Privacy Policy - Tromplo

GENERAL PROVISIONS
1. The administrator of personal data collected via the Service Tromplo Agnieszka Janarek (“Administrator”).
2. Users’ personal data are processed in compliance with the rules provided for in the GDPR, i.e. Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; repeal of Directive 95/46 / EC (general data protection regulation, hereinafter ” GDPR “), as well as in accordance with the rules provided for in the Polish law on the protection of personal data, implementing acts on this and the act on the provision of electronic services of 18 July 2002. (Journal of Laws of 2002, No. 144, item 1204, as amended).
3. In order to implement the statutory requirements, the Administrator selects and applies appropriate technical and organizational measures to ensure protection of the data being processed and protects the data against disclosure to unauthorized persons as well as against its processing in violation of applicable law.
4. Terms written in this document from a capital letter have the meaning assigned to them in the Regulations of the Service (hereinafter: “Regulations”), unless there are separate definitions of these terms in this document.
LEGAL BASIS FOR DATA PROCESSING
1. All personal data are governed by the Service on a voluntary basis.
2. Personal data are collected by the Administrator during Registration on the basis of art. 6 par. 1 lit. a GDPR, i.e. explicit consent of the User to the processing of these data, provided for the purpose of setting up an Account on the Service. The aforementioned consent is confirmed by the acceptance of the content of the Regulations and the Privacy Policy.
3. Email address and phone number of the User are processed by the Administrator in order to send to this User commercial information to the indicated email address and phone number on the basis of art. 6 par. 1 lit. a GDPR, i.e. explicit consent of the User provided by appropriate functional windows placed on the Service sites.
4. Personal data collected during the use of the Electronic Services by the User, including conclusion of contracts, are processed by the Administrator on the basis of art. 6 par. 1 lit. b GDPR, i.e. taking actions necessary to conclude a contract and the necessity to perform the contract by the Administrator for an actual User. In addition, the possibility of such processing of personal data is confirmed by the acceptance of the content of the Terms and Conditions and the Privacy Policy. Personal data collected during the use of the Service are being integrated with the personal data of the User collected as part of the Account in order to improve the use of the Service.
5. In addition, the Administrator processes personal data collected automatically while using the Service (including tools used to work with the Service) provided by the Users voluntarily on the basis of art. 6 par. 1 lit. f GDPR, i.e. due to legally justified purposes implemented by the Administrator, and in particular for the purpose of direct marketing of the Administrator’s products or services, as well as in order to optimize, improve and personalize the functions of the Service and to create statistics. The administrator ensures that such processing will not violate the rights and freedoms of the data subjects.
6. As a rule, personal data provided voluntarily by the User are not combined with automatically collected data informing about the way the User uses the Service. The Administrator informs that due to technical reasons sometimes such a combination may occur. However, in such a situation the data will be processed by the Administrator only due to legally justified purposes realized by the Administrator, in particular to optimize, improve and personalize functions of the Service and in order to create statistics for internal Administrator’s requirements.
7. If the User provides separate consent, his personal data (email address, phone number) may be processed for the purpose of sending commercial information about the goods or the Administrator electronically, especially to the email address provided during the registration process or to the phone number provided in the Account via SMS / MMS. The User has the right at any time to demand the cessation of sending commercial information to him electronically or to stop using his phone number for direct marketing purposes.
8. Data processed for purposes related to registration will be processed until the deletion of the Account (which results in termination of the contract for the provision of Electronic Services).
9. Data processed in connection with the conclusion of contracts will be kept during the limitation period of claims under contracts for the provision of services. Due to the need to fulfil tax and accounting obligations, part of this personal data will be kept for a period of 6 years from the date of performance of individual Contracts.
10. Data processed for the purpose of sending commercial information (on email address or phone number) will be processed until the relevant approvals are withdrawn.
11. The information necessary to handle the complaint will be processed until the entitlements from it expire.
12. Personal data for purposes of contact with the Administrator will be processed during the period of this contact, and later will be archived for a period of 3 years from the end of contact, which is justified by the need to reproduce the content of such contact in connection with investigation of possible claims.
13. Data processed in connection with the investigation of possible claims, as well as for archiving purposes, will be processed for a maximum period of 6 years from the end of the contract. The exact time in which the Administrator is entitled to process the data is indicated in the Regulations.
PURPOSE AND SCOPE OF DATA COLLECTION AND DATA RECIPIENTS
1. Each time, the purpose, scope and recipients of data processed by the Administrator result from the consent of the User or the law and are further specified as a result of actions taken by the User on the Service or other communication channels with the User.
2. The Administrator takes special care to protect the interests of the data subjects, and in particular ensures that the data collected by him are processed:
  – lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
  – collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”);
  – adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
  – accurate and, where necessary, kept up to date (“accuracy”);
  – kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”);
  – processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).
3. The User provides following personal data:
  – during the process of registering an Account on the Service: tromplo.com,
  – during the use of the Service: tromplo.com,
  – during the conclusion of contracts: tromplo.com.
4. The user may also not provide the above-mentioned data, however, in this case the Administrator may not be able to perform the contract. Due to the nature of some of the services available on the Service, the User may be asked to provide additional personal data. The scope of additional data will be indicated on the relevant sites of the Service.
5. Possible purposes of collecting Users’ personal data by the Administrator:
  – conclusion and performance of the contract,
  – settlement of contracts, possible complaints and archiving,
  – current contact related to concluded contracts,
  – implementation of marketing activities of own products and services (in the traditional form),
  – with a separate consent – for the purpose covered by the statement, for example, in order to send Users electronically (via the provided email address or phone number) commercial information about the goods or the Administrator and by accepting the Regulations and this Privacy Policy.
6. Possible recipients of Users’ personal data:
  – employees, associates of the Administrator;
  – subjects entitled to receive them under applicable law;
  – in the case of a User who uses the electronic payment method or payment card on the Service, the Administrator provides the collected personal data of the User, to the selected entity servicing the above payments on the Service. Such an entity directly implements the contract concluded with the User for the Administrator, so provided data are only for the proper implementation of such contract;
  – firms or a person based on relevant contracts, i.e. a data entrustment contract.
7. Subjects entrusted with the processing of personal data under a separate contract are obliged to observe the principles of confidentiality and security of personal data, in particular, not sharing data with unauthorized persons, and to use physical and technical security measures, adequate to the way of processing such data. The Administrator provides the User, upon his request, with detailed information about the entity entrusted with the processing of data, the scope of entrusted data and the date of their transfer. In addition, in this mode the Administrator also provides access to up-to-date and detailed information on technical means used or made available by the Administrator to prevent the acquisition and modification by unauthorized persons of personal data sent by Users electronically.
8. Personal data of the Users who gave their consent to receive newsletters prepared by the Administrator will be transferred to a third country respecting the rules of articles 44 – 49 GPDR.
9. Personal data of the Users mentioned above will be transferred to the company registered in the United States of America to the extent necessary to provide services connected with the newsletter and will be based on the agreement between the Administrator and the company.
USERS’ RIGHTS
1. Every person whose personal data refers to has the right to:
  – access to the data;
  – rectification of the data;
  – delete of the data;
  – limitations of the data processing;
  – object to the data processing;
  – submit a complaint to the supervisory body.
2. An appeal or objection regarding the processing of personal data for the purpose of registering and maintaining an Account on the Service is done by sending a message via the contact form available on the website or sending an e-mail to [email protected], by phone at +48 509 217 119 or by registered mail at address of the Administrator’s office.
3. After objection or withdrawing of the consent, the User’s personal data will no longer be used for these purposes.
4. The User may change or supplement personal data by making direct changes after logging into his Account on the Service or by sending an application from the address registered by the User on the Service to tromplo.com.
5. The User has the right to file a complaint related to the processing of personal data by the Administrator to the President of the Office for Personal Data Protection.
6. Contact with the person supervising the processing of personal data in the Administrator’s office is possible via e-mail: [email protected].
CONTACT WITH THE ADMINISTRATOR
1. The User may at any time directly contact the Administrator by sending a relevant message in writing form or by e-mail to the Administrator’s address indicated at the beginning of the Policy.
2. The Administrator stores correspondence with the User for statistical purposes and for the best and quickest response to emerging inquiries, as well as in the scope of complaint settlements and decisions made on the basis of notifications of administrative interventions in the indicated Account. The addresses and data collected in this way will not be used to communicate with the User for purposes other than the implementation of the application.
3. When the User contacts the Administrator in order to perform certain actions (e.g. submit a complaint) using the form, the Administrator may again ask the User to provide data, including personal data, e.g. in the form of name, surname, e-mail address, etc . to confirm the identity of the User and allow for a return contact in an actual case. The above applies to the same data, including personal data, which were previously provided by the User and on whose processing the User consented. Providing these data is not mandatory, but may be necessary to perform actions or obtain information that interests the User.
SECURITY
1. The Administrator applies appropriate technical and organizational measures to ensure security of personal data being processed adequate to the threats and categories of data protected, in particular, protects data against unauthorized access, removal by an unauthorized person, processing in violation of applicable laws and against change, loss, damage or destruction.
2. Taking into account the state of technical knowledge, the cost of implementation and the nature, scope, context and purposes of processing and the risk of violating the rights or freedoms of individuals with different probability of occurrence and threat severity, the administrator implements appropriate technical and organizational measures to ensure a level of security corresponding to this risk, including inter alia, if applicable:
  – encryption of personal data;
  – the ability to continually ensure the confidentiality, integrity, availability and resilience of processing systems and services;
  – the ability to quickly restore access to and access to personal data in the event of a physical or technical incident;
  – regular testing, measuring and evaluating the effectiveness of technical and organizational measures to ensure the security of processing.
FINAL PROVISIONS
1. In order to make the Service even more attractive to the User, the Administrator uses “cookies.” A “cookie” is a small file containing a string of characters that is sent to the User’s computer while using the Service. The information collected automatically using “cookies” allows to adapt the services and content offered by the Administrator to the individual needs and preferences of the User, as well as to develop general statistics on the User’s use of the Service. Thanks to the “cookie” file, the User’s browser can be recognized by the website belonging to the Administrator. Most of the “cookies” used by the Administrator are deleted from hard disk of the User (“session cookies”) after the session ends. Other “cookies” remain on the User’s computer in order to enable the User’s computer to be recognized during the next visit (“persistent cookies”). The Administrator’s partner firms may not collect or process personal data obtained through “cookie” files from the User. Turning off the option to save “cookies” may hinder or prevent the use of the Service.
2. The Administrator reserves the right to send Users unsolicited messages that are not commercial information. This includes information referring directly to the functioning of the Service (e.g. changes in functioning), transactions carried out through the Service (e.g. requests to complete a survey) or customary non-commercial messages (e.g. greetings, system messages). The messages described above may be sent to the User by entities acting for the Administrator on the basis of relevant agreements for entrusting personal data for processing.
3. The Service may contain links (e.g. in the form of logos of third parties) which, if clicked, redirect the User to an external website. The fact of using such references cannot be equated with the existence of a connection between the Administrator and the subject to which the external website belongs. The Administrator is not responsible for the effects of this type of redirection in any case or affect the content of external websites. The Administrator is not responsible for the content of privacy and security policies on these websites, nor for “cookies” used during browsing them. We encourage Users using this type of reference to read the relevant legal documents on these sites.
4. Services and functions within the Service may be extended over time, which means that the Administrator reserves the right to make changes to this Privacy Policy, while retaining the rights previously acquired by Users. Each person using the Service in any way is subject to the current Privacy Policy. Changes can occur, among others for the following important reasons:
  – changes in existing regulations, in particular in the scope of personal data protection, telecommunications law, services provided electronically and regulating consumer rights, affecting our rights and obligations or the rights and obligations of the User;
  – development of functionality or Electronic Services dictated by the advancement of internet technology, including the application / implementation of new technological or technical solutions affecting the scope of the Privacy Policy.
5. The Administrator will each time post information about changes to the Privacy Policy as part of the Service. With every change, the new version of the Privacy Policy will appear with a new date.
6. In the event of doubts or inconsistencies between the Privacy Policy and consents granted by the User, regardless of the provisions of the Privacy Policy, the basis for taking up actions and determining the scope of activities are always the consents provided freely by the User or legal provisions.
7. The User’s personal data may also be processed in an automated manner, including in the form of profiling. The consequence of profiling will be the assignment of a profile to an actual person for the purpose of analyzing or predicting the User’s preferences, his behavior, attitudes and adapting information provided to the User via the Service.