PRIVACY POLICY AND COOKIE POLICY

 

By using the website www.pro.r3.org.pl and the online store operated under the name PROR3, you accept the terms of this Privacy Policy and Cookie Policy.

We encourage you to read these provisions carefully. The table of contents below is intended to help you navigate the Policy. It explains how we process and protect your Personal Data, the purposes and legal bases for doing so, your rights, and the third parties with whom we may share your data.

 

TABLE OF CONTENTS

 

TABLE OF CONTENTS

• 1 General Provisions
• 2 Definitions
• 3 Personal Data and Rules of Processing

Who is the Controller of the User’s Personal Data?

Is providing data voluntary? What are the consequences of not providing it?

For what purposes and on what legal basis is the User’s Personal Data processed?

Recruitment

How is data collected?

What are the User’s rights?

Can the User withdraw their consent?

Does the Controller transfer Personal Data to third countries?

How long is Personal Data stored?

Links to other websites

Social media activity – Facebook

Social media activity – Instagram

Social media activity – TikTok

Social media activity – LinkedIn

Data security

Who can be recipients of Personal Data?

Has a Data Protection Officer been appointed?

Does the Controller profile Personal Data?

• 4 Forms
• 5 Disclaimer and Copyright
• 6 Technologies
• 7 Cookie Policy
• 8 Cookie Consent
• 9 Server Logs

 

§1 GENERAL PROVISIONS

 

1. This Privacy Policy and Cookie Policy set out the rules for the processing and protection of Personal Data provided by Users, as well as the use of cookies and other technologies on the website available at www.pro.r3.org.pl and in the PROR3 online store accessible at the same address.
2. The Controller of the Website and Personal Data provided on it is PRO R3 Organizacja Odzysku Opakowań S.A., with its registered office in Warsaw at the following address: ul. Nowy Świat 1/10, 00-496, entered into the Register of Entrepreneurs of the National Court Register under number: KRS 0001107457, Tax ID: 7011206890, National Business Registry No.: 52871968500000, share capital of PLN 2,500,000.00, in accordance with the information corresponding to the current transcript from the Register of Entrepreneurs contained in the Central Information of the National Court Register. The company is represented by Szymon Piotr Dziak Czekan, President of the Management Board.

1. The Controller processes Personal Data in accordance with applicable legal provisions, in particular the General Data Protection Regulation (GDPR) and the Personal Data Protection Act.
2. The Controller exercises special care to protect the privacy of Users and to safeguard their interests, in particular by ensuring that the Personal Data collected via the Website is processed only for specified, legitimate purposes and not further processed in a manner incompatible with those purposes.
3. Personal Data of Users is collected and processed solely on the basis of appropriate legal grounds. The scope of the data depends on the type of service provided and is limited to what is strictly necessary.
4. For any questions regarding this Privacy Policy or Cookie Policy, please contact the Controller by email at: biuro@pro.r3.org.pl.
5. The Controller reserves the right to amend this Privacy Policy and Cookie Policy. Users are responsible for keeping themselves informed of the current version. Amendments may be prompted by developments in internet technologies, changes in applicable legislation, or the evolution of the Website, such as the introduction of new tools or functionalities by the Controller. The date of the latest update is indicated at the bottom of this page.
6. apitalised terms used in this Privacy Policy and Cookie Policy shall have the meanings assigned to them in §2 below.

 

§2 DEFINITIONS

 

1. Controller – PRO R3 Organizacja Odzysku Opakowań S.A., with its registered office in Warsaw at the following address: ul. Nowy Świat 1/10, 00-496, entered into the Register of Entrepreneurs of the National Court Register under number: KRS 0001107457, Tax ID: 7011206890, National Business Registry No.: 52871968500000, share capital of PLN 2,500,000.00, in accordance with the information corresponding to the current transcript from the Register of Entrepreneurs contained in the Central Information of the National Court Register.
2. User – any natural person visiting the Website and using its functionalities.
3. Website and Online Store – the website, blog, and online store available at www.pro.r3.org.pl.
4. Personal Data – any information relating to an identified or identifiable natural person, such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
5. Consent – a freely given, specific, informed, and unambiguous indication of the User’s wishes, signified by a statement or clear affirmative action, by which the User agrees to the processing of their Personal Data.
6. User Account or Account – an account created by the User on the Online Store platform, providing access to purchased training materials and products in accordance with the Store’s Terms and Conditions, which the User accepts during registration.
7. Training Platform – a platform through which the Controller provides access to Digital Content, Digital Services, or other Services to the Client.
8. Form or Forms – sections of the Website allowing Users to enter Personal Data for specific purposes, such as subscribing to the Newsletter, placing an order, or initiating contact.
9. Terms of Use – the terms and conditions available on the Store’s website governing subscription to the Newsletter and the provision of the Newsletter Service.
10. Newsletter – a free Digital Service provided electronically by the Controller to the User, consisting of email messages containing information about events, services, products, and other matters relevant to the Controller and/or intended to pursue the Controller’s legitimate interest in direct marketing, including the transmission of marketing and commercial content with the User’s consent. Detailed information is provided later in this Policy and in the Newsletter Terms and Conditions.
11. Service – a system of interconnected IT devices and software enabling the processing, storage, transmission, and reception of data through telecommunications networks using end-user devices appropriate for the given type of network (e.g. the Internet). This includes the Website or any part thereof, the Store or any part thereof, as well as applications (including mobile apps), other services provided by the Controller, and the Controller’s profiles and channels on social media platforms.
12. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
13. DSA – Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act).
14. Personal Data Protection Act – the Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2019, item 1781, as amended).
15. Act on the Provision of Electronic Services – the Act of 18 July 2002 on the Provision of Electronic Services (i.e. Journal of Laws of 2024, item 1533, as amended).
16. Telecommunications Law– the Act of 16 July 2004 – Telecommunications Law (Journal of Laws of 2024, item 34, as amended). z późn. zm.). 

 

§3 PERSONAL DATA AND RULES OF PROCESSING

 

WHO IS THE CONTROLLER OF THE USER’S PERSONAL DATA?

 

The Controller of Personal data is PRO R3 Organizacja Odzysku Opakowań S.A., with its registered office in Warsaw at the following address: ul. Nowy Świat 1/10, 00-496, entered into the Register of Entrepreneurs of the National Court Register under number: KRS 0001107457, Tax ID: 7011206890, National Business Registry No.: 52871968500000, share capital of PLN 2,500,000.00, in accordance with the information corresponding to the current transcript from the Register of Entrepreneurs contained in the Central Information of the National Court Register.

 

The Controller jointly controls Data with providers of social media platforms, such as Facebook, TikTok, and others listed in this document, within the scope of data concerning persons who use social media, follow the Controller’s profile on those platforms, and interact with the Controller. The terms of joint controllership are specified further in this Policy for each social media platform on which the Controller maintains a profile.

 

IS PROVIDING DATA VOLUNTARY? WHAT ARE THE CONSEQUENCES OF NOT PROVIDING IT?

 

Providing Data is voluntary. However, failure to provide certain information – generally marked as mandatory on the Controller’s websites – will result in the inability to perform a given service, fulfil a particular purpose, or take specific action.

 

The provision of non-mandatory Data, or any additional Data not required by the Controller, is at the User’s sole discretion. In such cases, the processing is based on the legal basis set out in Article 6(1)(a) of the GDPR (consent). By providing such data, the User consents to its processing, including the possibility of the Controller anonymising any information it does not require and does not intend to process but which was nevertheless submitted by the User.

 

FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS IS THE USER’S PERSONAL DATA PROCESSED?

 

The User’s Personal Data on the Controller’s Website may be processed for the following purposes and on the following legal bases:

No.	Purpose of Data Processing	Legal basis for processing	Processing time
1.	Performance of a service or execution of an agreement, including sending offers (e.g., product advertisements) at the User’s request	Article 6(1)(b) of the GDPR (necessary for the conclusion and performance of an agreement or for taking action at your request)	Data is processed for the duration of the agreement/time necessary to send the offer and the User’s response, and then until the expiry of the limitation period for claims 2 years or 6 years from the performance of the agreement, depending on whether the User is an entrepreneur
2.	Issuing invoices and bills, and fulfilling other obligations arising from tax law in connection with orders placed in the Online Store or for other products and services	Article 6(1)(c) of the GDPR (obligation arising from legal provisions)	Data is processed for 5 years from the end of the fiscal year in which the taxable event occurred
3.	Granting discounts or informing the User about promotions and relevant offers from the Controller or recommended third parties, including sending the Newsletter	Article 6(1)(a) of the GDPR (consent)	The data is processed until consent is withdrawn, then for 2 years in the case of persons who have withdrawn their consent, or after 6 months of the recipient’s inactivity
4.	Storage of unpaid orders	Article 6(1)(f) of the GDPR (legitimate interest of the Controller)	Data is processed until it is no longer useful 14 days from placing the order
5.	Consideration of complaints or claims related to the agreement	Article 6(1)(b) of the GDPR (necessary for the conclusion and performance of the Agreement) and on the basis of Article 6(1)(c) of the GDPR (obligation arising from legal provisions)	Data is processed for the duration of the procedure or claim 1 year from the expiry of the claim or 5 years from the end of the fiscal year in the case of Data stored under tax regulations
6.	Establishment, exercise, or defence of legal claims	Article 6(1)(f) of the GDPR (legitimate interest of the Controller)	Data is processed until the basis for processing ceases to exist 2 years or 6 years from the performance of the agreement, depending on whether the User is an entrepreneur
7.	Telephone contact regarding the provision of services or execution of agreements	Article 6(1)(b) of the GDPR (necessary for the conclusion and performance of an agreement)	Data is processed for the duration of the agreement/time necessary to send the offer and the User’s response, and then until the expiry of the limitation period for claims 2 years or 6 years from the performance of the agreement, depending on whether the User is an entrepreneur
8.	Telephone contact for presenting offers and direct marketing	Article 6(1)(a) of the GDPR (consent)	The data is processed until the withdrawal of consent
9.	Creation of registers related to the GDPR and other legal regulations	Article 6(1)(c) of the GDPR (obligation arising from legal provisions) and Article 6(1)(f) of the GDPR (legitimate interest of the Controller)	The data is processed until the basis for processing ceases to exist or becomes irrelevant to the Controller
10.	Archiving for the purpose of securing information that may be used to prove facts	Article 6(1)(f) of the GDPR (legitimate interest of the Controller)	Data is processed until objection or loss of usefulness for the Controller 2 years or 6 years from the performance of the agreement, depending on whether the User is an entrepreneur
11.	Analytical purposes, including the analysis of Data collected automatically via the Website (e.g., through cookies such as Google Analytics or Meta Pixel)	Article 6(1)(f) of the GDPR (legitimate interest of the Controller)	The data is processed until the cookies are deleted from the browser by the User
12.	Use of cookies on the Website and its subpages	Article 6(1)(a) of the GDPR (consent)	The data is processed until the cookies are deleted from the browser by the User
13.	Management of the Website and the Controller’s pages on other platforms	Article 6(1)(f) of the GDPR (legitimate interest of the Controller)	Data is processed until objection or loss of usefulness for the Controller
14.	Surveying satisfaction with the services offered	Article 6(1)(f) of the GDPR (legitimate interest of the Controller)	Data is processed until objection or loss of usefulness for the Controller
15.	Posting of opinions by the User regarding services provided by the Controller	Article 6(1)(a) of the GDPR (consent)	The data is processed until consent is withdrawn or it is no longer useful to the Controller, unless consent is withdrawn earlier
16.	Internal administrative purposes of the Controller related to managing contact with the User	Article 6(1)(f) of the GDPR (legitimate interest of the Controller)	Data is processed until the basis for processing ceases to exist 2 years or 6 years from the performance of the agreement, depending on whether the User is an entrepreneur
17.	Tailoring the content displayed on the Controller’s websites to individual User preferences and continuously improving service quality	Article 6(1)(f) of the GDPR (legitimate interest of the Controller)	The data is processed until an objection is raised or the Data becomes useless to the Controller
18.	Direct marketing of products or Services offered by the Controller or recommended third parties	Article 6(1)(f) of the GDPR (legitimate interest of the Controller)	The data is processed until an objection is raised or the Data becomes useless to the Controller
19.	Managing a Facebook fan page and interacting with Users	Article 6(1)(f) of the GDPR (legitimate interest of the Controller) and Article 6(1)(a) of the GDPR (consent)	The data is processed until the Consent is withdrawn or an objection is raised, or the Data becomes useless to the Controller
20.	Managing an Instagram profile and interacting with Users	Article 6(1)(f) of the GDPR (legitimate interest of the Controller) and Article 6(1)(a) of the GDPR (consent)	The data is processed until the Consent is withdrawn or an objection is raised, or the Data becomes useless to the Controller
21.	Managing a LinkedIn profile and interacting with Users	Article 6(1)(f) of the GDPR (legitimate interest of the Controller) and Article 6(1)(a) of the GDPR (consent)	The data is processed until the Consent is withdrawn or an objection is raised, or the Data becomes useless to the Controller
22.	Managing a Twitter profile and interacting with Users	Article 6(1)(f) of the GDPR (legitimate interest of the Controller) and Article 6(1)(a) of the GDPR (consent)	The data is processed until the Consent is withdrawn or an objection is raised, or the Data becomes useless to the Controller
23.	Managing a YouTube profile and interacting with Users	Article 6(1)(f) of the GDPR (legitimate interest of the Controller) and Article 6(1)(a) of the GDPR (consent)	The data is processed until the Consent is withdrawn or an objection is raised, or the Data becomes useless to the Controller
24.	Managing a TikTok profile and interacting with Users	Article 6(1)(f) of the GDPR (legitimate interest of the Controller) and Article 6(1)(a) of the GDPR (consent)	The data is processed until the Consent is withdrawn or an objection is raised, or the Data becomes useless to the Controller
25.	Advertising on social media and websites, including advertisements created using Facebook Ads Manager and remarketing tools	Article 6(1)(a) of the GDPR (consent) and Article 6(1)(f) of the GDPR (legitimate interest of the Controller), consisting in the promotion and advertising of the Controller’s services through remarketing targeted at persons subscribed to the mailing list or visiting a given website)	The data is processed until the Consent is withdrawn or an objection is raised, or the Data becomes useless to the Controller
26.	Contacting the Controller via chatbot	Article 6(1)(a) of the GDPR (consent) or Article 6(1)(b) of the GDPR (consent) data is processed to respond to a question from a website user	The data is processed until the Consent is withdrawn or an objection is raised, or the Data becomes useless to the Controller
27.	Posting comments by the User	Article 6(1)(a) of the GDPR (consent)	The data is processed until the Consent is withdrawn or becomes irrelevant to the Controller
28.	Posting of opinions by the User	Article 6(1)(a) of the GDPR (consent)	The data is processed until the Consent is withdrawn or becomes irrelevant to the Controller
29.	Recruitment	for the purpose and for the time necessary to take the steps necessary before entering into an agreement – Article 6(1)(b) of the GDPR, and for up to 6 months after the end of the recruitment process, and in the case of data provided voluntarily by the candidate or excess data – based on Article 6(1)(a) of the GDPR (consent), and Article 9(2)(a) of the GDPR (consent) – in the case of sensitive data provided by the candidate, for future recruitment purposes – based on consent given under Article 6(1)(a) of the GDPR, for the purpose and for the period necessary to pursue the legitimate interests pursued by the Controller, e.g., pursuing claims and defending against claims, marketing of own products and services (to the extent that processing is necessary for this purpose) – under Article 6(1)(f) of the GDPR.	Until the conclusion of the agreement or withdrawal of consent. Nie dłużej niż 6 miesięcy od zakończenia rekrutacji. For a maximum of 1 year (this period is counted from the end of the year in which the Data was obtained) Until an objection is raised.
30.	Creating and managing the Controller’s own User databases	Article 6(1)(f) of the GDPR (legitimate interest of the Controller)	The data is processed until an objection is raised or the Data becomes useless to the Controller

The provision of Data that is not mandatory or excess data that the Controller needs to process is based on the User’s own decision, and then the processing is carried out based on the premise contained in Article 6(1)(a) of the GDPR (consent). The User grants consent to the processing of such Data and to the anonymisation of Data which the Controller does not require and does not wish to process, but which the User has nevertheless provided to the Controller.

 

RECRUITMENT

 

The Controller provides a Recruitment Form on its Website, enabling the User to submit their Data in the form of a CV to participate in the recruitment process.

 

Submitting a CV signifies participation in the recruitment process and constitutes consent to the processing of special categories of Data and excess Data contained in the recruitment documents provided, including for future recruitment processes conducted by the Controller, if the User has given their consent.

 

The User’s Personal Data will be processed for the following purposes and on the following legal bases:

1. For the purpose of recruitment in connection with employment based on an employment agreement – under the right arising from Article 22(1) §1 of the Act of 26 June 1974 – Labour Code (Journal of Laws of 2023, item 1465), and under Article 6(1)(c) of the GDPR. In connection with the processing of Data other than those specified in Article 22(1) §1 of the Labour Code (i.e. Data provided voluntarily by the User in the CV and application documents), the legal basis is the User’s consent – Article 6(1)(a) of the GDPR and Article 9(2)(a) of the GDPR (in the case of special categories of Data). Data will be processed for the time necessary to take steps prior to entering into an agreement and up to six months after the recruitment process ends;
   
2. For future recruitment purposes – based on the User’s consent under Article 6(1)(a) of the GDPR. Data will be processed for a maximum period of three years (counted from the end of the calendar year in which the Data was obtained);
3. For the purpose and for the period necessary to pursue the Controller’s legitimate interests, such as establishing, pursuing or defending claims, or marketing the Controller’s own products and services (to the extent necessary for this purpose) – under Article 6(1)(f) of the GDPR.

 

After the expiry of the processing periods indicated above, Personal Data shall be permanently deleted or anonymised.

 

The User may withdraw their consent at any time; however, this will not affect the lawfulness of processing carried out prior to its withdrawal. The User also has the right to object to the processing of Data based on the Controller’s legitimate interests. The Controller will cease to process the Data for these purposes unless it demonstrates compelling legitimate grounds that override the User’s interests, rights, and freedoms, or if the Data is necessary to establish, exercise, or defend legal claims.

 

Data related to the recruitment process will not be transferred to third countries.

 

The User has the right to access their Data, receive copies of it, and request rectification, erasure, restriction of processing, Data portability, or object to processing. The User also has the right to withdraw consent at any time, which shall not affect the lawfulness of processing carried out based on consent before its withdrawal.

 

The User has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe that the processing of their Personal Data violates the provisions of the GDPR.

 

Providing Personal Data is voluntary; however, the provision of certain Data may be necessary to achieve the purposes of processing. Failure to provide such Data may result in the inability to carry out the recruitment process or include the User in future recruitment efforts.

 

The Controller does not profile the User’s Data in the context of recruitment.

 

HOW IS DATA COLLECTED?

 

Only Data that the User provides (except, in certain situations, Data collected automatically using cookies and login details, as described below) is collected and processed.

 

When the User visits the Website, Data relating to the visit itself is collected automatically, e.g., the User’s IP address, domain name, browser type, operating system type, etc. (login data). Automatically collected Data may be used to analyse User behaviour on the Website, collect demographic data about Users, or personalise the content of the Website to improve it. However, this Data is processed solely to administer the Website, ensure efficient hosting services, or direct marketing content, and is not associated with the Data of individual Users. Further information about cookies is provided later in this Policy.

 

Data may also be collected through forms on the Website, as described later in this Privacy Policy.

 

Information society services

The Controller does not collect Children’s Data. The User must be at least 16 to independently express consent to the processing of Personal Data for the provision of information society services, including for marketing purposes, or must obtain the consent of a legal guardian (e.g., a parent) for this purpose.

If the User is under 16, they should not use the Website or the www.pro.r3.org.pl Service.

The Controller is entitled to make reasonable efforts to verify whether the User meets the age requirement referred to above or whether the person exercising parental authority or guardianship over the User under the age of 16 has given or approved their consent.

 

WHAT ARE THE USER’S RIGHTS?

 

The User shall be entitled at any time to the rights set out in Articles 15-21 of the GDPR, i.e.:

• • the right to access the content of their Data,
  • the right to transfer Data,
  • the right to correct or rectify Data,
  • the right to delete Data if there are no grounds for processing it,
  • the right to restrict processing if it has been carried out incorrectly or without a legal basis,
  • the right to object to the processing of Data on the basis of the legitimate interest of the Controller,
  • the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (on the terms specified in the Personal Data Protection Act) if they believe that the processing of their data is inconsistent with the currently applicable provisions of law on data protection,
  • the right to be forgotten if further processing is not provided for by the currently applicable law.

 

The Controller notes that these rights are not absolute and do not apply to all processing activities concerning the User’s Personal Data. This applies, for example, to the right to obtain a copy of the Data, which must not adversely affect the rights and freedoms of others, such as copyright or professional secrecy. For information on the limitations of the User’s rights, please refer to the GDPR.

 

However, the User always has the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office in Warsaw: Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa, phone: +48 22 531 03 00, e-mail: kancelaria@uodo.gov.pl – if they believe that the processing of Personal Data violates the provisions of the GDPR or other applicable data protection regulations.

 

To exercise their rights, the User may contact the Controller via e-mail at biuro@pro.r3.org.pl or by post to the Controller’s registered address as specified in this Privacy Policy, indicating the scope of their request. A response shall be provided no later than 30 days from the date of receipt of the request and its justification, unless an extension of this period is justified under the GDPR.

 

CAN THE USER WITHDRAW THEIR CONSENT?

 

If the User has given their Consent to a specific action, they may withdraw it at any time. Withdrawal will result in the removal of the e-mail address from the Controller’s mailing list and the cessation of the actions carried out on the basis of that Consent (e.g. Newsletter subscription). The User may withdraw their Consent by: clicking the ‘unsubscribe’ link in the Newsletter or another clearly designated link, after which the User will be redirected to a page where they will be asked to confirm the withdrawal, or sending a statement of withdrawal to the Controller’s e-mail address or postal address, if provided in this Privacy Policy.

 

Withdrawal of Consent does not affect the lawfulness of Data processing carried out prior to its withdrawal.

 

In certain cases, the Data may not be immediately deleted and may be retained to defend against possible claims, in accordance with provisions of the Civil Code, or to fulfil legal obligations imposed on the Controller.

 

In each case, the Controller will respond to the User’s request, providing an appropriate justification for any further actions that result from legal obligations.

 

DOES THE CONTROLLER TRANSFER USER DATA TO THIRD COUNTRIES?

User Data may be transferred outside the European Union to third countries.

 

As the Controller uses external providers of various services (e.g. Meta Platforms Ireland Limited [Facebook and its subsidiaries], Google, Microsoft, etc.), User Data may be transferred to the United States of America (USA) in connection with storage on American servers (in whole or in part).

 

Google and Meta, based on the European Commission’s implementing decision of 10 July 2023, issued under Regulation (EU) 2016/679 of the European Parliament and of the Council, have undergone a certification process under the EU–US Data Privacy Framework. They have obtained certificates confirming that they ensure a level of Personal Data protection equivalent to that in the European Union.

 

User Data will only be transferred to recipients that guarantee the highest level of Data protection and security, including through:

1. cooperation with Data processors located in countries for which an adequacy decision has been issued by the European Commission,
2. use of standard contractual clauses issued by the European Commission,
3. use of binding corporate rules approved by the competent supervisory authority, or
4. the User’s explicit Consent to transfer their Personal Data.

Detailed information is available in the privacy policies of the relevant service providers, such as:

Google Ireland Limited: https://policies.google.com/privacy?hl=pl

Meta Platforms Ireland Limited: https://www.facebook.com/privacy/explanation

UAB MailerLite: https://www.mailerlite.com/legal/privacy-policy

Currently, services provided by Google Ireland Limited and Meta Platforms Ireland Limited are primarily delivered by entities based in the European Union. However, Users should always consult the up-to-date privacy policies of these providers to confirm the scope and location of Data processing.

 

MailerLite may store some Data in the United States or use service providers based there, but the Data is primarily processed within the European Union.

 

HOW LONG IS USER DATA STORED?

User Data will be stored by the Controller for the duration of the provision of individual services or until the achievement of the purposes indicated in the table above, and specifically:

1. For the duration of the service and cooperation, as well as for the limitation period of claims under applicable law — with respect to Data provided by contractors, clients, or Users.
2. For the duration of discussions and negotiations preceding the conclusion of an agreement or the performance of a service — with respect to Data provided in a request for quotation.
3. For the period required by law, including tax regulations — with respect to Personal Data related to the fulfilment of statutory obligations.
4. Until an effective objection is lodged under Article 21 of the GDPR – with respect to Personal Data processed based on the legitimate interest of the Controller, including for direct marketing purposes.
5. Until withdrawal of Consent or achievement of the processing purpose or business purpose — with respect to Personal Data processed based on Consent. After withdrawal of Consent, the Data may still be processed for the purpose of defending against possible claims, in accordance with the applicable limitation period or a shorter period communicated to the User.
6. Until the Data becomes obsolete or loses its usefulness – with respect to Personal Data processed mainly for analytical and statistical purposes, for the use of cookies, or for the administration of the Controller’s platform.
7. For a maximum period of 2 years in the case of Users who have unsubscribed from the Newsletter — for the purpose of defending against possible claims (e.g. information about the date of subscription and unsubscription, number of Newsletters received, actions taken and interactions with received messages), or after 6 months of inactivity by a subscriber (e.g. not opening any messages from the Controller).

The Data storage periods expressed in years are calculated from the end of the calendar year in which the processing activity commenced. This approach streamlines the management and organisation of Data processing.

Detailed Personal Data retention periods for specific processing activities are recorded in the Controller’s register of processing activities.

 

LINKS TO OTHER WEBSITES

The Website may contain links to external websites. These links may open in a new browser window or in the same window.

 

The Controller bears no responsibility for the content of these external websites. The User is advised to familiarise themselves with the privacy policies and terms of use applicable to those websites before using them.

 

SOCIAL MEDIA ACTIVITY – FACEBOOK

The Controller administers User Data on the fan page under the name PRO.R3 and the group named Akademia Recyklingu (Recycling Academy) on Facebook (hereinafter referred to as the Fan Page).

 

The User’s Personal Data provided via the Fan Page is processed for the purposes of administering and managing the Fan Page, communicating and interacting with the User, directing marketing content to the User, and building a community around the Fan Page.

 

The legal basis for this processing is the User’s consent and the Controller’s legitimate interest in engaging with Users and Followers of the Fan Page. The User voluntarily chooses to like or follow the Fan Page.

 

Although the Controller sets the rules for administering the Fan Page, the overall use of the Facebook platform is governed by Facebook’s own terms and conditions.

 

The User may unfollow the Fan Page at any time. However, doing so will result in the Controller no longer displaying content from the Fan Page to that User.

 

The Controller may view the User’s Personal Data such as first name, last name, or any public information shared on their Facebook profile. The processing of all other Personal Data is carried out by Facebook in accordance with its terms and conditions.

 

The User’s Personal Data will be processed for as long as the Fan Page remains active, based on the User’s consent (e.g., liking or following the Fan Page or interacting through comments or messages) and the Controller’s legitimate interest in marketing their own products or services and defending against potential claims.

 

The User’s Personal Data may be shared with other data recipients such as Facebook itself, advertising agencies working with the Controller, subcontractors maintaining the Fan Page, IT service providers, or virtual assistants – particularly when contact is made outside of Facebook.

 

Other rights of the User are described elsewhere in this Privacy Policy.

 

User Data may be transferred to third countries in accordance with Facebook’s terms and conditions.

 

Such data may also be subject to profiling in order to personalise the advertising content shown to the User.

 

However, it is not subject to automated decision-making within the meaning of the GDPR that would affect the User’s rights and freedoms.

 

SOCIAL MEDIA ACTIVITY – INSTAGRAM

The Controller administers User Data on the profile under the name PRO.R3, available at the URL: https://www.instagram.com/pro.r3/ on the Instagram platform (hereinafter referred to as the Profile).

 

The User’s Personal Data provided via the Profile is processed for the purposes of administering and managing the Profile, communicating and interacting with the User, targeting marketing content to the User, and building a community around the Profile.

 

The legal basis for this processing is the User’s consent and the Controller’s legitimate interest in engaging with Users and Followers of the Profile. The User voluntarily chooses to like or follow the Profile.

 

While the Controller administers the Profile, the rules for using the Instagram platform are set out in Instagram’s rules and regulations.

 

The User may unfollow the Profile at any time. However, doing so will result in the Controller no longer displaying content from the Profile to that User.

 

The Controller may view the User’s Personal Data such as their first name, last name, or other information made public on their Instagram account. The processing of all other Personal Data is carried out by Instagram in accordance with its own terms and conditions.

 

The User’s Personal Data will be processed for as long as the Profile remains active, based on the User’s consent (e.g., liking or following the Profile or interacting through comments or messages) and the Controller’s legitimate interest in marketing their own products or services or defending against claims.

 

The User’s Personal Data may be shared with other recipients, such as advertising agencies cooperating with the Controller, subcontractors managing the Profile, IT service providers, or virtual assistants – particularly when contact is made outside of Instagram.

 

Other rights of the User are described in this Privacy Policy.

User Data may be transferred to third countries in accordance with Instagram’s terms and conditions.

 

Such data may also be subject to profiling to personalise the advertising content shown to the User. However, it will not be subject to automated decision-making within the meaning of the GDPR that could negatively affect the User’s rights and freedoms.

 

Instagram’s Privacy Policy is available at: https://help.instagram.com/519522125107875

 

SOCIAL MEDIA ACTIVITY – TIKTOK

The Controller administers User Data on the profile under the name pro.r3ooo, available at the URL: https://www.tiktok.com/@pro.r3ooo on the TikTok platform (hereinafter referred to as the Profile).

 

The User’s Personal Data provided on the TikTok Profile shall be processed for the purposes of administering and managing the Profile, communicating and interacting with the User, targeting marketing content to the User, and building a community around the Profile.

 

The legal basis for this processing is the User’s consent and the Controller’s legitimate interest in engaging with Users and Followers of the Profile. The User voluntarily decides to like content or follow the Profile.

 

The rules governing the Profile are set by the Controller; however, the rules for using the TikTok platform are set out in TikTok’s rules and regulations.

 

The User may stop following the Profile at any time. In such a case, the Controller will no longer display any content originating from or related to the Profile to that User.

 

The Controller may view the User’s Personal Data, such as their first name, last name, or other information that the User has made public on their profile. The processing of other Personal Data is carried out by TikTok under the terms set out in its rules and regulations.

 

TikTok and the Controller act as Joint Controllers with respect to activities related to the pursuit of common economic purposes involving the processing of Personal Data, including the use of the TikTok plugin on the Website and the processing of data of visitors to the Profile.

 

The User’s Personal Data shall be processed for the duration of the Profile’s existence, based on the consent expressed by liking content, clicking ‘Follow’, or interacting with the Controller (e.g., by leaving a comment or sending a message), and also based on the Controller’s legitimate interests, such as marketing its own products or services or defending against claims.

 

The User’s Personal Data may be shared with other recipients, such as TikTok, cooperating advertising agencies, subcontractors servicing the Controller’s TikTok Profile, IT service providers, or virtual assistants – particularly when contact is made outside the TikTok platform.

 

Other User rights are described in this Privacy Policy.

 

User Data may be transferred to third countries outside the European Economic Area, in accordance with TikTok’s Terms of Use. TikTok uses compliance mechanisms such as the standard contractual clauses adopted by the European Commission.

 

When using TikTok, data shall not be subject to profiling or automated processing within the meaning of the GDPR in a way that adversely affects the User’s rights and freedoms.

The Controller recommends reviewing TikTok’s privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=pl

 

SOCIAL MEDIA ACTIVITY – LINKEDIN

The Controller administers User Data on the profile under the name PRO.R3, available at the URL: https://www.linkedin.com/company/pro-r3/ on the LinkedIn platform (hereinafter referred to as the Profile).

 

The User’s Personal Data provided on the Profile shall be processed to administer and manage the Profile, communicate and interact with the User, target marketing content to the User, and build a community around the Profile.

 

The legal basis for this processing is the User’s consent and the Controller’s legitimate interest in interacting with Users and Followers of the Profile. The User voluntarily decides to like or follow the Profile.

 

The rules governing the Profile are set by the Controller; however, the rules for using the LinkedIn platform are set out in LinkedIn’s rules and regulations.

 

The User may stop following the Profile at any time. In such a case, the Controller will no longer display any content originating from or related to the Profile to that User.

 

The Controller may view the User’s Personal Data, such as their name, surname, or general information made public on their profile. The processing of other Personal Data is carried out by LinkedIn under the terms and conditions specified in its rules and regulations.

 

The User’s Personal Data shall be processed for the duration of the Profile’s existence, based on the consent expressed by liking or clicking ‘Follow’, or by interacting with the Controller (e.g., by leaving a comment or sending a message), as well as for the Controller’s legitimate interests, such as marketing its own products or services or defending against claims.

 

The User’s Personal Data may be shared with other recipients, such as LinkedIn, cooperating advertising agencies or other subcontractors managing the Controller’s Profile, IT service providers, or virtual assistants – particularly when contact is made outside the LinkedIn platform.

Other User rights are described in this Privacy Policy.

 

User Data may be transferred to third countries in accordance with LinkedIn’s rules and regulations.

 

This data may also be profiled to help personalise the advertising offered to the User. However, it will not be processed in an automated manner within the meaning of the GDPR in a way that negatively affects the User’s rights and freedoms.

 

LinkedIn privacy policy: https://pl.linkedin.com/legal/privacy-policy

 

DATA SECURITY

The User’s Personal Data is stored and protected with due diligence, in accordance with the internal procedures implemented by the Controller. The Controller processes information about the User using appropriate technical and organisational measures that comply with the requirements of applicable law, in particular the provisions of the Personal Data Protection Act and the GDPR. These measures are primarily intended to protect the User’s Personal Data against unauthorised access.

 

In particular, access to Users’ Personal Data is restricted to authorised individuals who are obliged to maintain the confidentiality of such Data or to entities entrusted with the processing of Personal Data under a separate Data Processing Agreement.

 

At the same time, the User should take care to protect their Personal Data transmitted over the Internet, in particular by not disclosing login credentials to third parties, using antivirus protection, and keeping software up to date.

 

WHO CAN BE RECIPIENTS OF PERSONAL DATA?

The Controller informs that they use the services of external entities. Entities to whom they entrust the processing of Personal Data (such as courier companies, electronic payment intermediaries, accounting services, and newsletter delivery companies) guarantee the use of appropriate measures to protect and secure Personal Data as required by law, in particular by the GDPR.

 

The Controller informs the User that they entrust the processing of Personal Data to, among others, the following entities:

1. IT support and web analytics companies – to send the Newsletter and operate the mailing system;
2. IT support and web analytics companies – to store Personal Data on a server;
3. Web analytics companies – to create landing pages and collect leads;
4. Accounting offices – to issue accounting documents;
5. Accounting offices and online payment services – to operate the payment system and electronic transactions;
6. IT support companies – for internal company management;
7. IT support companies and web analytics companies – to use Google services, including email;
8. IT support companies and web analytics companies – for domain and mail server maintenance;
9. IT support companies and web analytics companies – for IT support or the technical administration of the Website;
10. Other contractors or subcontractors involved in technical and administrative support or in providing legal assistance to the Controller and its clients, such as accounting, HR, IT, graphic design, copywriting, debt collection companies, lawyers, etc.

Personal Data may also be disclosed to other recipients, including public authorities such as the tax office, in order to fulfil legal and tax obligations related to settlements and accounting.

 

Entities that process Personal Data on behalf of the Controller ensure compliance with European standards for Personal Data protection, including standards set by legal acts and decisions of the European Commission. These entities also apply appropriate compliance mechanisms when transferring Data outside the EEA, such as standard contractual clauses adopted by the European Commission in Decision 2021/915 of 4 June 2021 on standard contractual clauses between controllers and processors under Article 28(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council and Article 29(7) of Regulation (EU) 2018/1725 of the European Parliament and of the Council:

https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:32021D0915&from=PL.

 

HAS A DATA PROTECTION OFFICER BEEN APPOINTED?

The Personal Data Controller hereby informs that they have not appointed a Data Protection Officer (DPO) and perform the duties related to the processing of Personal Data independently.

 

The User acknowledges that their Personal Data may be transferred to authorised state authorities in connection with proceedings conducted by them, at their request, and after fulfilling the conditions confirming the necessity of obtaining such Data from the Controller.

 

DOES THE CONTROLLER PROFILE USER DATA?

The User’s Personal Data shall not be used for automated decision-making that affects the User’s rights, obligations, or freedoms within the meaning of the GDPR.

 

Within the Website and tracking technologies, User Data may be profiled to better personalise the Controller’s offer to the User (primarily through behavioural advertising). However, this shall not affect the User’s legal status, particularly the terms of any agreements concluded or intended to be concluded by the User. Profiling is used solely to better tailor content and advertisements to the User’s interests. The information used is anonymous and not associated with Personal Data provided by the User, e.g., during the purchase process. It is derived from statistical data, such as gender, age, interests, approximate location, and on-site behaviour.

 

Each User has the right to object to profiling if it negatively impacts their rights and obligations.

 

More information on behavioural advertising is available here: https://www.youronlinechoices.com/pl/o-reklamie-behawioralnej

 

§4 FORMS

The Controller uses the following types of Forms on the Website:

1. Newsletter subscription form – requires the User to provide their name and email address in the appropriate fields. These fields are mandatory. The User must then confirm their subscription for their email address to be added to the Controller’s subscriber database. The Data obtained in this way is added to the mailing list to send the Newsletter.

   Subscription/registration means that the User agrees to this Privacy Policy and consents to receiving marketing and commercial information by electronic means of communication, e.g., email, under the Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2020, item 344, as amended).

   By subscribing to the Newsletter, the User also consents to the Controller using the User’s telecommunications end devices (e.g. telephone, tablet, computer) for the direct marketing of the Controller’s products and services and for presenting commercial information to the User under Article 172(1) of the Telecommunications Law (Journal of Laws of 2014, item 243, as amended).

   The above Consents are voluntary but necessary to use the Newsletter service, including to inform about services, new blog entries, products, promotions, and discounts offered by the Controller or third-party products recommended by the Controller. Consents may be withdrawn at any time, which will result in the cessation of sending the Newsletter, following the rules set out in this Privacy Policy.

   The Newsletter is sent for an indefinite period, from the moment of activation until the withdrawal of Consent. After withdrawal of Consent, User Data may be stored in the newsletter database for up to 2 years to demonstrate the fact that the User gave Consent to communication via the Newsletter, the User’s actions (e.g. email opening rate), and the time of withdrawal, as well as for any related claims, which constitutes the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).

   The sending of the Newsletter may be discontinued if the User does not show any activity for a minimum of 6 months from the start of the Newsletter service or the reading of the last sent Newsletter. In this case, the Controller shall remove the User’s Data from the Newsletter sending system. The User shall not receive any further messages from the Controller unless they re-subscribe to the Newsletter using the subscription form or contact the Controller through other available means.

   The mailing system used to send the Newsletter records all activity and actions taken by the User in connection with the emails sent to them (e.g., date and time of message opening, clicks on links, unsubscriptions).

   The Controller may also conduct remarketing under Article 6(1)(f) of the GDPR (legitimate interest of the Controller, consisting in the promotion and advertising of services to persons subscribed to the Newsletter), in such a way that the email addresses provided by subscribers are uploaded to a marketing tool offered by Meta Platforms Ireland Limited (Facebook Ads Manager), and then advertising created by the Controller or authorised persons is directed to them via the Controller’s advertising account, provided that the Newsletter subscribers are also Facebook users. Each time, this Data is deleted after the end of the advertising campaign. In the event of another campaign, an updated subscriber database is uploaded. Detailed information on ‘custom audiences,’ data hashing rules, and the processing of such Data can be found in Facebook’s privacy policy:
   https://www.facebook.com/legal/terms/customaudience#
   https://www.facebook.com/legal/terms/dataprocessing

   The Controller recommends that each User familiarise themselves with these policies.

2. Contact form – allows the User to send messages to the Controller and contact them electronically. Personal Data in the form of first name, last name, email address, and the content of the message are processed by the Controller in accordance with this Privacy Policy for the purpose of communication.
   After contact with the User has ended, the Data may be archived, which constitutes the Controller’s legitimate interest. The Controller cannot specify the exact archiving period; however, it shall not exceed the statutory limitation periods for potential claims.
3. System form enabling comments to be left – all Data in the comment form is provided voluntarily by the User if they wish to leave a comment. By posting a comment, the User consents to the processing of this Data. This includes: first name, last name, email address, website name, and IP address. Some Data marked as mandatory must be entered if the User wishes to leave a comment.
   Providing the email address is voluntary but necessary to exclude spam and display the avatar. It shall not be disclosed to third parties.
4. Order form in the Store – when placing an order in the Controller’s Online Store, the User must provide certain Data in accordance with the Terms of Use, in order to fulfil the order, meet legal obligations imposed on the Controller, facilitate settlements, process claims, perform statistical and archival tasks, and conduct direct marketing to clients, which is the legitimate interest of the Controller.

   Required Data may include: first name, last name, company name, tax identification number, BDO number, residential or business address, delivery address (if applicable), and email address. If the User has an account in the Store, they may log in using their email/login and password to proceed with the order.

   The Controller stores the Data for the duration of the order or service, and after its completion, for the time necessary to defend against claims. Additionally, Data is retained for the period required by law (e.g., for tax purposes, such as invoice retention).

5. Complaint and withdrawal form in the PRO.R3 online store – when using the Controller’s services or products, the User may lodge a complaint or withdraw from the agreement. The Controller provides a complaint form and a withdrawal form attached to the Terms of Use. The User may also take these actions without the form by providing the required Data.

   The Data required may include: first name, surname or User’s name (as applicable), residential or business address, email address, telephone number (if applicable), and bank account number (if a refund is requested).

   Providing the Data is voluntary but necessary for the processing of complaints in accordance with applicable law and the Terms of Use. The Data will be stored for the purpose of handling the complaint/withdrawal process, as well as for archiving and defending against claims.

6. Registration form for creating a User account in the Online Store – the User may create an account in the Online Store by completing a registration form and providing the following Data: first name, last name, email address, residential address, company address, tax identification number, and a password.

   The account is created under the rules defined in the Terms of Use and constitutes a service provided electronically. The rules for maintaining and deleting the account are contained in the Terms of Use.

   The fields marked as mandatory must be filled out to create the account. Providing additional Data is voluntary.

   The Controller may entrust the processing of Personal Data to third parties without a separate consent from the User (under a data processing agreement). Data collected via forms shall not be transferred to third parties unless otherwise indicated.

   If the User uses services of external providers such as Google, they are advised to review the privacy policies available on the websites of those providers.

 

§5 DISCLAIMER AND COPYRIGHT

1. The content presented on the Website does not constitute professional advice or guidance (e.g., educational) and does not refer to specific circumstances. If the User wishes to obtain assistance in a specific matter, they should contact a person authorised to provide such advice or the Controller using the contact details provided. The Controller shall not be liable for the use of the content of the Website or for any actions or omissions taken based on it.
2. All content posted on the Website is subject to the copyright of specific individuals and the Controller (e.g., photos, texts, other materials, etc.). The Controller does not consent to the copying of this content, in whole or in part, without their express prior consent.
3. The Controller hereby informs the User that any dissemination of content made available by the Controller constitutes a violation of the law and may result in civil or criminal liability. The Controller may also claim appropriate compensation for material or non-material damage under applicable regulations.
4. The Controller shall not be liable for any unlawful use of the materials available on the Website.
5. The content posted on the Website is current as of the date of publication, unless otherwise indicated.

§6 TECHNOLOGIES

To use the Controller’s Website, it is necessary to have:

1. access to the Internet from a device such as a desktop computer, laptop, or other mobile device, including equipment enabling communication and the completion of necessary forms within the Service, e.g., a functional keyboard,
2. a properly configured, up-to-date version of a web browser that supports cookies (e.g., Microsoft Edge, Opera, Mozilla Firefox, Safari, Google Chrome) and enables browsing of websites,
3. an active and properly configured e-mail account (the Controller recommends that the User check whether e-mails from the Service domain are not sent to the ‘spam’, ‘offers’, or folders other than ‘main’ / ‘received’. The Controller has no influence over this, as it depends on the settings of the User’s email client and the provider of the e-mail service used),
4. software enabling the reading of content in the formats presented, e.g., PDF, video, MP3, MP4.

§7 COOKIE POLICY

1. Like most websites, the Controller’s Website uses so-called tracking technologies, i.e. cookies, which enable the Website to be improved in line with the needs of Users visiting it.
2. The Website does not automatically collect any information except for that contained in cookies.
3. Cookies are IT data – small text files – stored on an end device, e.g. a computer, tablet, or smartphone, when the User accesses the Controller’s Website.
4. These may include first-party cookies (originating directly from the Website) and third-party cookies (originating from websites other than the Website).
5. Cookies allow the content of the Website to be tailored to the individual needs of the User and to other Users visiting the Website. They also enable the creation of statistics showing how Users use and navigate the Website. This allows the Controller to improve the Website, its content, structure, and appearance.
6. The Controller uses the following third-party cookies on the Website:

1. Facebook conversion pixel and advertisements created through the Facebook Ads portal (Facebook Custom Audiences) – to manage advertisements on Facebook and conduct remarketing activities, which is the legitimate interest of the Controller. The Controller may also direct advertising content to the User through the Facebook portal as part of contact advertisements.

The Facebook Pixel tool is provided by Meta Platforms Ireland Limited and its affiliated companies. It is an analytical tool that helps measure the effectiveness of advertisements, shows what actions Users take on the Website, and helps reach a specific group of people (Facebook Ads, Facebook Insights). The Controller may also direct advertising content to the User via the Facebook portal as part of contact advertisements.

 

The Controller may also conduct remarketing under Article 6(1)(f) of the GDPR (legitimate interest of the Controller, consisting in the promotion and advertising of services to persons who have given their consent to receive offers (or persons similar to them or to Users who have liked the Fanpage) in such a way that the e-mail addresses provided are uploaded to a marketing tool offered by Meta Platforms Ireland Limited, the so-called ad manager, and then an advertisement created by the Controller or authorised persons is directed to them via the Controller’s advertising account, provided that these persons are also users of the Facebook platform (have an account there). Each time, this Data is deleted after the end of the advertising campaign. In the event of another advertising campaign, an updated contact database is uploaded to the tool. Detailed information about so-called custom audiences, Data hashing rules, and Data processing can be found in Facebook’s privacy policy at the following link: https://www.facebook.com/legal/terms/customaudience# and https://www.facebook.com/legal/terms/dataprocessing.

The information collected through the use of Facebook Pixel is anonymous and does not allow for the identification of the User. It shows general data about Users: location, age, gender, and interests. The Facebook portal provider may combine this information with information that the User provides to them through their Facebook account and then use it under their own policies and purposes.

 

The Controller recommends that the User familiarise themselves with the details of the use of the Piksel Meta tool (Facebook) and, if necessary, ask the provider of this tool any questions the User may have, as well as manage the User’s privacy settings on Facebook. For more information, please visit: https://www.facebook.com/privacy/explanation and https://www.facebook.com/business/help/742478679120153?id=1205376682832142&_ga=2.140230195.1899084027.1676390445-251481724.1675757116.

 

The User can opt out of cookies responsible for displaying remarketing ads at any time, e.g., at https://www.facebook.com/help/1075880512458213/.

 

By using the Website, the User consents to the installation of this cookie on their end device.

 

2. TikTok Pixel

to manage ads on TikTok and conduct remarketing activities, which is the legitimate interest of the Controller.

 

More information about TikTok’s analytical tool and its Data processing policy is available here: https://ads.tiktok.com/help/article/tiktok-pixel?redirected=1&_ga=2.99858206.1899084027.1676390445-251481724.1675757116.

 

This tool helps to reach new audiences by targeting them with advertisements, in particular those who have already visited the website. If you use the TikTok platform, this data may be associated with data collected by TikTok as part of the TikTok social media platform. However, it is anonymous within the website and is only used to collect statistical and analytical data and to target advertising to a broadly defined audience.

More information about TikTok’s privacy policy is available here: https://www.tiktok.com/legal/page/eea/new-privacy-policy/pl-PL?_ga=2.98704798.1899084027.1676390445-251481724.1675757116.

 

3. Built-in Google Analytics code – for analysing the statistics of the Website. Google Analytics uses its own cookies to analyse the activities and behaviour of Website Users. These files are used to store information, e.g. from which website the User came to the current website. They help to improve the Website.

 

This tool is used under an agreement with Google Ireland Limited and is provided by Google LLC. The actions taken when using Google Analytics are based on the Controller’s legitimate interest in creating and using statistics, which then enables the Controller to improve their services and optimise the Website.

 

When using Google Analytics, the Controller does not process any User Data that could identify the User.

 

The Controller recommends that you familiarise yourself with the details of the use of Google Analytics, the possibility of disabling the tracking code and, if necessary, ask the provider of this tool questions at the following link: https://support.google.com/analytics#topic=3544906 or read the privacy policy at the following link: https://policies.google.com/privacy?hl=pl&_ga=2.64139695.1899084027.1676390445-251481724.1675757116

 

4.Web push notifications from the browser – to improve communication with the User and to provide them with valuable content or offers more quickly, the Controller allows the User to consent to receiving web push notifications from their browser.

 

In order to express consent to receive web push notifications, the User should select the ‘show notifications’ option or another similar option (each browser may name this option differently) in the message sent by their web browser.

Consent to receive the above notifications may be withdrawn at any time by changing the settings of the User’s web browser. The Controller does not process any Personal Data of Users who use web push notifications. Users are identified solely under the information stored by their web browsers, to which the Controller has no access.

 

5.Social media plugins (e.g. Facebook, Instagram, TikTok, LinkedIn) – after clicking the plugin, the User is redirected to an external website where actions such as ‘Like’ or ‘Share’ may be taken.

 

The Controller recommends that the User read Facebook’s privacy policy before creating an account on this website. The Controller has no influence on the Data processed by Facebook. From the moment the User clicks on the social media plugin button, Personal Data is processed by the social media platform, e.g., Facebook, which becomes the controller and decides on the purposes and scope of its processing. Cookies left by the Facebook plugin (or other third parties) may also be applied to the User’s device after entering the Website and then associated with the Data collected on Facebook. By using the Website, the User accepts this fact. The Controller has no influence on the processing of Data by third parties in this way.

The above guidelines also apply to the following:

Facebook – fanpage located at: https://www.facebook.com/profile.php?id=61562955040419,
Instagram profile at: https://www.instagram.com/pro.r3/,

TikTok profile at: https://www.tiktok.com/@pro.r3ooo

 

6. Tools for assessing the effectiveness of Google Ads advertising campaigns – to conduct advertising and remarketing campaigns, which is the legitimate interest of the Controller.

 

The Controller does not collect any Data that would allow the identification of the User’s Personal Data. The Controller recommends that the User consult Google’s privacy policy for details on how these features work and how to disable them from the web browser.

 

7. Cookies Cookies used to recover abandoned shopping carts and User activity on the online store website – to direct advertising communications related to an uncompleted order to the User, which is the legitimate interest of the Controller.

8. Content from external providers’ websites and web pages

The Controller may embed content from portals, services, blogs and other external websites on the Website. In particular, this may include videos from YouTube or Vimeo and audio recordings from SoundCloud.

These third parties may store certain Data about the content that the User has accessed.

 

If the User does not want this to happen, they should log out of the portal (if they have an account there and are logged in) before visiting the Controller’s Website or should not play the content on the Website. The User may also change their browser settings and block the display of certain content from specific portals.

By playing recordings available on SoundCloud, the User uses services provided by SoundCloud, which is a separate entity providing electronic services to the User. Details regarding the processing of Personal Data by SoundCloud are contained in the privacy policy of that website: https://soundcloud.com/pages/privacy and the cookie policy: https://soundcloud.com/pages/cookies
and the terms of use: https://soundcloud.com/terms-of-use.

 

YouTube:
The YouTube service is operated by Google Ireland Limited and allows the User to play videos found on the Controller’s websites. YouTube may store cookies on the User’s device about their viewing history and assign them to the User’s YouTube account if they are logged in.

 

By using recordings posted on YouTube, the User uses the services provided electronically by Google Ireland Limited. Details on the processing of Personal Data by YouTube are contained in the privacy policy and terms of use of that website: https://policies.google.com/privacy and https://www.youtube.com/t/terms

 

9. Affiliate links and partner programmes

The Controller’s Website may contain affiliate links to specific products or services of third parties. This is a way of monetising the content on the Website, which is generally available free of charge. Clicking on a link will not result in any charges to the User. If the User navigates to an external entity’s website by clicking on an affiliate link and purchases a product, the Controller may receive a commission. By using the Website, the User agrees to the use of cookies in this regard.

 

The Website may also display advertising windows with third-party products as part of Google AdSense. The Controller informs that they have no influence on the content or appearance of these advertisements, which are determined by the algorithm of the provider, in this case Google Ireland Limited. The User may modify the settings and personalisation of advertisements directly from their browser by going to: https://adssettings.google.com/authenticated

 

10. Yandex Metrica analytics tool

This tool is used for analytical purposes and to improve and optimise the Controller’s Website and Online Store. It collects Data related to the User’s activity on the Website and their navigation on the Website. Such activity is then recorded in video format and the Controller may play it back to analyse the behaviour of Website Users (movements on the website, mouse clicks in specific places, time spent on the website, exits, entries to specific subpages). As part of this activity, the Controller does not obtain any information that would allow the identification of the User. For this purpose, the Website contains a special Yandex tracking code that uses cookies from that company. The User may disable it at any time by changing their browser settings.

Yandex Metrica is represented by an entity located in the European Union, Yandex Oy, Moreenikatu 6, 04600 Mantsala, Finland.

If the User wishes to learn more about the privacy and data processing practices of Yandex Metrica, the Controller recommends reviewing the privacy policy here: https://yandex.com/legal/confidential/index.html

 

11. Chatbot

The Controller uses a chatbot tool provided by the data controller: autoMEE sp. z o.o. (the provider’s privacy policy is available at https://automee.pl/rodo). The chatbot enables contact with the Controller and allows the User to receive a response to their query. The scope of Data processing is consistent with the Data provided by the person using the chatbot.

 

The Supplier also provides a system for managing and sending the Newsletter and the contact form.

1. The Controller again recommends that the User read the privacy policy of each of the above service providers in order to learn about the possibilities of making changes and settings that ensure the protection of the User’s rights.
2. Two types of cookies are used on the Website: session cookies, which are deleted after closing the browser, logging out or leaving the Website; and permanent cookies, which are stored on the User’s end device, enabling the browser to be recognised when the Website is accessed again, for the time specified in the cookie parameters or until they are deleted by the User.
3. In many cases, software used for browsing websites (web browser) allows cookies to be stored on the User’s end device by default. Users of the Service may change their cookie settings at any time. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the web browser settings or to inform the User each time they are placed on the User’s device. Detailed information about the possibilities and methods of handling cookies is available in the software (web browser) settings.
4. The Controller informs that restrictions on the use of cookies (disabling or limiting them) may affect some of the functionalities available on the Website and hinder its functioning.
5. More information about cookies is available at http://wszystkoociasteczkach.pl/ or in the ‘Help’ section of the User’s web browser.
6. Within the settings of the User’s web browser, the User may delete cookies originating from the Website or the Online Store, or from the Controller’s providers, by changing the browser settings at any time. The method of deleting cookies will vary depending on the web browser used by the User. Information on how to delete cookies is available in the ‘Help’ tab of the selected web browser.
7. Deleting cookies does not mean that the Controller will delete Personal Data obtained through cookies.

§8 COOKIE CONSENT

 

When entering the Website for the first time, the User must express their consent to cookies or take other possible actions indicated in the message in order to continue using the content of the Website. By using the Website, the User expresses their consent. If the User does not wish to give such consent, they should leave the Website. The User may also change their browser settings, disable or delete cookies at any time. The ‘Help’ tab in the User’s browser contains the necessary information.

 

§9 SERVER LOGS

1. Using the Website involves sending queries to the server on which the Website is hosted.
2. Each query sent to the server is recorded in the server logs. The logs include, among other things, the User’s IP address, the date and time of the server, information about the web browser and operating system used by the User.
3. Logs are saved and stored on the server.
4. Server logs are used to administer the Website, and their content is not disclosed to anyone other than persons or entities authorised to administer the server.
5. The Controller does not use server logs to identify the User in any way.