WEBSITE PRIVACY POLICY

WWW.GETLEAN.PL

§1

GENERAL PROVISIONS

  1. The Administrator of the personal data collected via the www.getlean.pl website is Sabat Consulting S.C. Sabat Jan, Sabat Dorota, entered in the Central Register of Business Activity and Information of the Republic of Poland maintained by the minister responsible for economy, place of business and address for delivery: ul. Józefa Piłsudskiego 14/4, 33-100 Tarnów, NIP: 8732822326, REGON: 851788360, electronic mail address (e-mail): jans@progresja.com.pl, telephone number: +48 502 146 443, from now on referred to as the "Administrator" and being at the same time the "Service Provider".

  2. Regulation processes personal data collected by the Administrator through the website (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons about the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), from now on referred to as the "Administrator."

  3. Any words or expressions capitalized in the body of this Privacy Policy shall be understood as defined in the Terms of Service of www.getlean.pl.

§2

TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

  1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes the personal data of Service Recipients of the www.getlean.pl Website in the case of:

  • placing an order on the Website to perform the Sales Agreement based on Article 6(1)(b) of the RODO (performance of the Sales Agreement),

  • using the Contact Form or the Registration Form, based on Article 6(1)(b) RODO (interpretation of the agreement for the provision of electronic services by the Terms and Conditions of the Website).

  1. TYPE OF PERSONAL DATA PROCESSED:

  • Name,

  • company,

  • TIN,

  • Address,

  • Telephone,

  • E-mail address.

  1. PERIOD OF ARCHIVING PERSONAL DATA. The Administrator stores the Service Recipients' data:

  • The basis of data processing is the performance of a contract for as long as is necessary for the version of the agreement and, after that, for a period corresponding to the period of limitation of claims. Unless otherwise provided by a specific provision, the period of limitation shall be six years, and for periodic performance claims and claims related to the running of a business, three years.

  • Where data processing is based on consent, for as long as the license is not revoked, and after revocation of the permission for a period corresponding to the period of limitation of claims which the Administrator may raise and which may be raised against him. Unless otherwise stipulated by a specific provision, the period of limitation is six years and three years for claims for periodic performance and claims related to the conduct of business activity.

  • When using the Website, additional information may be collected, mainly the IP address assigned to the Client's computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.

  • Navigation data may also be collected from Service Recipients, including information on links and references they choose to click on or other actions they take on the Site. The legal basis for such activities is the Administrator's legitimate interest (Article 6(1)(f) RODO) in facilitating the use of services provided electronically and in improving the functionality of these services.

  • The provision of personal data by the Service Recipient is voluntary.

  • Personal data will also be processed automated by profiling, provided the Client consents to this based on Article 6(1)(a) RODO. Profiling will result in assigning a profile to a person to make decisions concerning them or to analyze or predict their preferences, behavior, and attitudes.

  • The Client has the right to object at any time to the processing of their data to the extent referred to in point 7 of this paragraph, to be informed of the modalities and scope of profiling of personal data, and the right to erasure, restriction, correction, rectification and transfer to another entity of personal data.

  1. The controller shall take particular care to protect the interests of the data subjects and, in particular, shall ensure that the data it collects are:

  • processed lawfully,

  • collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes,

  • Substantively correct and adequate about the purposes for which they are processed, and kept in a form that permits identification of data subjects for no longer than is necessary to achieve the purpose of the processing.

§4

SHARING OF PERSONAL DATA

  1. The personal data of the Service Recipients are provided to the service providers used by the Administrator in running the Site. Depending on the contractual arrangements and circumstances, the service providers to whom personal data is transferred are either subject to the Administrator's instructions on processing such data (processors) or determine the purposes and means of processing themselves (controllers).

  2. Service Recipients' data are stored exclusively in the European Economic Area (EEA).

§5

THE RIGHT TO CONTROL, ACCESS AND RECTIFY ONE'S DATA

  1. The Data Subject has the right to access the content of their data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out based on consent before its withdrawal.

  2. Legal grounds for the Service Recipient's request:

  • Access to data- Article 15 RODO.

  • Rectification of data- Article 16 RODO.

  • Deletion of data (so-called right to be forgotten) - Article 17 RODO.

  • Restriction of processing- Article 18 RODO.

  1. The service user has the right to request the restriction of processing their data for a certain period or within a specific scope.

  • Data portability - Article 20 RODO. To do so, contact the Administrator, stating the name and address of the entity to which the data are to be transferred and the scope of the data. The transfer will take place electronically after confirmation of this request by the Service Recipient.

  • Objection - Article 21 RODO. The Service Recipient has the right to object to the processing of their data in its entirety and to the extent indicated by them.

  • Withdrawal of consent - Article 7(3) RODO. Consent to data processing may be revoked at any time without stating a reason. The request may concern the withdrawal of consent only for a specific purpose or for all purposes of processing personal data.

  1. To exercise the rights referred to in point 2, you can send an appropriate e-mail to adres:jans@progresja.com.pllub address your request in writing to Józefa Piłsudskiego 14/4, 33-100 Tarnów.In the above written or electronic message, please provide as much information as possible concerning the subject of the request, in particular, the identification of the right that the Service Recipient wishes to exercise under point 2 of this paragraph and contact details. The information provided will significantly facilitate and expedite the Administrator's consideration of the request.

  2. Suppose the Client requests the exercise of rights under the preceding rights. In that case, the Administrator shall either comply with the request or refuse to comply (point 6 of this paragraph) immediately but no later than within one month of receipt. However, if - due to the complex nature of the request or the number of bids - the Administrator is unable to comply with the request within one month, he shall comply with the request within a further two months, informing the Service Recipient in advance - within one month of receipt of the proposal - of the intended extension of the deadline and the reasons for it.

  3. Suppose it is determined that the processing of personal data violates the provisions of the RODO. In that case, the data subject has the right to complain to the President of the Data Protection Authority.

  4. The right to erasure ("right to be forgotten") under Article 17(1) and (2) of the RODO does not apply insofar as the processing is necessary for:

  5. To exercise the right to freedom of expression and information, to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the controller is subject, or for the performance of a task carried out in the public interest or the exercise of official authority vested in the controller, for reasons of public interest in the field of public health by Article 9(2)(h) and (i) and Article 9(3) of the RODO,

  6. For archival purposes in the public interest, for scientific or historical research purposes, or statistical purposes by Article 89(1) RODO, insofar as the right referred to in paragraph 1 of Article 17 RODO is likely to prevent or seriously impede the purposes of such processing; or for the establishment, investigation, or defense of claims.

§6

COOKIES

  1. The Administrator's Website uses "cookies."

  2. The installation of cookies is necessary for the proper provision of services on the Website. Cookies contain the information required for the appropriate functioning of the Website, and they also provide the possibility to develop general statistics on website visits.

  3. The Website uses two types of "cookies": "session" and "permanent."

  4. "Session" "cookies" are temporary files that are stored on the final device of the Service Recipient until logging out (leaving the Website).

  5. "Permanent" "cookies" are stored on the Service Recipient's terminal equipment for the time specified in the parameters of the "cookies" or until the Service Recipient deletes them.

  6. The Administrator uses its cookies to understand better how the Service Recipients interact with the Website's content. The cookies collect information about how the Client uses the Website, the type of Website from which the Client was redirected, the number of visits, and the length of the Client's visit to the Website. This information does not record specific personal data of the Client but is used to compile statistics on the use of the Website.

  7. The Client has the right to decide on the access of cookies to their computer by selecting them in advance in their browser window. Detailed information on the possibility and methods of using cookies is available in the software (web browser) settings.

  8. Users of the Website may change their cookie settings at any time. These settings can be changed in such a way as to block the automatic handling of cookies on the grounds of the Internet browser or inform on their placement in the device of the user of the Website. Please change your cookie settings so that cookies will be placed on your terminal equipment and that we will store information on your terminal equipment and access this information.

  9. Turning off cookies may make it difficult to use certain services on the Website, particularly those requiring a login.

§7

FINAL PROVISIONS

  1. The Administrator shall apply technical and organizational measures to ensure the protection of the processed personal data appropriate to the risks and the category of data protected, and in particular to safeguard the data against their access to unauthorized persons, against their being taken by an unauthorized person, against their being processed in breach of the applicable regulations, and against their alteration, loss, damage or destruction.

  2. The Administrator shall make available appropriate technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.

  3. In matters not covered by this Privacy Policy, the provisions of the RODO and other applicable laws shall apply accordingly.