Controller may retain certain personal data to the extent necessary for the establishment, exercise, or defense of claims.
Legal basis: Art. 21 GDPR
4) Right to Restrict Processing: You have the right to request the restriction of the processing of your personal data. If you make such a request, the use of certain functionalities or services of the Service may be prevented until the request is considered.
Legal basis: Art. 18 GDPR
5) Right of Access: You have the right to obtain confirmation from the Controller as to whether your personal data is being processed and, if so, to access your personal data and receive information regarding the purposes of processing, categories of processed data, recipients or categories of recipients, planned retention period or criteria for determining this period, rights under the GDPR, the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making, including profiling, and safeguards in connection with the transfer of data outside the European Union; you also have the right to obtain a copy of your personal data.
Legal basis: Art. 15 GDPR
6) Right to Rectification: You have the right to rectify and supplement your personal data.
Legal basis: Art. 16 GDPR
7) Right to Data Portability: You have the right to receive your personal data provided to the Controller and to transmit it to another controller of your choice.
Legal basis: Art. 20 GDPR
The Controller will fulfill or refuse to fulfill your request without undue delay, but no later than within 30 days of receipt.
To exercise your rights, please contact the Controller at odo@svizoo.pl.
If you believe your personal data is being processed unlawfully, you may lodge a complaint with the President of the Personal Data Protection Office (UODO).
1) Right to Withdraw Consent: You have the right to withdraw your consent at any time. Withdrawal of consent is effective from the moment of withdrawal and does not affect processing carried out lawfully prior to withdrawal.
Legal basis: Art. 7(3) GDPR
2) Right to Object to Data Processing: You have the right to object at any time to the processing of your personal data. If the objection is justified and the Controller has no other legal basis for processing your personal data, the Controller will delete the data to which the objection relates.
Legal basis: Art. 21 GDPR
3) Right to Erasure: You have the right to request the erasure of all or some of your personal data. Notwithstanding such a request, the Controller may retain certain personal data to the extent necessary for the establishment, exercise, or defense of claims.
Legal basis: Art. 21 GDPR
4) Right to Restrict Processing: You have the right to request the restriction of the processing of your personal data. If you make such a request, the use of certain functionalities or services of the Service may be prevented until the request is considered.
Legal basis: Art. 18 GDPR
5) Right of Access: You have the right to obtain confirmation from the Controller as to whether your personal data is being processed and, if so, to access your personal data and receive information regarding the purposes of processing, categories of processed data, recipients or categories of recipients, planned retention period or criteria for determining this period, rights under the GDPR, the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making, including profiling, and safeguards in connection with the transfer of data outside the European Union; you also have the right to obtain a copy of your personal data.
Legal basis: Art. 15 GDPR
6) Right to Rectification: You have the right to rectify and supplement your personal data.
Legal basis: Art. 16 GDPR
7) Right to Data Portability: You have the right to receive your personal data provided to the Controller and to transmit it to another controller of your choice.
Legal basis: Art. 20 GDPR
The Controller will fulfill or refuse to fulfill your request without undue delay, but no later than within 30 days of receipt.
To exercise your rights, please contact the Controller at odo@svizoo.pl.
If you believe your personal data is being processed unlawfully, you may lodge a complaint with the President of the Personal Data Protection Office (UODO).
7. COOKIES
Accessing the Service website displays a statement requesting consent to the processing of personal data obtained via cookies. If consent is not given, cookies used for statistical and marketing purposes will be disabled. You may change your decision regarding the use of cookies at any time by disabling them. Withdrawal of consent will result in the cessation of the use of personal data for the relevant purpose from the moment of deactivation of the relevant cookie.
The Service uses cookies for:
a) Collecting statistical data via Google Analytics (administrator: Google LLC, USA); cookies expire after 2 years, and user-level data is automatically deleted from Analytics servers after 50 months.
b) Tracking anonymous traffic data via analytics tools.
The Service uses cookies for:
a) Collecting statistical data via Google Analytics (administrator: Google LLC, USA); cookies expire after 2 years, and user-level data is automatically deleted from Analytics servers after 50 months.
b) Tracking anonymous traffic data via analytics tools.
8. PROFILING
The Controller does not make automated decisions, including profiling.
9. CHANGES TO THE PRIVACY POLICY
The Controller reserves the right to amend or supplement this Privacy Policy as necessary.