Privacy Policy

  1. GENERAL

1.1. This privacy policy of the website is informational, which means that it is not a source of responsibility for the service recipients of the Web site. The privacy policy includes, in particular, rules concerning the processing of personal data by the Administrator on the website, including the grounds, purposes and scope of the processing of personal data and the rights of data subjects, and Information on the use of cookies and analytical tools in the website.

1.2. The administrator of personal data collected through the website www.passioncars.pl is AutoRefer Mikołaj Sokołowski (Address of the company: UL. Leonida Teligi 5/8, 02-777 Warsaw) entered in the central registration and information on economic activity (CEIDG) carried out by the Minister of Enterprise and Technology, NIP: 5272489940; REGON: 142004090; E-mail address: kontakt@passioncars.pl hereinafter referred to as “the administrator” and is also the Internet service provider.

1.3. Personal data on the website are processed by the Controller in accordance with applicable laws, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. On the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)-hereinafter referred to as “GDPR” or “GDPR regulation”. Official text of GDPR regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX3A32016R0679

1.4. The use of the Web site, including the conclusion of contracts is voluntary. Similarly, the provision of personal data by the user or client of the website is voluntary, subject to two exceptions: (1) Contracting with the administrator-failure to provide in the cases and to the extent indicated on The website and the rules of the Web site and this privacy policy of the personal data necessary for the conclusion and performance of the contract for the provision of electronic services with the administrator results in the inability to conclude Agreement. The provision of personal data is in such a case a contractual requirement and if the data subject wishes to conclude the contract with the administrator, it is obliged to provide the required data. Each time the data required for the conclusion of the contract is indicated in advance on the website and in the rules of the website; (2) The statutory obligations of the Administrator-providing personal data is a statutory requirement resulting from the generally applicable laws imposing on the controller the obligation to process personal data (e.g. processing of data to Revenue and expenditure ledger) and failure to provide them will prevent the administrator from performing these duties.

1.5. The Administrator makes special care to protect the interests of the persons whose personal data processed by him, and in particular is responsible and ensures that the data collected by him are: (1) processed lawfully; (2) collected for marked, lawful purposes and not subjected to further processing not complying with those objectives; (3) Substantive, correct and adequate in relation to the purposes for which they are processed; (4) stored in a form allowing the identification of the persons concerned, no longer than is necessary to achieve the purpose of processing and (5) processed in a manner ensuring adequate security of personal data, including protection against Unauthorised or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organisational means.

1.6. Taking into account the nature, scope, context and purposes of the processing and the risk of infringement of the rights or freedoms of natural persons of varying probability and severity, the Administrator shall implement appropriate technical and organisational measures to accordance with this regulation and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Administrator shall use technical measures to prevent unauthorized persons from acquiring and modifying personal data transmitted electronically.

1.7. All words, phrases and acronyms appearing in this privacy policy and beginning with a capital letter (e.g., Service provider, Internet service, electronic service) shall be understood in accordance with their definition contained in the terms and conditions of the Web site available on the website.

2. GROUNDS FOR DATA PROCESSING

2.1. The controller is entitled to process personal data in cases where, and to the extent that, one or more of the following conditions are fulfilled: (1) The data subject has consented to the processing of his/her personal data in One or more specific objectives; (2) processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject before the conclusion of the contract; (3) processing is necessary to fulfill the legal obligation of the Administrator; or (4) processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where the overriding nature of those interests has interests or fundamental The rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is a child

2.2. The processing of personal data by the controller requires at least one of the grounds indicated in point. 2.1 Privacy Policy. The specific grounds for processing personal data of the service recipients and clients of the website by the administrator are indicated in the next section of the Privacy Policy – in relation to the purpose of processing personal data by the administrator.

3. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING ON THE WEBSITE

3.1. Each time the purpose, basis, period and scope and recipients of personal data processed by the administrator are based on actions undertaken by the service recipient or client on the website.

3.2. The Administrator may process personal data on the website for the following purposes, on the following grounds, during periods and in the following areas:

Purpose of data processingLegal basis for processing and duration of data retentionScope of data processing
Performance of an agreement to provide an Electronic Service or taking action at the request of the data subject prior to the conclusion of the aforementioned agreements.Art.6 Paragraph 1 Letter b) of the GDPR Regulation (performance of the contract)

Data shall be kept for the period necessary for the performance, termination or expiration in any other way of the contract.
Maximum scope: name and surname; e-mail address; IP address, contact telephone number; delivery address, business address/seat (street, house number, premises number, postal code, city, country), company name and tax identification number (NIP) of the Customer or Client.
Direct marketingArt.6 Paragraph 1 Letter f) GDPR Regulation (legitimate interest of the controller)

The data shall be stored for the period of the existence of a legitimate interest pursued by the Administrator, but not longer than the period of the statute of limitations of claims against the data subject due to the Administrator's business activity. The statute of limitations is specified by law, in particular the Civil Code (the basic statute of limitations for claims related to conducting business activity is three years).
The Administrator may not process data for the purpose of direct marketing if the data subject expresses an effective objection in this respect.
Name, surname, e-mail address.
MarketingArt.6 Paragraph 1 Letter a) GDPR Regulations (Consent)

Data shall be stored until the data subject withdraws his or her consent to the further processing of his or her data for this purpose.
Name, surname, e-mail address.
Keeping a tax book of income and expenses.Art.6 Paragraph 1 Letter c) GDPR Ordinance in connection with Art. 74 section 2 of the Accounting Act, i.e. dated 30 January 2018. (Journal of Laws of 2018, item 395)

The data is stored for the period required by the provisions of law ordering the Administrator to keep a tax book of revenues and expenditures (for a period not shorter than 5 years from the expiry of its validity).
Name and surname; address of residence/business/situation, company name and tax identification number (NIP) of the Customer.
Determine, enforce or defend claims which may be raised by the Administrator or which may be raised against the Administrator.Art.6 Paragraph 1 Letter f) GDPR Regulations

The data shall be stored for the period of the existence of a legitimate interest pursued by the Administrator, but not longer than the period of the statute of limitations of claims against the data subject due to the Administrator's business activity. The statute of limitations is specified by law, in particular the Civil Code (the basic statute of limitations for claims related to conducting business activity is three years).
Name; contact telephone number; e-mail address; delivery address (street, house number, premises number, postcode, town, country), address of residence/business/situation.

In the case of Clients who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Client.

4.RECIPIENTS OF THE DATA ON THE WEBSITE

4.1. For the proper functioning of the Web site, including the proper provision of the electronic Services administrator, it is necessary to use the services of third parties by the administrator. The Administrator uses only the services of such processors, who provide sufficient guarantees for the implementation of appropriate technical and organisational measures, so that the processing complies with the requirements of the GDPR and protects Rights of data subjects.

4.2. The transfer of data by the administrator does not occur in any case and not to all of the recipients or categories of recipients indicated in the Privacy policy-the Administrator shall only transmit the data if it is necessary for the achievement of the purpose Processing of personal data and only to the extent necessary to achieve it.

4.3. Personal data of service recipients of the Web site may be transferred to the following recipients or categories of customers:

4.3.1. Entities that support electronic payments or payment card-in the case of a customer who uses the website from the method of electronic payment or payment card The Administrator provides the collected personal data of the customer to the selected to the operator servicing the above payments on the website on behalf of the Administrator to the extent necessary to support the payment carried out by the client.

4.3.2. Service provider supplying the administrator with technical, it and organizational solutions enabling the administrator to conduct business, including the website and services provided through it Electronic (in particular, computer software providers to operate the Web site, email and hosting providers and providers of company management software and provide technical assistance to the Administrator) -The Administrator provides the collected personal data of the customer to the selected provider acting on his behalf only in the case and to the extent necessary to fulfill the data processing purpose in accordance with this privacy policy.

4.3.3. Accounting, legal and advisory services provider providing accounting, legal or advisory support to the Administrator (in particular, the accounting Office, law firm or collection Company)-The Administrator provides the collected personal data of the customer To the selected provider acting on its behalf only in the case and to the extent necessary to fulfill the data processing purpose in accordance with this privacy policy.

5. PROFILING ON THE WEBSITE

5.1. The GDPR imposes an obligation on the controller to inform about the profiling referred to in article 22 para. 1 and 4 of the GDPR, and, at least in these cases, relevant information about the rules of their taking and the significance and anticipated consequences of such processing for the data subject. With this in mind, the Administrator provides information about possible profiling in this section of the Privacy Policy.

5.2. The administrator may use profiling on the website for direct marketing purposes, but the decisions taken pursuant to it by the Administrator do not concern the conclusion or refusal of the contract for the provision of electronic services, or The use of electronic services on the website. The result of using profiling on the website is to submit a proposal that may correspond to the person’s interests or preferences. Despite profiling, the person decides freely whether he wants to make a purchase on the website.

5.3. Profiling on the website consists of analyzing the history of activities undertaken on the website. The condition of such profiling is that the controller has personal data of the person in order to be able to send it, e.g. To submit a proposal that may correspond to the interests or preferences of the individual.

5.4. The data subject shall have the right not to be subject to a decision which is based on profiling and gives rise to legal effects or a similar effect on that person.

6. RIGHTS OF THE DATA SUBJECT

6.1. The right of access, rectification, restriction, erasure or transfer -the data subject has the right to request from the controller access to his/her personal data, rectification, erasure (“Right to be forgotten”) or Restriction of processing and has the right to object to the processing and also has the right to transfer its data. The detailed conditions for exercising the abovementioned rights are indicated in article 15-21 GDPR regulation.

6.2. The right to withdraw consent at any time – the person whose data is processed by the Controller on the basis of the consent (pursuant to article 6 (1) (a) or art. Article 9 (a) 2 (b) A) the GDPR), it has the right to withdraw consent at any time without affecting the legality of processing, which was made on the basis of consent before its revocation.

6.3. The right to lodge a complaint with a supervisory authority , the person whose data is processed by the controller, has the right to lodge a complaint with the supervisory authority in the manner and mode set out in the provisions OF the GDPR and Polish law, Particular the law on the protection of personal data. The supervisory authority in Poland is the President of the Office for Personal data protection.

6.4. The right to object -the data subject has the right to object at any time, on grounds relating to his particular situation, to the processing of personal data concerning him, based on art. Article 6 (a) 1 (b) (e) (Interest or public tasks) or (f) (the legitimate interest of the controller), including profiling on the basis of those provisions. In such a case, the controller may no longer process such personal data unless it demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the data subject or the grounds for Establish, assert or defend claims.

6.5. Right to Object Direct Marketing -Where personal data are processed for direct marketing purposes, the data subject shall have the right at any time to object to the processing of personal data relating to him for the purposes of such marketing, including profiling, The extent to which the processing is related to such direct marketing.

6.6. In order to exercise the powers referred to in this section of this privacy policy, you may contact the administrator by sending a message in writing or by email to the administrator’s address as indicated in the introduction of the policy Privacy policy or by using the contact form available on the Web site.

7. COOKIES ON THE WEBSITE, OPERATIONAL DATA AND ANALYTICS

7.1. Cookies are small text information in the form of text files, sent by the server and saved on the website of the person visiting the website (e.g. on the hard disk of the computer, laptop or on the memory card Smartphone – depending on which device your website uses. Detailed information Cookies, as well as the history of their creation, can be found m.in. Here: https://en.wikipedia.org/wiki/HTTP_cookie

7.2. The Administrator can process the data contained in Cookies when the visitors use the website for the following purposes:

7.2.1. Data from the completed forms of the website.

7.2.2. Anonymous statistics showing how you use the website.

7.3. As a standard, most Web browsers available on the market accept the saving of Cookies. Everyone has the ability to specify the terms of use of Cookies using the settings of their own web browser. This means that you can, for example, Partially limited (e.g. temporarily) or completely disable the possibility of storing Cookies-in the latter case, however, this may affect some functionalities of the Web site.

7.4. Internet browser settings for Cookies are relevant for the consent to the use of Cookies by the website – in accordance with the provisions such consent may also be expressed through the settings of the Internet browser . In the absence of such consent, the Internet browser settings for Cookies should be changed accordingly.

7.5. For details on how to change the settings for Cookies and how to delete them in the most popular web browsers, see the Help section of your Web browser and the following pages (simply Click on a link):

In Chrome browser
In Firefox
In Internet Explorer
In the Opera browser
In Safari
In the Microsoft Edge browser

7.6. The Administrator may use the Google Analytics, Universal Analytics services provided by Google Inc. On the website. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) from services provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and services provided by Hotjar Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta). These services help the Administrator to analyse the traffic on the website. The data collected is processed in the framework of the above services in an anonymized manner (these are the so-called operational data that prevent the identification of the person) to generate statistics helpful in administering the website. These data are aggregated and anonymous in nature, i.e. Do not contain identifying characteristics (personal data) of visitors to the website. The Administrator using the above services on the website collects data such as sources and media of obtaining visitors to the website and how they behave on the website, information about devices and Browsers that visit the site, IP and domain, geographic data and demographic information (age, gender) and interests.

7.7. You can easily block a person from sharing Google Analytics information about your activity on the Web site-for this purpose you may install a browser add-on provided by Google Inc. Available here: https://tools.google.com/dlpage/gaoptout?hl=en

8. FINAL PROVISIONS

8.1. The website may contain links to other websites. The Administrator urges you to review the privacy policy established there after you have navigated to other websites. This privacy policy applies only to the administrator’s website.

 

Back to top