The terms used in this document shall have the following meaning:
- Administrator – PaperPlainz Magdalena Paluchowska email@example.com;
- Website – a website that can be visited via the Internet through the Webpage;
- Webpage – a webpage at paperplainz.com and all its subpages;
- Parties – Administrator and User;
- User – a natural person who uses the Website and enters their personal data therein.
[Personal data protection]
- The Administrator shall be the Personal Data Controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR).
- Using the Website shall entail providing personal data by the User.
- The Controller shall collect and process the following personal data:
- name and surname;
- e-mail address;
- User’s school.
- Personal data will be processed in order to enter into and perform a contract for the provision of services (Article 6(1)(b) of GDPR), provide online services (Article 6(1)(b) of GDPR), for the purposes of direct marketing (Article 6(1)(b) of GDPR).
- Personal data processed in order to enter into and perform a contract for the provision of services and provide online services shall be processed until the contract for the provision of services with the Controller is terminated and for the time necessary to fulfil the obligations imposed by law (settlements, limitation of claims).
- If the User subscribes to a newsletter, personal data will also be processed for marketing purposes, pursuant to Article 6(1)(f) of the Regulation on the protection of personal data of 27 April 2016 (GDPR). It is voluntary to provide personal data for such purpose, however failure to provide them prevents the User from receiving information from the Controller. Personal data shall be retained until the User unsubscribes from the newsletter.
- Personal data shall be provided solely to trusted subcontractors of the Controller, i.e. suppliers of IT services, accounting company, law firms, entities that send newsletters.
- The User shall update their personal data on the User Profile in the event of any changes thereof.
- The User shall be entitled to request access to the content of their personal data, rectify or erase them and to limit their processing. Furthermore, the User shall also be entitled to withdraw their consent at any time without affecting the lawfulness of processing, to move their data and to object to the processing of their personal data.
- The User shall have the right to lodge a complaint to the President of the Office for Personal Data Protection.
- The provision of personal data is voluntary, however, lack of consent to data processing prevents the User from using the Website.
- The Controller may refuse to erase the User’s personal data if retention thereof is necessary due to the obligation imposed on the Controller by law.
- The Controller undertakes to encrypt data transmission in order to secure User’s data retained in the system.
- Any User’s connection with the Website shall be encrypted and confidential.
[Technical data protection]
- The Controller shall use all technical and organisational methods to ensure the security of User’s personal data and protect them against accidental or intentional destruction, accidental loss, modification, unauthorised disclosure or access. The information shall be retained and processed on highly secured servers, with appropriate safety measures meeting the requirements of the Polish law.
- The Controller undertakes to retain backup copies containing personal data of the User.
- The data entrusted shall be retained on the top-spec hardware and servers in properly secured information storage centres, with access solely of authorised persons.
- The Controller shall carry out activities related to the processing of personal data in accordance with all legal and technical requirements imposed by the personal data protection regulations.
- The Website uses two types of cookies: session cookies and persistent cookies. Session cookies are temporary files which are stored on the User’s end device until logging out, leaving the webpage or shutting down the software (web browser). Persistent cookies are stored on the User’s end device for a time specified in the cookie data parameters or until they are deleted by the User.
- The Website uses the following types of cookies:
- “necessary” cookies – to enable using services available within the Website, e.g. used for user authorisation processing;
- “secure” cookies – to ensure security, for instance, to detect misuse of Website services;
- “performance” cookies – to collect data on how the Website is used;
- “functionality” cookies – to remember User’s settings and to customise User’s interface, e.g. selected language or region, font size, appearance of the Website, etc.;
- “third party” cookies – to provide the Users with advertising content more tailored to their interests;
- “integrating” cookies – related to services of third parties used on the Website, e.g. Google Analytics.
- Cookie settings can be changed in the web browser. If these settings are not changed, this means the User accepts the cookies used on the Website.
- As practised by most websites, we shall store HTTP queries submitted to our server (server logs). In connection with the above the following data shall be stored:
- IP addresses from which users browse information provided on our website;
- the time the query was received,
- response time,
- name of client’s station – identification carried out via HTTP,
- information on errors in HTTP transactions,
- URL address of a page previously visited by the User (HTTP referer);
- information about the user’s browser.
- The data collected in logs shall be used solely for the purpose of Website administration.
- The logs collected shall be stored for an indefinite time as auxiliary materials for the purposes of administration of the Website. The information contained therein shall not be disclosed to anyone other than persons authorised to administer the Website. The log files may be used to generate statistics constituting aid in administration. Summaries in the form of such statistics shall contain no features identifying website visitors.
- The User may contact the Controller at any time to obtain information about whether and how the Controller uses their personal data.
- The User may also request the Controller to erase their personal data in whole or in part.
- The User may contact the Controller via e-mail: firstname.lastname@example.org.