§ 1 INTRODUCTORY TERMS
The entity responsible for gathering and managing personal data through the website https://bardcode.pl is Bartosz Krzyżaniak. The official address is ul. Sportowa 20, 88-420 Rogowo, with tax identification number (NIP): 5542905852, business identification number (REGON): 382177395. Hereafter, this entity will be referred to as the “Data Manager.” The Data Manager adheres to the EU General Data Protection Regulation (GDPR) from April 27, 2016, and the Personal Data Protection Law enacted on May 10, 2018.
§2 CATEGORIES AND OBJECTIVES OF DATA HANDLING
REASON AND LEGAL GROUNDS FOR PROCESSING
The Data Manager collects personal information through the website https://bardcode.pl, specifically when a user fills out a contact form. This data collection is justified under Article 6(1)(f) of the GDPR as it serves the legitimate interests of the Data Manager.
TYPES OF DATA HANDLED
The Data Manager collects the following types of user information:
- Data willingly submitted via forms
- Data gathered through “cookies” [Refer to §5 COOKIES].
DURATION OF DATA STORAGE
The Data Manager retains user information:
- For contract-based interactions, the data is kept for the duration necessary to fulfill the contract and thereafter for a period corresponding to the statute of limitations for claims, which is generally six years, or three years for periodic benefits and business-related claims.
- When the data collection is consent-based, the data is stored until the consent is withdrawn and thereafter for a period corresponding to the statute of limitations for potential claims.
Additional data may be collected during website use, including the user’s IP address, domain name, browser type, access time, and operating system.
Navigation data, such as clicked links and other user activities on the website, may also be collected. The legal basis for such collection is the Data Manager’s legitimate interest under Article 6(1)(f) of the GDPR, aimed at enhancing user experience and website functionality.
Data submission by the user is voluntary.
Automated profiling of personal data may occur if the user gives explicit consent under Article 6(1)(a) of the GDPR. The outcome of such profiling will be used for decision-making or predicting user preferences and behaviors.
The Data Manager takes special precautions to ensure:
- Compliance with legal requirements
- Data collection for specific, lawful purposes
- Accurate and adequate data storage for the intended purpose
§3 SHARING OF PERSONAL DATA
User data may be shared with third-party service providers that the Data Manager employs for website operations. These third parties, depending on contractual terms, either act on instructions from the Data Manager or independently determine how the data will be processed.
- Multimedia Services: YouTube
- Social Media Services: Facebook, Google+, Linkedin, Instagram, Twitter
- Analytics Services: Google Analytics, Facebook Analytics
Third-party services are beyond the Data Manager’s control and may change their terms and policies at any time.
User data is stored exclusively within the European Economic Area (EEA).
§4 USER RIGHTS AND DATA CORRECTION
Users have various rights under the GDPR, including the right to access, correct, or delete their data, limit its processing, and transfer it. They can also object to data processing and withdraw consent at any time.
To exercise these rights, an email can be sent to email@example.com.
The Data Manager will respond to user requests within one month, extendable by another two months for complex or numerous requests.
Users can file a complaint with the President of the Office for Personal Data Protection if they believe their data is being mishandled.
The website employs “cookies” for optimal service delivery. These cookies store essential information for the website’s proper functioning and also help in compiling general visit statistics.
The website uses permanent cookies, stored on the user’s device until they are deleted or expire.