Due to the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to
the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection), hereinafter referred to as "GDPR", we inform you about the principles of processing your personal data and about your rights related to it.
1. Personal data controller.
The administrator of your personal data is Magro Ubezpieczenia Sp. z o.o. (registered under the number KRS 0000648004, XX Commercial Division of the National Court Register in Łódź), T. Kościuszki Ave. 123/310, 90-441 Łódź, NIP: 7252160008 REGON: 365897881.
2. Contact us
The administrator has appointed one point of contact for all issues related to personal data. If you want to contact us, write us an e-mail to the address: firstname.lastname@example.org, with a note: ,,Personal data”.
3. Where do we get your personal data from?
We receive your data directly from you, when:
- you create an account on the Website, or
- you fill out one of the additional forms in the course of our cooperation; or
- during a telephone conversation with a member of our Staff; or
- during a personal visit to our headquarters.
4. What is the scope of processed data?
Your personal data that we can process depends partly on you - that is, whether you provide it to us or not.
Data that we may process in connection with your use of the Website may include:
- Your first and last name;
- e-mail adress;
- contact telephone number;
- additional information about yourself, which you can include in the completed forms or e-mail correspondence, or which you can provide during a telephone conversation with our Staff (but the conversations conducted are not recorded by us);
- the consent you have given (if we asked you for it for a purpose and you gave your consent);
- data on activity on our Website along with cookie files (IT data such as information about the operating systems you use, browser types, IP addresses, domain name, sources of visits and time spent on the website).
5. Which cookies provide information about you?
- cookies with data entered by the user (session identifier) for the duration of the session (user input cookies);
- authentication cookies used for services that require authentication for the duration of the session (authentication cookies);
- cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies);
- multimedia player session cookies (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
- persistent cookies used to personalize the user interface for the duration of the session or a little longer (user interface customization cookies);
- cookies used to monitor traffic on the website, i.e. data analytics, including Google Analytics cookies (these are files used by the Google company to analyze how the User uses the Website, to create statistics and reports on the functioning of the Website). Google does not use the collected data to identify the User and does not combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partner.
6.For what purpose and on what basis do we process your personal data?
We process your personal data in connection with our activities related to the operation of the Website, i.e. on the basis of and in connection with the concluded contract for the provision of electronic services and the operation of the online store, described in detail in the Regulations.
We may also process your data in connection with your notification of a breach of personal data protection rules or the implementation of your other rights, about which you will read further.
Below we indicate and describe specific goals:
- w for the purpose of providing services related to maintaining and servicing an account on the Website – the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR), but in the scope of optional data or the so-called sensitive (regarding health, addictions, etc.) the legal basis for processing is consent (Article 6 (1) (a) of the GDPR);
- in for the purpose of handling purchases made without registration on the Website or after registration – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR), but in the scope of optional data or the so-called sensitive (concerning health condition, addictions, etc.) the legal basis for processing is the consent granted (respectively Article 6 (1) (a) or Art. 9 sec. 2 lit. a) GDPR);
- marketing – if you agree to receive specific types of marketing messages from us (e.g. newsletter), we process your data in order to send these messages to you (based on art. 6 ust. 1 lit. a) RODO), wherein:
- we also use electronic communication tools, such as e-mail, to inform Users about new functionalities of the Website or other information that may be of interest to Users. The basis of such activity is art. 6 sec. 1 lit. f) GDPR;
- we assessed the impact of this activity on Users' privacy and, having considered Users' interests, we concluded that it would not have a negative impact on Users' privacy. The purpose of such use of personal data brings the Users significant benefits in the form of the possibility of tracking changes and news on topics of interest to them. Each User may resign from this type of activity by changing the settings on his account;
- debt collection and accountability – We process your personal data for the purpose of debt collection, court, arbitration and mediation proceedings, for archiving purposes and in order to provide us with the opportunity to account for the correctness of processing your data and fulfill other obligations under the law, e.g. documenting any breaches of personal data protection , including the circumstances of the breach of personal data protection, pursuant to art. 33 sec. 5 GDPR (based on art. 6 sec. 1 lit. f) or c) GDPR);
- statistics and maintenance of website functionality – We process the data from the analysis of cookies and server logs for the purpose of building anonymous statistics of visits to our website and Users' behavior, including for marketing purposes and for the purpose of developing the level of its usability, as well as to support the functionality of the website, such as form handling and content presentation related to our business;
7. How long do we process your personal data?
The period for which we process your personal data depends on the purpose of processing. And so accordingly:
- in for the purpose of providing services related to maintaining and servicing an account on the Website we process your data for the time in which you maintain your account on the Website, and in the scope of data provided voluntarily or data, the so-called sensitive to the withdrawal of your consent;
- in for the purpose of handling purchases made without registration on the Website or after registration we process your data until the contract is performed (i.e. the ordered product is delivered to you or the service is completed), and in the scope of voluntarily provided data or data, the so-called sensitive to the withdrawal of your consent;
- in marketing purposes we process your data until you object to such processing or until you withdraw your consent to conduct such activities;
- in in order to establish and pursue claims or defend against them we process your personal data until the end of the limitation period (this period will depend on the type of claim in accordance with the Civil Code or other legal acts regulating the principles of non-civil liability);
- w statistical purposes and maintaining the functionality of the Website we process data for the entire period in which you use the Website.
8. Who is the recipient of your personal data?
We can transfer your personal data to our contractors, i.e.
- entities / companies that provide us with services necessary for the proper functioning, e.g.
- companies providing delivery and maintenance services for database and other software, thanks to which we can keep appropriate records and e-mail communication;
- entities providing hosting services;
- consulting and law firms, as well as accounting offices, supporting us in our daily activities;
- other subcontractors with whom we cooperate to perform contracts concluded with you;
- operators of payments made by you;
- entities providing courier services to deliver the goods ordered by you;
- data from cookies that allow you to determine your geographic, statistical and demographic data - without revealing your identity - we also transfer to external entities using them to customize advertisements and other similar messages addressed to you.
For entities from each category, the Administrator provides only the data that is necessary to achieve the goals of cooperation.
9. Do we process your personal data automatically (including through profiling) in a way that affects your rights?
Your personal data may be processed in an automated manner (including in the form of profiling), however, it will not cause any legal effects to you or similarly significantly affect your situation.
Automated processing of personal data or profiling may be used for your data only for statistical and analytical purposes related to the improvement of our Website, as well as directing marketing messages to you, to which you have agreed or to which you have not objected.
10. How do we process personal data?
We process personal data in accordance with applicable law, in particular in accordance with the GDPR. We have the following rules in mind when processing your personal data:
- Adequacy rule. We process only the data that is necessary to achieve the given processing purpose; for each process, we analyzed the compliance with this rule;
- The rule of transparency. You should have full knowledge of what is happening with your data. This document, in which we try to provide you with full information about the rules for the processing of your personal data by us, is its manifestation;
- Regularity rule. We strive to keep your personal data processed by us up-to-date and truthful;
- Rule of integrity and confidentiality. We apply the necessary measures to protect the confidentiality and integrity of your personal data. We constantly improve them along with the changing environment and technological progress. Security features include physical and technological measures restricting access to your data, as well as appropriate measures to prevent loss of your data;
- The rule of accountability. We want to be able to account for each of our actions on personal data, so that, in the event of your inquiry, we can provide you with full and reliable information about what actions we have performed on your data.
11. What are your rights?
The provisions on the protection of personal data give you a number of rights that you can exercise at any time. As long as you do not abuse these rights (e.g. unjustified daily requests for information), exercising them will be free of charge and should be easy to implement.
Your rights include:
- The right to access your personal data. This right means that you can ask us to export from our databases the information we have about you and send it to you in one of the commonly used formats (eg XLSX, DOCX, etc.);
- The right to correct data. If you learn that the data we process is incorrect, you have the right to ask us to correct it, and we will be obliged to do so. In this case, we have the right to ask you to provide some document or other evidence of the change of data;
- The right to limit data processing. If, despite our adherence to the adequacy rule, you find that we process too wide a catalog of your personal data for a specific process, you have the right to request that we limit this scope. As long as your request does not contradict the requirements imposed on us by applicable law, we will accept your request;
- The right to request the deletion of data. This right, also known as the right to be forgotten, means your right to demand that we remove any information containing your personal data from our database systems and from our records. Remember that we will not be able to do this if we are required by law to process your data (e.g. store transaction documents for tax purposes). In any case, however, we will delete your personal data to the fullest extent possible, and where this is not possible, we will ensure their pseudonymization (which means that it is not possible to identify the data subject without the appropriate link key), thanks to which your data must be kept in accordance with applicable law, will be available only to a very limited group of people;
- The right to transfer data to another data controller. In accordance with the GDPR, you can ask us to export the data that you provided to us in the course of all our contacts to a separate file for further transfer to another data controller;
- The right to withdraw consent. If we process your personal data on the basis of consent, you can withdraw this consent at any time. Withdrawal of consent will not affect the lawfulness of the processing we have made on the basis of the consent expressed before its withdrawal. However, we would like to inform you that your personal data in the scope covered by the withdrawn consent, i.e. the purpose to which the consent concerned, will cease to be processed for this purpose. Nevertheless, your personal data subject to consent will be further processed in order to fulfill our obligations under the law, including in particular our obligation to account for the correctness of personal data processing, possibly for purposes based on our legitimate interest.
You can exercise the above-mentioned rights by contacting us at the e-mail address
email@example.com, with the note: " Personal data
In matters related to personal data, you can also write to us when an action or situation with which you encounter raises your concerns, whether it is definitely compatible
with the provisions, or does not violate your rights or freedoms. In this case, we will answer your questions and doubts and we will address the issue immediately.
If you believe that we have breached the rules for the processing of your personal data in any way, you have the right to lodge a complaint directly with the supervisory authority (from May 25, 2018 it is the President Personal Data Protection Office
). As part of exercising this right, you should provide a full description of the situation and indicate what action you consider to be violating your rights or freedoms. The complaint should be submitted directly to the supervisory authority.
12. What is the right to object?
We want to inform you separately that you also have the right to the so-called object to the processing of your personal data. You submit the right to object when you do not want us to process your personal data for a specific purpose carried out by us based on the so-called the premise of the legitimate interest of the administrator in accordance with art. 6 sec. 1 lit. f) GDPR (e.g. for marketing purposes). We will have to consider your objection when it is justified by the particular situation in which you find yourself.
If the objection is accepted, we will continue to process your data for the purposes of other processes (for other purposes), but not for the purpose for which you objected.
You can submit your right to object to the e-mail address firstname.lastname@example.org, with a note: ,,Personal data
13. Is it your responsibility to provide your data?
You provide us with your personal data voluntarily. There is no provision that would impose a legal obligation on you to provide them. However:
- if you want to conclude a contract with us, i.e. use the Website, including making purchases in the online store, you must provide data that will enable us to conclude and perform this contract, as well as its proper documentation for the accountability of the Administrator's actions.
- the personal data provided for contact purposes is necessary for us to be able to contact you. If you do not provide them, our communication with you will either be difficult (e.g. if you only provide an e-mail address, not a telephone number).
14. Do we share your data outside the EU (and within the European Economic Area?
Yes, we can transfer your data to a third country or to international organizations, in particular when using servers located outside the EEA. This is always done on the basis of a valid legal basis, such as:
- cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued;
- application of binding corporate rules approved by the competent supervisory authority;
- in the event of data transfer to the USA - cooperation with entities participating in the Privacy Shield program(Privacy Shield), approved by the decision of the European Commission.