Privacy Policy

1. ABOUT US

1. The administrator of the personal data collected through the Website is MJC LIMITED LIABILITY COMPANY with its registered office at: Plenerowa Street 16/1, 35-119 Rzeszów, Poland, email address: biuro@mjc.com.pl. (“Administrator”)
2. MJC LIMITED LIABILITY COMPANY operates the Website and is responsible for the proper provision of the Website’s Electronic Services.

2. GENERAL PROVISIONS

1. This Privacy Policy of the Website is a measure implemented by the Administrator, the purpose of which is to define the actions taken by the Administrator with respect to the protection of personal data provided to the Administrator by Data Subjects and, moreover, to inform Data Subjects about the procedure in force in an enterprise run by the Administrator for dealing with personal data, including, in particular, the purposes and legal grounds for processing and the categories of recipients to whom personal data processed by the Administrator is further transferred, and the implementation by the Administrator towards Data Subjects of the information obligation arising from the content of Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 04.05.2016, p. 1, hereinafter referred to as “RODO”) to the remaining extent
2. The Service Provider shall exercise due diligence to protect the interests of data subjects and, in particular, shall ensure that the data it collects are processed lawfully; collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes; substantively correct and adequate in relation to the purposes for which they are processed; and stored in a form that allows the identification of data subjects for no longer than is necessary to achieve the purpose of the processing.
3. This privacy policy of the Website is for informational purposes, which means that it is not a source of obligations for Website Service Recipients.
4. All words, phrases and acronyms appearing on this Website and beginning with a capital letter (e.g., Service Provider, Website, Electronic Service) shall be understood as defined in this Privacy Policy or in the Website Terms and Conditions (if applicable) available on the Website.
5. The Service Recipient’s personal data shall be processed in accordance with the RODO and the Act of May 10, 2018 on Data Protection (hereinafter referred to as the Personal Data Protection Act) and the Act on Provision of Electronic Services of July 18, 2002 (Journal of Laws 2002 No. 144, item 1204 as amended) .

3. PURPOSE AND SCOPE OF DATA COLLECTION

1. In each case, the purpose, scope and recipients of the data processed by the Service Provider arise from the activities undertaken by the Client on the Website. For example, if the Client intends to use an Account, his/her personal data will be processed for the purpose of concluding and executing a contract for the use of the Account.
2. The Administrator processes personal data concerning the Service Recipient or his representatives for the following purposes:
   • conclusion and execution of the contract for the use of the Electronic Service,
   • to carry out obligations under the law, including tax and accounting regulations,
   • conducting judicial, arbitration, administrative, judicial-administrative, enforcement and mediation proceedings,
   • documenting contractual relationships for evidentiary purposes for the period of the statute of limitations for claims related to them,
   • conducting direct marketing of services or goods offered by the Administrator, including through e-mail correspondence of the newsletter type,
   • handling complaints and claims arising from warranty rights
3. The Service Provider may process the following personal data of Service Recipients using the Website:
   • name of the Service Recipient,
   • email address,
   • name of Cooperating Organization,
   • name of the Branch of the Cooperating Organization,
4. Provision of the personal data referred to in the paragraph above is not mandatory, but is necessary for the conclusion and execution of the agreement for the provision of Electronic Services on the Website. Each time, the scope of data required to conclude an agreement is indicated in advance on the Website, during the use of the Website and in its Regulations (if applicable).
5. Personal Data concerning the Customer may be transferred to public administration authorities or to other persons or third parties – to the extent that and in cases where the obligation to make them available is imposed on the Administrator by law. In addition, Personal Data concerning the Customer may also be transferred to entities performing accounting and bookkeeping and legal services for the Administrator under a separate agreement.
6. The Administrator declares that it has implemented appropriate technical and organizational measures to ensure an adequate degree of security corresponding to the risks associated with the processing of personal data entrusted to it, as referred to in Article 32 of the RODO. The Administrator shall regularly verify and update the technical and organizational measures it has in place to ensure an adequate degree of protection for the personal data entrusted to it.
7. The Administrator declares that, in order to ensure the security of personal data processing, it has implemented a Personal Data Protection Policy. The Personal Data Protection Policy is a measure implemented by the Administrator in accordance with Article 24(1) and (2) of the RODO, the purpose of which is to introduce in an enterprise run by the Administrator a procedure for handling personal data, based on which their processing by the Administrator will be carried out in accordance with the RODO.
8. The processing of personal data for the purposes indicated in Section 3(2) above includes, in particular, collecting, modifying, storing, reviewing, updating, analyzing, and archiving.
9. The Service Provider also processes anonymized data, related to the use of the Website (e.g. number of Service Recipients) to generate statistics on the use of the Website. These data are aggregate and anonymous, i.e. they do not contain identifying characteristics of persons using the Website.
10. Personal data concerning the Customer will be kept by the Administrator for the following period:
    • in the case of personal data in respect of which the legal basis for their processing by the Administrator is that it is necessary for the proper performance of the contract – until the statute of limitations for claims arising from the contract,
    • in the case of personal data in respect of which the basis for their processing by the Administrator is a legitimate interest – until that basis for processing falls away, in particular, until the statute of limitations for the Administrator’s claims and the Service Recipient’s claims arising from the legal relationship between them, the termination of the Administrator’s legal existence, or the final or conclusive determination or adjudication of or satisfaction or defense of a claim or other entitlement of the Administrator or the Service Recipient in judicial, arbitration, administrative, judicial-administrative, enforcement or mediation proceedings,
    • in the case of personal data for which the basis of processing is that it is necessary for the fulfillment of legal obligations incumbent on the Administrator – until this basis for processing falls away.

4. COOKIES AND USAGE DATA

1. Cookies are small text information in the form of text files, sent by a server and stored on the side of the person visiting the Website (e.g. on the hard drive of a computer, laptop or smartphone memory card – depending on the device used by the visitor to our Website). Detailed information about cookies, as well as the history of their creation can be found, among others, here: https://en.wikipedia.org/wiki/HTTP_cookie
2. The Service Provider may process data contained in Cookies when visitors use the Website for the following purposes:
   • implementation of basic functionalities of the Website, such as: identification of Service Recipients as logged in and maintenance of login sessions and storage of dynamic data, e.g. statistics, summaries;
   • to customize the content of the Website to the individual preferences of the Customer (e.g. regarding the language of the website);
   • memorization of IP location, time zone;
   • keeping anonymous statistics showing how the Website is used.
3. By default, most web browsers available on the market accept the storage of cookies. Everyone has the ability to determine the conditions of use of cookies through the settings of their own web browser. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the ability to save Cookies – in the latter case, however, this may affect some of the functionality of the Website.
4. The settings of your Internet browser with respect to Cookies are relevant to your consent to the use of Cookies by our Website – in accordance with the regulations, such consent may also be expressed through the settings of your Internet browser. In the absence of such consent, you must change your browser settings for Cookies accordingly.
5. Detailed information on how to change the settings for cookies and how to delete them yourself in the most popular web browsers is available in the help section of your web browser and on the following pages (just click on the link):
   • in Chrome browser – https://support.google.com/chrome/answer/95647?hl=pl
   • in Firefox browser – https://support.mozilla.org/pl/kb/W%25C5%2582%25C4%2585czanie%20i%20wy%25C5%2582%25C4%2585czanie%20obs%25C5%2582ugi%20ciasteczek
   • in Internet Explorer browser – https://support.microsoft.com/en-us/hub/4338813/windows-help
   • in Opera browser – https://help.opera.com/pl/latest/web-preferences/
   • in Safari browser – https://support.apple.com/kb/PH5042?locale=en_US
   • in Microsoft Edge browser – https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
6. The Administrator uses Google Analytics and Universal Analytics services on the Website provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The data collected is processed by the aforementioned services in an anonymized manner (this is so-called “exploitation data”, which prevents identification of the person) to generate statistics to help administer the Website. Detailed information on the operation of the above services is available here: www.google.com/intl/pl/policies/privacy/partners/.

5. BASIS OF DATA PROCESSING

1. Provision of personal data by the Customer is voluntary, although failure to provide the personal data indicated on the Website and in the Terms and Conditions of the Website (if applicable), necessary for the conclusion and performance of the agreement for the use of Electronic Services, results in the impossibility of concluding the agreement.
2. The legal basis for the processing of personal data for the purpose specified above in Section 3(2)(a) is that it is necessary for the performance of the contract. The legal basis for the processing of Personal Data for the purpose specified above in Section 3(2)(b) is that it is necessary for the fulfillment of the Administrator’s legal obligations. The legal basis for the processing of Personal Data for the other purposes indicated above in point is the legitimate interest pursued by the Administrator.

6. DATA SUBJECT’S RIGHTS RELATED TO PERSONAL DATA PROTECTION

The data subject can exercise his or her rights using the form available on the website: https://app.gorodo.pl/api/zadanie/8133731095

A. Right to information

1. The Admin, when obtaining personal data, is required to provide the person from whom the data originated with all of the following information:
   • his identity and contact information and, when applicable, the identity and contact information of his representative,
   • when applicable, the contact information of the Data Protection Officer,
   • the purposes of processing the personal data, and the legal basis for the processing,
   • information about the recipients of personal data or categories of recipients, if any,
   • when applicable – information about the intention to transfer Personal Data to a third country or international organization,
   • the period for which the Personal Data will be kept, and when this is not possible, the criteria for determining this period,
   • information whether the provision of personal data is a statutory or contractual requirement or a condition for entering into a contract, and whether the data subject is obliged to provide such data and what are the possible consequences of failing to do so.
2. If the Admin plans to further process the personal data for a purpose other than the purpose for which the personal data were collected, the Controller shall, prior to such further processing, inform the data subject of the other purpose and provide the data subject with any other relevant information.

B. The right to withdraw consent to the processing of personal data

1. The data subject has the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

C. Right of access to personal data

1. The Data Subject is entitled to obtain confirmation from the Admin as to whether Personal Data pertaining to him or her is being processed, and if this is the case, he or she is entitled to obtain access to it and the following information:
   • the purposes of the processing;
   • the categories of Personal Data concerned;
   • information about the recipients or categories of recipients to whom the Personal Data has been or will be disclosed, in particular recipients in third countries or international organizations;
   • where possible, the intended period of storage of the personal data, and where this is not possible, the criteria for determining this period;
   • information about the right to request the Administrator to rectify, erase or restrict the processing of personal data, and to object to such processing;
   • information about the right to lodge a complaint with a supervisory authority;
   • if the personal data was not collected from the data subject – any available information about its source;
   • information on automated decision-making, including profiling as referred to in Article 22 (1) and (4) of the RODO, and – at least in these cases – relevant information on the principles of such decision-making, as well as on the significance and anticipated consequences of such processing for the data subject.
2. The Administrator is required to provide the Data Subject with a copy of the Personal Data. For any subsequent copies requested by the Data Subject, the Administrator may charge a reasonable fee based on administrative costs. If the Data Subject requests a copy electronically, and unless he or she indicates otherwise, the information shall be provided by common electronic means.

D. Right to request rectification and deletion of personal data

1. The data subject has the right to request from the Admin the immediate rectification of personal data concerning him/her that are incorrect. Taking into account the purposes of the processing, the Data Subject has the right to request the completion of incomplete personal data, including by providing an additional statement.
2. The Data Subject is entitled to request from the Admin the immediate erasure of personal data concerning him/her, and the Admin is obliged to erase the personal data without undue delay if one of the following circumstances applies:
   • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
   • the data subject has withdrawn the consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) of the RODO and there is no other legal basis for the processing,
   • the data subject objects under Article 21 (1) RODO to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects under Article 21 (2) RODO to the processing,
   • the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the Admin is subject,
   • the personal data were collected in connection with the offering of information society services referred to in Article 8(1) of the RODO.
   • personal data were processed unlawfully,
3. The data subject’s rights indicated in paragraph 2 above do not apply to the extent that the processing is necessary for the exercise of the right to freedom of expression and information, to establish, assert or defend claims, to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the Admin is subject, or to perform a task carried out in the public interest or in the exercise of public authority vested in the Admin, for reasons of public interest in the field of public health in accordance with Art. 9(2)(h) and (i) of the RODO and Article 9(3) of the RODO for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes in accordance with Article 89(1) of the RODO, insofar as the entitlement is likely to prevent or seriously impede the achievement of the purposes of such processing.
4. The administrator is obliged to provide the data subject with information on the rectification or deletion of personal data, unless this proves impossible or requires disproportionate effort.

E. The right to restrict the processing of personal data

1. The Data Subject has the right to request the Admin to restrict the processing of his/her personal data in the following cases:
   • The Data Subject questions the accuracy of the personal data – for a period of time that allows the Administrator to verify the accuracy of the personal data,
   • the processing is unlawful, and the Data Subject objects to the erasure of the personal data, requesting instead the restriction of its use,
   • The Administrator no longer needs the personal data for the purposes of the processing, but the data are needed by the Data Subject to establish, assert or defend claims,
   • The Data Subject has objected to the processing under Article 21(1) of the RODO – until it is determined whether the legitimate grounds on the part of the Admin override the grounds for the Data Subject’s objection.
2. The Admin is obliged to provide the data subject with information on the restriction of processing of personal data, unless this proves impossible or requires disproportionate effort.

F. Right to portability of personal data

1. The data subject is entitled to receive in a structured, commonly used machine-readable format the personal data concerning him or her provided to the Admin, and has the right to send such personal data to another Admin without hindrance from the Admin, where the processing is carried out by automated means and (a) based on the data subject’s consent or (b) is necessary for the performance of a contract.
2. In exercising the right set forth above, the data subject has the right to request that the personal data be sent by the Admin directly to another admin, insofar as this is technically possible. This right shall not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the Admin. This entitlement shall also not adversely affect the rights and freedoms of others.

G. Right to object and rights related to automated decision-making in individual cases

1. The data subject has the right to object at any time – on grounds relating to his or her particular situation – to the processing of personal data concerning him or her based on Article 6(1)(e) or (f) of the RODO, including profiling under these provisions. The Adminshall no longer be allowed to process such personal data, unless the Admin demonstrates the existence of compelling legitimate grounds for the processing overriding the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.
2. If personal data are processed by the Admin for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
3. If the data subject raises an objection to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.
4. If personal data are processed for scientific or historical research purposes or for statistical purposes under Article 89(1) of the DPA, the data subject has the right to object – on grounds relating to his or her particular situation – to processing relating to his or her personal data, unless the processing is necessary for the performance of a task carried out in the public interest.
5. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision is necessary for the conclusion or performance of a contract between the data subject and the Admin; is authorized by Union law or the law of a Member State to which the Admin is subject and which provides for appropriate measures to protect the rights, freedoms and legitimate interests of the data subject; or is based on the data subject’s explicit consent.

7. FINAL REGULATIONS

1. The Website may contain links to other websites. The Service Provider urges you, when you go to other sites, to read the privacy policy established there. This privacy policy applies only to the Website.
2. The Administrator shall adequately provide the following technical measures to prevent the acquisition and modification of personal data sent electronically by unauthorized persons:
   • Securing the data set against unauthorized access;
   • SSL Certificate.
3. In all matters related to the processing of personal data, including, in particular, matters related to the provisions of this Privacy Policy, the Service Recipient should contact the Administrator using the following contact details:
   • postal mail address:: MJC LIMITED LIABILITY COMPANY st. Plenerowa 16/1, 35-119 Rzeszów, Polska,
   • email address: biuro@mjc.com.pl,
   • request form: https://app.gorodo.pl/api/zadanie/8133731095

Document generated using GoRODO.pl