Privacy policy

1. GENERAL PROVISIONS

 

1. This document constitutes a description of the Privacy Policy of 7R S.A. with its registered office in Kraków (address: ul. Ludwinowska 7, 30-331 Kraków), entered into the register of entrepreneurs of the National Court Register kept by the District Court for Kraków Śródmieście in Kraków, 11th Commercial Division of the National Court Register under KRS No.: 0000379632, Tax ID No. (NIP): 6772320831 and Statistical No. (REGON): 120812966, hereinafter referred to as: “the Company”. The purpose hereof is to define the principles, method of processing and use of data and information originating from users of the website administered by the Company, including those contacting the Company through the contact indicated therein, and it contains information on the rights of natural persons with regard to the personal data provided by them.

 

2. Please read this policy carefully. By accessing or using the website, sending us any personal data or contacting us using the telephone number, fax number or email address indicated at the Company’s website, the user agrees to the terms of this Privacy Policy.

 

3. Please note that leaving the Company’s website (e.g. through a link to a website in another domain), the user will be transferred to an area where this Privacy Policy does not apply. The Company shall not be held responsible for the privacy policies of third-parties’ websites.

 

2. PERSONAL DATA CONTROLLER

 

1. The Company is the Controller of the personal data provided by the users at the Company’s website: http://www.InSite7R.com/

 

2. The Company exercises due diligence to ensure that all personal data are processed in accordance with the purpose for which they were collected and used in accordance with the conditions and categories of data processed permitted by law.

 

3. CONTACT

 

In all matters related to data protection and processing of personal data originating from users of the website administered by the Company, as well as establishing contact with the Company using the phone number, fax number or e-mail address indicated at the Company’s website, the Company may be contacted via e-mail: administrator.rodo@7rsa.pl or in writing to the address of the Company indicated in item 1.1. above.

 

4. INFORMATION SECURITY AND SAFEKEEPING AND DATA PROCESSING RULES

 

1. The Company ensures the security of personal data through appropriate technical and organizational measures aimed to prevent unlawful data processing and their accidental loss, destruction and damage. The Company’s website and the contact form at the Company’s website are encrypted.

 

2. The Company exercises due diligence to ensure that personal information is processed in accordance with the principles of personal data processing specified in the GDPR, that is:

 

 

a. processed lawfully, fairly and in a transparent manner in relation to the data subject (lawfulness, fairness and transparency);

 

b. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”);

 

c. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);

 

d. accurate and, where necessary, kept up to date; personal data that are inaccurate, having regard to the purposes for which they are processed, will be deleted or rectified without delay (‘accuracy’);

 

e. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (“storage limitation”);

 

f. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

 

 

5. PURPOSE OF PERSONAL DATA PROCESSING AND LEGAL BASIS

 

1. The Company collects personal data when:

a. a user of the website administered by the Company contacts the Company by means of a contact form;

 

b. the user of the website administered by the Company subscribes to the newsletter;

 

c. the data subject contacts the Company using the telephone number provided at the website;

 

d. the data subject contacts the Company using the e-mail address or fax no. provided at the website.

 

2. Each time the purpose of data processing by the Controller results from actions taken by users of the website administered by the Company, as well as establishing contact with the Company using the phone number, fax number or e-mail address indicated at the Company’s the website.

 

3. The purposes and legal bases for the collection of personal data in such cases shall be as follows:

 

a. in the event of a contact form (including for the purpose of subscription to the newsletter) or contact using e-mail address/fax number, personal data will be processed in order to contact the data subject once in a specified form with regard to the demand, e.g. presentation of an offer, provision of information – legal basis: Article 6, section 1, letter f of the GDPR (providing answers to requests and inquiries made using the contact form or in another form, including storing relevant requests and answers provided in order to comply with the principle of accountability);

 

b. in the case of telephone contact and recording of conversations during which personal data may be transferred, the data will be processed in order to enable contact with the data subject in relation to the demand, e.g. presentation of an offer, provision of information – legal basis: Article 6, section 1, letter f of the GDPR (responding to requests and inquiries made using a contact form or in any other form, including storing relevant requests and answers provided in order to comply with the principle of accountability);

 

c. in the case of simultaneous consent to receive marketing communications, personal data will be used to present information on the products and services of the Company or entities belonging to the 7R capital group, whose current list is attached to this Privacy Policy / whose current list is HERE; providing the data and giving such consent is voluntary, however the lack thereof will prevent receiving marketing communications – legal basis: Article 6, section 1, letter a of the GDPR (marketing activities promoting the business conducted using e-mail addresses and telephone numbers),

 

d. in the event of concluding an agreement with the Company, personal data shall be used for the purposes of the implementation thereof – legal basis: Article 6, section 1, letter b of the GDPR.

 

6. PERIOD OF PERSONAL DATA PROCESSING

 

1. The Company examines whether personal data processed by it are not processed for a longer period than is necessary for the purposes for which the data are processed.

 

2. Personal data processed on the basis of the granted consent will be processed until such consent is revoked or the purpose for which they were collected ceases to exist. The consent granted may be revoked at any time without affecting the lawfulness of processing carried out on the basis of the consent prior to its revocation.

 

3. Data provided using the contact form or during telephone contact, by fax or e-mail will be processed for the time of meeting the demand, e.g. presentation of an offer, providing information, but not longer than 2 years in order to comply with the principle of accountability.

 

4. Data processed in connection with the presentation of an offer, provision of services, conclusion and performance of an agreement will be processed in accordance with the applicable regulations, however, no longer than until the expiry of the period in which the Company or the data subject may pursue claims related thereto.

 

5. Data processed for the purpose of direct marketing will be processed until consent is revoked or objections are raised.

 

7. USER RIGHTS

 

1. The Company is responsible for exercising the rights of persons whose data are processed in accordance with the applicable provisions of law. Should you have any questions or requests regarding the scope and exercise of your rights, or if you would like to contact us precisely in order to exercise your specific data protection right, please contact us by e-mail at: administrator.rodo@7rsa.pl. The Company reserves the right to exercise the following rights after a positive verification of the identity of the person applying for a given action.

 

2. Access to personal data. Natural persons have the right to access data held by the Company.

 

3. Change of personal data. Natural persons have the right to change, including update, their personal data processed by the Company.

 

4. Revocation of consent. Where personal data are processed on the basis of consent, natural persons have the right to revoke their consent at any time.

 

5. The right to limit or object to the processing of personal data. Natural persons shall have the right to restrict or object to the processing of their personal data at any time on account of their particular situation, unless such processing is required by law.

 

6. The right to request the deletion of data and the right to data transfer. Natural persons shall have the right to request the deletion of data when they are no longer necessary for the purpose for which they were collected, in the event of revocation of consent, in the event of objection to processing or when the processing is unlawful. The right to data transfer, on the other hand, applies when a person’s data are processed on the basis of a consent or an agreement and when the processing is carried out automatically. In such a case, the Company issues or provides to the indicated entity the data of the person who requests it, in a structured, commonly used format suitable for machine readout.

 

7. The Company informs that there is no obligation to delete data if the processing is necessary to: fulfill a legal obligation of processing under EU or the Polish law, or to perform a task in the public interest, or to establish, pursue or defend a claim.

 

8. Whenever it is found that a natural person’s rights under the law and this Privacy Policy are violated, the natural person shall have the right to lodge a complaint with the President of the Office for Personal Data Protection.

 

8. SCOPE OF PROVISION OF DATA ON USERS

 

1. The Company declares that it shall not sell, share or transfer the personal data collected for processing to other persons or institutions, unless it is done with the express consent or at the request of that person or at the request of state authorities authorized under the law, for the purposes of the proceedings conducted by them.

 

2. The Company informs that personal data processed by the Company, including data processed for marketing purposes, may be made available to entities from the 7R Capital group, the current list of which constitutes an appendix to this Privacy Policy/the current list of which may be found HERE. Article 6, section 1, letter f) of the GDPR (and motif 48 of the GDPR) constitutes legal basis for the foregoing, and therefore such processing of personal data shall take place when it is necessary for the purposes resulting from the legitimate interests pursued by the Company, except when the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, in particular when the data subject is a child, take precedence over those interests.

 

3. The Company informs that personal data processed by the Company, including data processed for marketing purposes, may be made available to other entities only if it is permitted by law. In such a case, in a relevant agreement concluded with a third party, the Company provides for security provisions and mechanisms in order to protect data and maintain the Company’s standards in terms of data protection, confidentiality and security. Such agreements are called personal data processing outsourcing agreements, and the Company has control over how and to what extent the entity to which the Company has entrusted the processing of certain categories of personal data processes such data. Therefore, we wish to point out that the recipients of personal data processed by the Company as a personal data controller may be entities processing personal data pursuant to data processing agreements concluded with the Company, including financial institutions, whereas the Company transfers personal data to such entities only to the extent that it is actually necessary to achieve the purpose of concluding and performing the agreement with a data subject.

 

 

9. TRANSFER OF DATA OUTSIDE EEA

 

The Company informs that personal data processed by the Company shall not be transferred outside the EEA.

 

10. AMENDMENTS TO THE PRIVACY POLICY

 

The Company undertakes to review this Privacy Policy regularly and to amend it if necessary due to: new legislation, new guidelines of authorities responsible for supervision over personal data protection processes, practices in the area of personal data protection. The Company also reserves the right to amend this Privacy Policy in the event of changes in the technology used to process personal data (in so far as such changes affect the wording of this document), as well as in the ways, purposes or legal bases of the processing of personal data by the Company.