The following document constitutes the implementation of information policy of BookingHost Sp. z o.o. (“Company”) towards the users of web pages of https://tormet.com.pl website (“Website”) in all aspects of personal data processing and protection. We indicate that we attach great significance to protection, collection, processing, and use of your personal data in accordance with the applicable regulations.
- Information concerning the Controller and personal data collection
1.1. The Controller within the meaning of Article 4(7) of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: Regulation) with regard to your personal data is BookingHost
Sp. z o.o. with registered office in Warsaw, ul. Al. Jana Pawła II 22, NIP [Tax Payer Identification Number]: 7010556748, REGON [Statistical number]: 363905731, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under no. WA.XII NS-REJ.KRS/83019/17/221 (hereinafter: Controller).
1.2. Contract of sale with natural persons conducting economic activity, including partners in civil law partnerships (business client). The Controller processes the provided personal data for the necessary purpose of ensuring appropriate Website functioning, especially to the extent required for registering accounts, placing orders, fulfilment of contract of sale, accounting and financial reporting, and pursuing claims. For that purpose, the Controller collects your personal data, such as: name and surname, company name, address, NIP [Tax Identification Number], phone number, email address. Moreover, the data concerning the placed orders is collected as well. Providing this personal data is essential for contract fulfilment, and the processing is based on point (b) of Article 6(1) of the Regulation.
1.3. Contract of sale with natural persons who do not conduct economic activity (retail client). The Controller processes the provided personal data for purposes indicated below, based on legitimate interests of the Controller as the owner and Website operator (point (f) of Article 6(1) of the Regulation), namely ensuring appropriate Website functioning,
including electronic payment, handling requests submitted in accordance with point 6 of this policy, ensuring safety of electronically provided services, and counteracting fraud and abuse.
1.4. The Controller collects and processes your personal data also for marketing purposes. Personal data processing by the Controller for marketing purposes is conducted only with your consent, based on point (a) of Article 6(1) of the Regulation. Providing personal data for marketing purposes is voluntary, at the discretion of the data subject, and its processing by the Controller is dependent on the data subject’s consent. You can withdraw the consent at any time without affecting the lawfulness of processing conducted based on the consent before its withdrawal. More on the conditions of consent provision and withdrawal in point 3 of this policy. The Controller can sometimes use the automated processes, including profiling, for the personal data analysis to send you personalised offers and marketing information or present them on the Website. Such processing takes place based on your consent. However, you can always cancel such marketing, including profiling connected with such activities.
1.6. The Controller stores your personal data only for a time period necessary to fulfil the contract, including pursuing claims and complying with the requirements under applicable law provisions, including tax provisions. In case of personal data processed for marketing purposes, the Controller stores the provided personal data for a time period necessary for the processing purpose or until the withdrawal of consent. After the expiry of these periods, your personal data will be removed.
- The rights of data subject
2.1. You have the right to obtain confirmation from the Controller whether your personal data is being processed, the right to request for access to this data, and the right to obtain information from the Controller concerning the purposes of processing
and personal data categories, information about the recipients or categories of recipients to whom the personal data has been disclosed, planned period for which the personal data will be stored, source of data in case when it was collected from another source than the data subject, and information whether the Controller makes automated decisions towards the data subject, based on, among others, profiling. You also have the right to obtain the copy of the data.
2.2. Moreover, you have the right to demand the rectification of personal data, the right to demand the erasure of personal data, the right to demand the restriction of processing, the right to move personal data, and the right to object to processing. You may pursue these rights:
2.2.1. with regard to demanding the rectification of personal data: when your personal data is incorrect or incomplete;
2.2.2. with regard to demanding the erasure of personal data: when your personal data is no longer necessary for purposes for which it was collected by the Controller; when you revoke your consent for personal data processing; when you object to the processing of your personal data; when your personal data is processed unlawfully; the data should be erased to fulfil
the legal obligation or when the personal data was collected as part of providing information society services;
2.2.3. with regard to demanding the restriction of personal data processing: when your data is incorrect – you can demand the restriction of its processing for the period allowing the Controller to check the correctness of the data; when your personal data processing is unlawful, but you do not want the data to be erased; when your personal data is no longer needed by the Controller, but you need it to determine, pursue, or defend claims; or when you object to personal data processing – until it is verified whether the legally justified grounds of the Controller override the grounds of the data subject;
2.2.4. with regard to demanding the moving of personal data: when the processing of your personal data takes place on the basis of the provided consent or contract and when the processing takes place in an automated manner;
2.2.5. with regard to the right to object: when the processing of your personal data takes place on the basis of legitimate interests
and the objection is justified by your exceptional situation, and when your personal data is processed for direct marketing purposes, including profiling.
2.3. You also have the right to lodge a complaint with a supervisory authority
if you recognise that the processing of your personal data breaches the provisions of the Regulation.
2.4. The implemented safety procedures mean that we can ask you to confirm your identity before exercising your rights.
- Consent to the processing of personal data
3.1. If the Controller processes personal data that is not necessary for carrying out the service, the provision of personal data is always voluntary, with your prior consent to the processing of the provided personal data.
3.2. Consent is provided after familiarising yourself with the following policy through ticking the appropriate selection window. In such a case, you give your consent to collecting and processing of the provided personal data by the Controller for the purpose that is explicitly indicated during the process of consent provision.
3.3. At any time, you can withdraw your consent in the same manner that you provided it, that is through ticking off the appropriate selection window. Furthermore, you can withdraw your consent by sending a statement concerning consent withdrawal to the Controller in a way indicated in point 6 of this policy.
3.4. Consent withdrawal does not affect the lawfulness of processing conducted based on the consent before its withdrawal.
- Information about recipients / categories of recipients of personal data
4.1. The Controller also partially uses the services of external service providers who, on behalf of the Controller, conduct personal data processing, e.g. hosting service providers, postal service providers, providers of marketing and email management systems, website traffic analysis, marketing campaign efficiency analysis, supporting Account functionality, payment service providers, courier companies, audit companies, insurance companies, entities involved in pursuing claims. However, transferring personal data can be only used for the purpose of their service provision. The Controller uses only services of entities who provide sufficient data protection safeguards. Personal data processing by these entities takes place on the basis of written contracts concluded with the Controller. These entities follow Controller’s guidelines and are subject to Controller’s audits.
- Personal data safety
5.1. The Controller processes your personal data in accordance with the provisions of the Regulation, including the application of appropriate technical and organisation measures for the purpose of providing safety and appropriate confidentiality of personal data, in particular protection against unauthorised access, unauthorised modification, disclosure, or destruction of data.
5.2. During the data acquisition process as part of the account registration and purchasing, the personal data transfer takes place by way of encrypted SSL connection.
5.3. Protecting your password and computer against unauthorised access is of great importance. Once you finish using a shared computer, remember to always log out of the Website.
- Contact details
6.1. All demands, requests, notifications, inquiries concerning the processing of personal data can be made via email to : ……………….. or in written form to the following address: BookingHost Sp. z o.o. ul. Al. Jana Pawła II, 00-133 Warszawa.