I. GENERAL PROVISIONS

  1. The Controller of person data of the Users of the website located at aida-workservice.com is AIDA WORK SERVICE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, Tadeusza Kościuszki 39/2, 59-220 Legnica, Polska, KRS: 0001055624, NIP: 6912572083, REGON: 526270554 (hereinafter: the “Controller”).
  2. You can contact the Controller through: (1) e-mail: biuro@aida-workservice.com, (2) in writing to the Controller’s address: Tadeusza Kościuszki 39/2, 59-220 Legnica, Polska.
  3. The purpose of the Policy is to define the activities undertaken with regard to personal data collected through the Controller’s website and the related services and tools used by its Users, as well as within the process of entering into and fulfilling contracts outside the website.
  4. If necessary, the provisions of this Policy may be subject to change. Any changes will be communicated to the Users by announcing the updated Policy content. Additionally, for individuals who have consented to data processing via e-mail or provided their e-mail addresses during contract execution, notifications of changes will also be sent via e-mail.

II. GROUNDS FOR THE PROCESSING, PURPOSES AND STORING OR PERSONAL DATA

  1. The personal data of Users is processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act of 10 May 2018 and the Act on the Provision of Services by Electronic Means of 18 July 2002.
  2. In the case of the processing of personal data based on an e-mail or complaint sent by the User, such processing shall take place pursuant to Article 6(1)(b) of the General Data Protection Regulation, according to which processing is necessary in order to take action at the request of the data subject.
  3. In the case of obtaining separate consent from the User, his or her personal data may also be processed by the Controller for marketing purposes, including sending commercial information electronically to the e-mail address provided by the User (Article 6(1)(a) of the General Data Protection Regulation).
  4. When the Controller enters into and performs a sales or service contract, the other party shall be obliged to provide the data necessary for the conclusion of the contract (which is a contractual requirement and, with regard to tax numbers, also a statutory requirement) and for this purpose the Controller processes personal data (Article 6(1)(b) of the General Data Protection Regulation).
  5. When conducting research and analysis to enhance the performance of available services (e.g. tracking tools), Article 6(1)(f) of the General Data Protection Regulation is cited as the basis for processing.
  6. Users’ personal data shall be stored for no longer than it is necessary to achieve the purpose of the processing, i.e. until the withdrawal of consent if processing is based on such consent, until the limitation period for claims by the Controller and the other party in respect of the performance of concluded contracts (in the case of sales/service contracts, 2 years, counting towards the end of the year) and until the execution of an e-mail enquiry or the completion of complaint handling.
  7. To the extent necessary for the proper functioning of the website, its functionality and the correct execution of payment operations (if conducted through the website), the website uses the User’s metadata. Metadata should be understood as a process of reading and recognizing the configuration and subassemblies of the computer used by the User by the website’s IT system, in order to adjust the website to its capabilities and to establish a secure connection between the User’s computer and the website. It is important to note that this metadata cannot identify the User and is not harmful in any way to any data stored on his or her computer. Nevertheless, the User is entitled to withdraw his or her consent to the processing of metadata at any time by configuring his or her browser accordingly or by downloading the relevant plug-in provided by the browser’s manufacturer. For this purpose, you should consult the manufacturer of the software and its recommendations.
  8. The Controller may use profiling for direct marketing purposes, but decisions taken on its basis by the Controller do not concern conclusion of or refusal to enter into a contract or the possibility of using electronic services. The use of profiling may result, for example, in a person being granted a discount, being sent a discount code, being reminded of unfinished purchases, being offered a product that may match the person’s interests or preferences, or being offered better terms compared to the standard offer. Despite the profiling, individuals are free to decide whether they wish to take advantage of the discount received in this way or opt for better conditions and make a purchase. Profiling involves the automatic analysis or prediction of a given person’s behaviour on the Controller’s website, such as adding a specific product to the shopping cart, browsing a specific product page or analysing the person’s previous activity history on the website. Such profiling is conditioned by the fact that the Controller has the personal data of a given person in order to be able to send him/her e.g. a discount code.
  9. To the extent necessary for the proper functioning of the website, its functionality, the website may, when used by the User, collect other information, including but not limited to: a) IP address, b) device, hardware and software information, such as hardware identifiers, mobile device identifiers (e.g. Apple Identifier for Advertising [“IDFA”] or advertising identifier on an Android device [“AAID”]), c) platform type, d) settings and components, e) installed software, f) presence of necessary plug-ins, g) approximate geolocation data (compiled from IP address or device settings), h) browser data, including browser type and preferred language.
  10. Taking into account the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and gravity, the Controller shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with the GDPR and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Controller shall apply technical measures to prevent the acquisition and modification of personal data transmitted electronically by unauthorized persons.

III. DATA SHARING

  1. The Controller shall ensure that all personal information collected is used to fulfill obligations towards Users. This information will not be made available to third parties except: a) with the prior express consent of the data subjects to do so, or b) if the obligation to provide such data arises or will arise under applicable law (e.g. to law enforcement agencies).
  2. Additionally, personal data of service recipients and customers may be transferred to the following recipients or categories of recipients: – service providers supplying the Controller with technical, IT and organisational solutions enabling the Controller to conduct its business activity, including the website and electronic services provided through it (in particular, computer software providers, marketing agencies, e-mail and hosting providers, business management and technical support software providers to the Controller and the product delivery operator) – the Controller shall make the collected personal data of the Customer available to a selected supplier, acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this Privacy Policy; – accounting, legal and advisory service providers who provide the Controller with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection agency) – the Controller shall make the collected personal data of the Customer available to a selected supplier, acting on its behalf only if and to the extent necessary to achieve a given purpose of data processing in accordance with this Privacy Policy.
  3. The Controller may share anonymized data (i.e. data that does not identify specific Users) with external service providers in order to better identify the attractiveness of advertisements and services to Users, and in this regard, due to the location of the software providers, data may be transferred – subject to the principles of their protection – to third countries which, however, provide standard contractual provisions approved by the European Commission for the processing of personal data or which are duly authorized to do so on the basis of bilateral agreements on the entrustment of data processing between the European Union and a given third country, while not being a member of the European Economic Area. In the case of the Controller these entities are: – Google LLC. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyse the statistics of websites, Google Tag manager: used to manage the scripts by easily adding code fragments to the website or application and to track the actions performed by the Users on the website, Google Ads used to display sponsored links in the search results of the Google search engine and on the websites cooperating as part of the Google AdSense programme, – Meta Platforms, Inc. (registered office: 1601 Willow Road Menlo Park, CA 94025, USA) for the Facebook Pixel for tracking conversions from Facebook ads, optimizing them on the basis of collected data and statistics and building a targeted audience list for future ads.
  4. Third party analytics technologies integrated into the Controller’s services (including SDK [Software Development Kit] and API [Application Program Interfaces]) may combine data collected in connection with your use of the Controller’s website with information they have collected separately over time and across various platforms. Many of these companies collect and use information in accordance with their own data protection policies, which can be accessed on their respective websites The Controller encourages you to review these policies.
  5. 5. The Controller’s website may use the functionality of Google Analytics, a website audience analysis service provided by Google, LLC. (“Google”). Google Analytics uses cookies to help website operators analyse how visitors use the website. The information generated by the cookie about your use of the website is generally transmitted to and stored by Google on servers in the United States. According to current IT standards, the IP addresses of Users visiting the Controller’s website are shortened. Only in exceptional cases the complete IP address is sent to a Google server in the USA and shortened there. On behalf of the Controller, Google will use this information for the purpose of evaluating the website for its Users, compiling reports on website activity and providing other services related to website activity and Internet usage to website operators. Google will not associate the IP address transmitted as part of Google Analytics with any other data held by Google. For more information on how Google Analytics collects and uses data, please visit Google’s official website at www.google.com/policies/privacy/partners. In addition, each User can prevent Google from collecting and processing data about his or her use of the website by downloading and installing a browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout.
  6. When making data available to third parties, the Controller makes every effort to ensure that this is done only with entities certified as part of the (former) EU-US and Switzerland-US Privacy Shield programmes, which are available at www.privacyshield.gov. Such entities, when handling information originating from the European Economic Area (EEA), will do so in accordance with the “Accountability for Onward Transfer” principle of the Privacy Shield programme. Where appropriate, the Controller will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union of 16 July 2020 with regard to the EU-US Privacy Shield and the European Data Protection Board guidelines, the Controller continues to assess the legal regime of the countries to which data is transferred and, where necessary, updates measures to ensure adequate levels of protection.

IV. USER PRIVILEGES

  1. The User whose data is being processed has a) the right to access, rectification, restriction, erasure or portability – the data subject has the right to request from the Controller access to his/her personal data, rectification, erasure (“right to be forgotten”) or restriction of processing, and has the right to object to processing, and also has the right to portability of his/her data. The specific conditions governing the exercise of the aforementioned rights can be found in Articles 15-21 of the GDPR. b) the right to withdraw consent at any time – the data subject whose data is being processed by the Controller, based on their express consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR), has the right to withdraw their consent at any time, without affecting the lawfulness of the processing carried out prior to the withdrawal of consent. c) the right to lodge a complaint with a supervisory authority – the data subject whose data is being processed by the Controller has the right to file a complaint with a supervisory authority, as outlined in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. In Poland, the supervisory authority is the President of the Office for Personal Data Protection in Warsaw.
    d) the right to object – the data subject has the right to object at any time, for reasons related to their specific situation, to the processing of personal data concerning them, based on Article 6(1)(e) (public interest or tasks) or f) (legitimate interest of the controller), including profiling based on these provisions. In such a situation, the Controller shall no longer be permitted to process such personal data, except if the Controller can demonstrate the existence of compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or if there are grounds for establishing, asserting or defending claims. e) the right to object to direct marketing – if personal data is processed for the purpose of direct marketing (based on the legitimate interest of the Controller, not on the data subject’s consent), the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that the processing is connected with such direct marketing.
  2. Exercise of the above rights is based upon the User’s request sent to the e-mail address: biuro@aida-workservice.com. Such request should contain the User’s name and surname.
  3. The User ensures that the data provided or published by them on the website is accurate.