Privacy Policy
I. INTRODUCTION
As of 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: ‘GDPR’) is in force. GDPR applies to an identical extent in all countries of the European Union, thus also in Poland, and affects many areas of life, including the use of online services, such as, for example the services provided by the website available at https://b2b.iowtrade.com/ (hereinafter: Website).
II. PERSONAL DATA CONTROLLER
1. The Controller of your personal data is IOW TRADE Sp. z o.o. with its
registered office in Warsaw at ul. Rzeczna 8, 03-794 Warsaw, entered
into the National Court Register kept by the District Court for the Capital
City of Warsaw in Warsaw, XIII Commercial Division of the National Court
Register under KRS: 0000033320, NIP (Tax ID): 9521873072, REGON (Business
ID): 017358978.
Contact with the Controller is possible via the e-mail address iow@iow.pl
or through the correspondence address indicated above.
2. This privacy policy has been created for the website operated by the
Controller at https://b2b.iowtrade.com/.
3. The Controller shall exercise due care to protect the interests of data subjects, and in particular to ensure that the data collected by it is processed lawfully: collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes; factually correct and appropriate in relation to the purposes for which it is processed; and stored in a form which permits identification of data subjects for no longer than it is necessary to achieve the purpose of processing.
III. PERSONAL DATA
Types of data processed. Purposes and legal basis of personal data
processing.
1. When using the Website, the User is asked to provide the following
personal data:
a) e-mail address,
b) name and surname,
c) telephone number.
2. The provision of the above data is voluntary, but necessary in order to
send a message via the contact form on the Website, to process the request
in response to the message received via the contact form, to reply to the
request, as well as to direct the enquiry to the Controller about a
specific product and to receive a reply regarding the question asked.
3. The Controller processes personal data in order to identify the User who
directs the content contained in the contact form or product enquiry form
on the Website and to handle his/her enquiry sent via the contact form or
product enquiry form provided on the basis of Article 6(1)(a) of the GDPR,
i.e. consent.
4. The Controller shall also process your data:
a) in order to offer you products and services directly (direct marketing), on the basis of Article 6(1)(f) of the GDPR),
b) for analysis, i.e. selection of services to meet the needs of visitors to the Website, optimisation of products based also on your comments on them, interest, analysis of traffic on the Website, which is the performance of the Controller’s legitimate interest, pursuant to Article 6(1)(f) of the GDPR).
5. The Controller uses IP addresses collected during Internet connections.
This data may be used to analyse traffic on the website in order to improve
the quality of the services offered and shall not be used to contact any
User in any way.
Information on recipients of personal data
1. Your personal data may be entrusted to external entities only for
purposes related to the operation of the Website.
2. Entities processing personal data on our behalf may also include cloud
system providers, advertising agencies, providers of IT services and
analytical tools, entities providing electronic payment services, hosting
companies or those providing software to ensure the functionality of the
Website run by us.
3. Transmission of your personal data is always carried out using technical
measures to ensure the security of the information transmitted.
4. Our databases containing your personal data are properly protected
against unauthorised access, alteration or deletion of your personal data.
5. In the event of violation of the rules of using the Website or the
requirements of the law, we may make your data available to the authorised
state authorities.
6. The Controller does not intend to transfer your personal data to a third
country or third parties, either free of charge or for a fee.
Period of personal data processing
1. The duration of the processing of your data depends on the purpose of
the processing. As a rule, the data is processed for the time necessary for
the performance of the contract, until the withdrawal of the consent you
have given or until you make an effective objection to the processing of
the data in cases where the legal basis for the processing is the
legitimate interest of the Controller.
2. The criteria for determining the period of processing of your data are
as follows:
a) where the basis of processing is your consent – the period of storage of
your personal data lasts until the purpose of processing ceases or until
you withdraw your consent with regard to the processing of your data;
b) where the basis of processing is a legitimate interest pursued by the
Controller – the period of personal data processing depends on the
circumstances indicating the existence of an interest on the part of the
Controller;
c) if the basis of processing is related to a legal obligation to which the
Controller is subject – the period for which the personal data is stored
results from specific legal provisions which impose an obligation to store
the data on the Controller.
3. Personal data processed within the scope of marketing activities is
processed for the time it is conducted by the Controller or the User
expresses his/her objection to further processing of personal data for
marketing purposes or cancels consent to being sent marketing information.
IV. USER’S RIGHTS WITH REGARD TO HIS/HER PERSONAL DATA
1. The User has the following rights, which he/she may exercise by
contacting the Controller by e-mail:
a) Right of access to data – The User has the right to obtain information
as to whether the Controller processes personal data concerning him/her and
to obtain access to his/her personal data held by the Controller.
b) Right to rectification – The User has the right to rectify and complete
the personal data provided by him/her.
c) Right to erasure (‘Right to be forgotten’) – The User may request the
erasure of his/her personal data when, for example, it is no longer
necessary for the purposes for which it was collected.
d) Right to restrict processing – The User has the right to request the
restriction of processing, in which case the data will only be kept for the
purpose of asserting and defending claims.
e) Right to data portability – The User has the right to receive their
personal data
in a structured, commonly used, machine-readable format and to transmit it
to another entity when the processing is based on consent or contract and
is carried out by automated means.
f) Right to object – The User may object to the processing of personal data
based on the public interest or legitimate interest pursued by the Party,
including profiling. In this case, the Controller will cease processing
unless there are compelling legitimate grounds for the processing or for
the purposes of asserting or defending claims.
g) Right to withdraw consent – The User has the right to withdraw consent
to the extent that the processing of personal data is based on consent.
h) Right to lodge a complaint – The User has the right to lodge a complaint
with the supervisory authority to the President of the Office for Personal
Data Protection.
2. If you make a request to us in exercise of the above-mentioned rights, we shall comply with the request or refuse to comply with it immediately, but no later than within one month after receipt. If, however, due to the complexity of the request or the number of requests, we are unable to comply with your request within one month, we shall comply with it within a further 2 (two) months by giving you prior notice of the intended extension.
3. You may lodge complaints, queries and requests with us regarding the processing of your personal data and the exercise of your rights. If you believe that your data protection rights or other rights granted under the GDPR have been violated, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.
V. QUESTIONS AND OBJECTIONS
1. Questions and objections regarding this Privacy Policy may be directed
to the Controller by e-mail sent to the following address: iow@iow.pl.
2. You may lodge complaints, enquiries and requests regarding the
processing of your personal data and the exercise of your rights.
VI. INFORMATION COLLECTED IN COOKIES
1. The Website does not automatically collect any information except that
contained in cookies.
2. Cookies are computer data, in particular text files, which are stored on
the final device of the Website User and are intended for use by the
Website. Cookies usually contain the name of the website from which they
come, the time of storage on the terminal equipment and a unique number.
3. Cookies are used to:
a) adapt the content of the Website to the User’s preferences and optimise
the use of the websites; in particular, these files allow the Website
User’s device to be recognised and the website to be displayed
appropriately, tailored to the User’s individual needs;
b) create statistics which help to understand how Website Users use the web
pages, which helps to improve their structure and content;
c) maintain the session of the Website User (after logging in), thanks to
which the User does not have to re-enter his/her login and password on each
subpage of the Website.
4. The following types of cookies may be used on the Website operated by
the Controller:
a) ‘essential’ cookies which make it possible to use the services available
on the Website, e.g. authentication cookies used for services which require
authentication on the website;
b) cookies used for security purposes, e.g. used to detect misuse of the
Website’s authentication;
c) cookies that enable the collection of information on the use of the
Website;
d) ‘functional’ cookies, which make it possible to ‘remember’ the user’s
selected settings and to personalise the user’s interface, e.g. with
respect to the chosen language or region of origin of the user, the font
size, the design of the Website, etc;
e) ‘advertising’ cookies, which make it possible to provide users with
advertising content more suited to their interests.
5. In many cases, the web browsing software (web browser) allows cookies to
be stored on the user’s terminal equipment by default. Users can change
their cookie settings at any time. These settings can be changed, in
particular, in such a way as to block the automatic handling of cookies in
the settings of the Internet browser or inform on their placement on the
device of the website user each time. Detailed information on the
possibility and methods of using cookies is available in the software (web
browser) settings. Failure to change the settings with regard to cookies
means that they will be placed on the user’s terminal equipment and thus we
will store information on the user’s terminal equipment and gain access to
this information.
VII. CHANGE OF THE PRIVACY POLICY
This privacy policy is reviewed on an ongoing basis and updated as
necessary.