Privacy Policy

I. INTRODUCTION

As of 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: ‘GDPR’) is in force. GDPR applies to an identical extent in all countries of the European Union, thus also in Poland, and affects many areas of life, including the use of online services, such as, for example the services provided by the website available at https://b2b.iowtrade.com/ (hereinafter: Website).

II. PERSONAL DATA CONTROLLER

1. The Controller of your personal data is IOW TRADE Sp. z o.o. with its registered office in Warsaw at ul. Rzeczna 8, 03-794 Warsaw, entered into the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under KRS: 0000033320, NIP (Tax ID): 9521873072, REGON (Business ID): 017358978.
Contact with the Controller is possible via the e-mail address iow@iow.pl or through the correspondence address indicated above.
2. This privacy policy has been created for the website operated by the Controller at https://b2b.iowtrade.com/.

3. The Controller shall exercise due care to protect the interests of data subjects, and in particular to ensure that the data collected by it is processed lawfully: collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes; factually correct and appropriate in relation to the purposes for which it is processed; and stored in a form which permits identification of data subjects for no longer than it is necessary to achieve the purpose of processing.

III. PERSONAL DATA

Types of data processed. Purposes and legal basis of personal data processing.
1. When using the Website, the User is asked to provide the following personal data:
a) e-mail address,
b) name and surname,
c) telephone number.
2. The provision of the above data is voluntary, but necessary in order to send a message via the contact form on the Website, to process the request in response to the message received via the contact form, to reply to the request, as well as to direct the enquiry to the Controller about a specific product and to receive a reply regarding the question asked.
3. The Controller processes personal data in order to identify the User who directs the content contained in the contact form or product enquiry form on the Website and to handle his/her enquiry sent via the contact form or product enquiry form provided on the basis of Article 6(1)(a) of the GDPR, i.e. consent.
4. The Controller shall also process your data:

a) in order to offer you products and services directly (direct marketing), on the basis of Article 6(1)(f) of the GDPR),

b) for analysis, i.e. selection of services to meet the needs of visitors to the Website, optimisation of products based also on your comments on them, interest, analysis of traffic on the Website, which is the performance of the Controller’s legitimate interest, pursuant to Article 6(1)(f) of the GDPR).

5. The Controller uses IP addresses collected during Internet connections. This data may be used to analyse traffic on the website in order to improve the quality of the services offered and shall not be used to contact any User in any way.

Information on recipients of personal data

1. Your personal data may be entrusted to external entities only for purposes related to the operation of the Website.
2. Entities processing personal data on our behalf may also include cloud system providers, advertising agencies, providers of IT services and analytical tools, entities providing electronic payment services, hosting companies or those providing software to ensure the functionality of the Website run by us.
3. Transmission of your personal data is always carried out using technical measures to ensure the security of the information transmitted.
4. Our databases containing your personal data are properly protected against unauthorised access, alteration or deletion of your personal data.
5. In the event of violation of the rules of using the Website or the requirements of the law, we may make your data available to the authorised state authorities.
6. The Controller does not intend to transfer your personal data to a third country or third parties, either free of charge or for a fee.

Period of personal data processing

1. The duration of the processing of your data depends on the purpose of the processing. As a rule, the data is processed for the time necessary for the performance of the contract, until the withdrawal of the consent you have given or until you make an effective objection to the processing of the data in cases where the legal basis for the processing is the legitimate interest of the Controller.
2. The criteria for determining the period of processing of your data are as follows:
a) where the basis of processing is your consent – the period of storage of your personal data lasts until the purpose of processing ceases or until you withdraw your consent with regard to the processing of your data;
b) where the basis of processing is a legitimate interest pursued by the Controller – the period of personal data processing depends on the circumstances indicating the existence of an interest on the part of the Controller;
c) if the basis of processing is related to a legal obligation to which the Controller is subject – the period for which the personal data is stored results from specific legal provisions which impose an obligation to store the data on the Controller.
3. Personal data processed within the scope of marketing activities is processed for the time it is conducted by the Controller or the User expresses his/her objection to further processing of personal data for marketing purposes or cancels consent to being sent marketing information.

IV. USER’S RIGHTS WITH REGARD TO HIS/HER PERSONAL DATA

1. The User has the following rights, which he/she may exercise by contacting the Controller by e-mail:
a) Right of access to data – The User has the right to obtain information as to whether the Controller processes personal data concerning him/her and to obtain access to his/her personal data held by the Controller.
b) Right to rectification – The User has the right to rectify and complete the personal data provided by him/her.
c) Right to erasure (‘Right to be forgotten’) – The User may request the erasure of his/her personal data when, for example, it is no longer necessary for the purposes for which it was collected.
d) Right to restrict processing – The User has the right to request the restriction of processing, in which case the data will only be kept for the purpose of asserting and defending claims.
e) Right to data portability – The User has the right to receive their personal data
in a structured, commonly used, machine-readable format and to transmit it to another entity when the processing is based on consent or contract and is carried out by automated means.
f) Right to object – The User may object to the processing of personal data based on the public interest or legitimate interest pursued by the Party, including profiling. In this case, the Controller will cease processing unless there are compelling legitimate grounds for the processing or for the purposes of asserting or defending claims.
g) Right to withdraw consent – The User has the right to withdraw consent to the extent that the processing of personal data is based on consent.
h) Right to lodge a complaint – The User has the right to lodge a complaint with the supervisory authority to the President of the Office for Personal Data Protection.

2. If you make a request to us in exercise of the above-mentioned rights, we shall comply with the request or refuse to comply with it immediately, but no later than within one month after receipt. If, however, due to the complexity of the request or the number of requests, we are unable to comply with your request within one month, we shall comply with it within a further 2 (two) months by giving you prior notice of the intended extension.

3. You may lodge complaints, queries and requests with us regarding the processing of your personal data and the exercise of your rights. If you believe that your data protection rights or other rights granted under the GDPR have been violated, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.

V. QUESTIONS AND OBJECTIONS

1. Questions and objections regarding this Privacy Policy may be directed to the Controller by e-mail sent to the following address: iow@iow.pl.
2. You may lodge complaints, enquiries and requests regarding the processing of your personal data and the exercise of your rights.

VI. INFORMATION COLLECTED IN COOKIES

1. The Website does not automatically collect any information except that contained in cookies.
2. Cookies are computer data, in particular text files, which are stored on the final device of the Website User and are intended for use by the Website. Cookies usually contain the name of the website from which they come, the time of storage on the terminal equipment and a unique number.
3. Cookies are used to:
a) adapt the content of the Website to the User’s preferences and optimise the use of the websites; in particular, these files allow the Website User’s device to be recognised and the website to be displayed appropriately, tailored to the User’s individual needs;
b) create statistics which help to understand how Website Users use the web pages, which helps to improve their structure and content;
c) maintain the session of the Website User (after logging in), thanks to which the User does not have to re-enter his/her login and password on each subpage of the Website.
4. The following types of cookies may be used on the Website operated by the Controller:
a) ‘essential’ cookies which make it possible to use the services available on the Website, e.g. authentication cookies used for services which require authentication on the website;
b) cookies used for security purposes, e.g. used to detect misuse of the Website’s authentication;
c) cookies that enable the collection of information on the use of the Website;
d) ‘functional’ cookies, which make it possible to ‘remember’ the user’s selected settings and to personalise the user’s interface, e.g. with respect to the chosen language or region of origin of the user, the font size, the design of the Website, etc;
e) ‘advertising’ cookies, which make it possible to provide users with advertising content more suited to their interests.
5. In many cases, the web browsing software (web browser) allows cookies to be stored on the user’s terminal equipment by default. Users can change their cookie settings at any time. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the settings of the Internet browser or inform on their placement on the device of the website user each time. Detailed information on the possibility and methods of using cookies is available in the software (web browser) settings. Failure to change the settings with regard to cookies means that they will be placed on the user’s terminal equipment and thus we will store information on the user’s terminal equipment and gain access to this information.

VII. CHANGE OF THE PRIVACY POLICY
This privacy policy is reviewed on an ongoing basis and updated as necessary.