1. GENERAL PROVISIONS
1.1.1 Administrator – International Transport Consulting spółka z ograniczoną odpowiedzialnością with the seat in Warsaw, ul. Wilcza 31/1A, 00-544 Warsaw, registered in the register of entrepreneurs of the National Court Register for the Capital City of Warsaw, 12th Commercial Division of the National Court Register with the number (KRS): 0000677314, Business Statistical Number (REGON): 367263011, tax identification number (NIP): 7010688929, e-mail address: email@example.com
1.1.2 Personal data – any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier;
1.1.3 GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
1.1.4 Website – website available at www.e-itc.eu
1.1.5 User – any natural person visiting the Website or using one or more services provided on the Website;
1.3 The overriding objective of the controller is to ensure the protection of privacy of the Website Users and that the processing of their personal data collected in connection with the Users’ activity on the Website complies with applicable law, including the GDPR.
2. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
2.1 Personal data is processed by the Controller:
2.1.1 pursuant to Article 6 (1) (b) GDPR for the Controller to provide electronic services, including in particular publication by the Controller of the content on the Website, or the service of contacting the Controller via the contact form,
2.1.2 pursuant to Article 6 (1) (c) GDPR to comply with a legal obligation to which the controller is subject; e.g. arising from accounting regulations or tax regulations
2.1.3 pursuant to Article 6 (1) (f) GDPR for the purposes of the legitimate interests pursued by the controller, such as:
exercise or defence of legal claims
conducting quality analyses and statistics on the services provided,
marketing of the Controller’s own products and services,
adjusting the content of the Website to the individual preferences of the User and optimizing the use of the Website;
tracking traffic on the Website,
tracking traffic, also with the use of data collected via cookies and other similar technologies
2.1.4 on the grounds of a separate consent, i.e. pursuant to Article 6 (1) (a) GDPR, if such consent is necessary to ensure the lawful processing of personal data and none of the above mentioned legitimate grounds for the processing exists, the consent to the processing of personal data granted by the User is voluntary. The consent to the processing of personal data granted by the User may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
2.2 The controller of personal data takes special care to protect the interests of data subjects, and in particular ensures that: the personal data collected by him are processed in accordance with the law; are collected for specified, lawful purposes and are not subjected to further processing inconsistent with these purposes; remain correct and relevant in substance in relation to the purposes for which they are processed.
3. USER’S RIGHTS
3.1 Each User has the following rights:
3.1.1 right of access to data – the right to obtain from the controller confirmation as to whether or not personal data concerning the User are being processed, and, where that is the case, access to the personal data and the following information: the purposes of processing, categories of personal data concerned, recipients or categories of recipients to whom the data have been or will be disclosed, period for which the personal data will be stored or the criteria for determining them, the right to request rectification, erasure or restriction of the processing of personal data due to the data subject, and to object to such processing (Article 15 GDPR);
3.1.2 right of receiving a copy of the data – obtaining a copy of the personal data undergoing processing, the first copy being free of charge, and for any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs (Article 15 (3) GDPR);
3.1.3 right to rectification – right to obtain the rectification of inaccurate personal data or the right to have incomplete personal data completed (Article 16 GDPR);
3.1.4 right to erasure – the right to obtain the erasure of personal data, if the controller no longer has overriding legitimate grounds for the processing or if the personal data are no longer needed by the controller in relation to the purposes for which they were processed (Article 17 RODO);
3.1.5 right to restriction of processing – the right to obtain restriction of processing of personal data (Article 18 GDPR), where one of the following applies:
188.8.131.52 the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
184.108.40.206 the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
220.127.116.11 the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
18.104.22.168 the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.
3.1.6 right to data portability – to receive in a structured, commonly used and machine-readable format personal data concerning the User, which he or she has provided to the controller, and requests to transmit those data to another controller, if processing is based on consent of the User, or pursuant to a contract concluded with a User and if the processing is carried out by automated means (Article 20 GDPR);
3.1.7 right to object – the user shall have the right to object, on grounds relating to his or her particular situation, to processing of personal data for the legitimate purposes of the controller, including profiling. The controller shall assess the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. If the interests of the data subject overriders the interests of the controller, the controller shall no longer process the personal data for that purpose (Article 21 GDPR);
3.1.8. right to withdraw consent at any time or without giving a reason and without affecting the lawfulness of processing based on consent before its withdrawal. After the consent has been withdrawn, the controller shall cease the processing of personal data for the purpose for which the consent was given.
3.1.9 The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Personal Data Protection Office in Poland, with the seat in Warsaw. Complaints may be submitted:
22.214.171.124 in writing at the following address: ul. Stawki 2, 00-193 Warszawa,
126.96.36.199 online: via ePUAP platform,
3.2 The request for enforcement of the above-mentioned rights can be filed:
3.2.1 in writing by sending a written request at the address of the controller
3.2.2 by e-mail: firstname.lastname@example.org
3.3 The request referred to in section 3.2 above shall be formulated in a precise manner and, in particular, it shall specify the demands, the purposes of processing the request relates to, and what type of data processing the request concerns. If necessary, the controller has the right to request a specification / supplementation of the request with the data needed for the proper execution of the request.
3.4 The controller shall advise the User within one month of receiving the request
of the actions taken in relation to the request. If necessary, the controller will inform the User about the need to postpone the deadline to reply, stating the reason for the extension.
3.5 The reply to the request will be given using the same communication method that was used to submit the request. If the request was lodged in writing, on the User’s request, the response may be sent by e-mail to the e-mail address provided by the User.
4. THE PERIOD OF STORAGE OF DATA
4.1 Personal data processed for the purpose of entering into or performing the contract shall be stored for the duration of the contract, and after its expiry for the period necessary to defend or exercise any claims of the controller and in relation to the controller;
4.2 personal data processed in compliance with the legal obligation of the controller until such legal obligation has been fulfilled;
4.3 personal data processed on the basis of a separate consent will be stored until such a consent has been withdrawn;
4.4 personal data processed for purposes resulting from the legitimate interests pursued by the controller will be processed until an objection to such processing is submitted, unless the controller demonstrates the existence of legitimate grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, exercising or defending claims;
5. THE CATEGORIES OF RECIPIENTS OF DATA
The personal data of Users may be disclosed to the controller’s employees and contracting parties, affiliated undertakings of the controller, debt collection companies, postal operators, carriers, partners providing technical services, providers of hosting services and IT systems, subcontractors of the controller, other entities providing services to the controller or to employees or associates such entities.
6. COOKIES AND PERFORMANCE DATA
6.2 Cookies collect data on the use of the Website by the User, and their main purpose is to make it easier for the User to use the Website, adapt the Website to the needs and expectations of a given User, and to study Users’ traffic on the Website.
7. FINAL PROVISIONS
7.1 The controller of personal data uses technical and organizational measures to ensure the adequate level of protection of the processed personal data, depending on the threats and categories of personal data protected, and in particular, preventing unauthorized access, removal or processing of personal data in violation of applicable laws as well as unlawful destruction, loss, alteration.