Privacy Policy

RETURN TO HOME PAGE

arrow-left

Table of Contents

Table of Contents

Who we are and how to find us

The administrator of your personal data collected via www.nilen.pl (hereinafter: “Service”) is NILEN spółka z ograniczoną odpowiedzialnością with its registered seat in Kraków (address: Mogilska 16/10, 31-516 Kraków), entered in the register of entrepreneurs of the National Court Register under KRS number: 0000901920, identified by REGON number: 38905515200000 and NIP number: 6751751595 (hereinafter: “Administrator”).

For all data protection issues, you can contact the Administrator via e-mail: kontakt@nilen.pl

How and why we process your personal data

CONTACT THE ADMINISTRATOR

When contacting us, you may provide us with your personal information, including information contained in the content of your correspondence or provided during a telephone conversation.

The legal basis for processing the data you provide to us by contacting us is Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive F95/46/EC (hereinafter: “RODO”), (i.e. “processing is necessary for the purposes of legitimate interests pursued by the legitimate Administrator or by a third party”). This legitimate interest is the desire to answer the questions you have, including those regarding the Administrator’s activities and offerings, and opportunities for cooperation.

PERFORMANCE DATA

We may process data of each user of the Service characterizing your use of our Service (this is so-called usage data, mostly anonymous). This processing includes the automatic reading of a unique identifier that identifies the telecommunications network termination or data communications system you are using, as well as the date and time of the server, information about the technical parameters of the software and device you are using (e.g. whether you are using a laptop or a phone when browsing our site), as well as the location from which you connect to our server. We may use this information for marketing purposes, market research and to improve the operation of the Website. The data recorded in the server logs are not associated with specific individuals using the Service. The server logs are only auxiliary material used to administer the Service.

The legal basis for the operation of exploitation data processing is Article 6(1)(f) of the RODO (i.e. “processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party”). This legitimate interest is to enable diagnostics of errors in the Service and to improve its quality.

MARKETING OF THE ADMINISTRATOR’S OWN SERVICES

Upon separate consent, we may process your personal data for marketing purposes, including to send you commercial, promotional, advertising or marketing information.

As a general rule, the legal basis for the processing of your personal data for these purposes is Article 6(1)(a) of the DPA (i.e. “the data subject has consented to the processing of his/her personal data for one or more specified purposes”). You may withdraw your consent at any time – without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

In some cases, the legal basis for processing your personal data for direct marketing purposes may be the legitimate interest of the controller (Article 6(1)(f) of the RODO – i.e. “processing is necessary for the purposes of the legitimate interests pursued by the controller” in connection with Recital 47 of the RODO, which states: “The processing of personal data for the purposes of direct marketing may be considered an activity carried out in the legitimate interest”). According to Recital 47 of the RODO, such a legitimate interest may exist in cases where there is a substantial and appropriate relationship between the data subject and the controller. Remember, however, that you always have the right to object, at any time and free of charge, to this processing, whether primary or further – including profiling, insofar as it is related to direct marketing. Once you have objected to the processing of your personal data for direct marketing purposes – the Controller may no longer process your data for such purposes.

Claims handling

The content of your correspondence with us may be subject to archiving. You have the right to request the history of the correspondence you have had with us (if it was subject to archiving), as well as to request its deletion, unless its archiving is justified due to our overriding interests.

The legal basis for processing your personal data after contacting us is our legitimate interest in the form of the need to ensure that we can prove certain facts in the future. We may therefore process your personal data for the purpose of establishing, investigating, or defending against claims under Article 6(1)(f) of the DPA (i.e. “processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party”).

Cookies

Like almost all other websites, we use cookies. Cookies are small text information stored on your terminal device (e.g. computer, tablet, smartphone) that can be read by our data communications system. You can read more about cookies, for example, here: https://pl.wikipedia.org/wiki/HTTP_cookie or: https://www.allaboutcookies.org/

Cookies allow us to:

  • Ensure the proper functioning of the site,
  • improve the speed and safety of using
  • pages,use analytical tools,use tools
  • marketing and remarketing.

We use cookies based on your consent, except when cookies are necessary to properly provide electronic services to you

In the situation specified in points. 1, 2 and 3, we process the information contained in cookies on the basis of Article 6 (1) (f) RODO (processing is necessary for the purposes arising from the legally justified interests pursued by the administrator or a third party). This legitimate interest is to ensure the proper functioning of the Website, as well as to monitor and analyze traffic and keep statistics of visits to the Website.

In the situation specified in point 4 (in the case of processing of your personal data for marketing purposes, i.e. for advertising, market research and your behavior and preferences with the purpose of using the results of such research to improve the quality of our services), we process the information contained in cookies on the basis of Article 6(1)(a) of the RODO (the data subject has given his/her consent to the processing of his/her personal data for one or more specified purposes), pursuant to Article 18(4) of the Act of July 18, 2002 on the provision of electronic services.

We use cookies on the basis of your consent, except when cookies are necessary for the proper provision of an electronic service to you.

When you visit the Site for the first time, you will be shown a notice about the use of cookies. Accepting this notice means that you consent to the use of cookies in accordance with the provisions of this privacy policy for all purposes described above. You can always withdraw your consent (without affecting the legality of processing prior to withdrawal of consent) by deleting cookies and changing the cookie settings of your browser.

Importantly, you do not have to share the information contained in cookies with us. This can be prevented by deleting cookies and changing the cookie settings on your web browser. Opting out of cookies usually only applies to a specific browser – this means that the same action will have to be taken for any other browser you use on the same or another device.

You can also use tools that allow you to collectively manage your cookie settings and browser plug-ins that allow you to control cookies. Web browsers also offer the possibility to use the so-called “incognito mode”, which allows you to visit websites without saving information about the visited sites and downloaded files in the browser history. As a rule, cookies created in incognito mode are deleted when all windows of this mode are closed.

Note, however, that disabling cookies may cause difficulties in using the Website, as well as many other websites that use cookies.

We also maintain profiles on the following social networks:

The Service contains links to the aforementioned social networks so that you can quickly reach our pages on these portals. These are so-called “social plug-ins”, which only activate when you click on them when your browser connects to the respective portal. This also results in the transfer of information, including your personal information, to that portal. If by clicking on a plug-in you are simultaneously logged in to the portal in question, the transfer of information about your visit to our Service and the recording of this fact in your account on the social network in question may occur via your account on that portal.

When displaying a page containing such a plug-in, your browser will establish a direct connection with the servers of the social network administrators. The content of the plug-in is transmitted by the respective service provider directly to your browser and integrated into the page. Thanks to this integration, service providers receive information that your browser has displayed our site, even if you do not have a profile with the given service provider or are not currently logged in with them. Such information (often together with your IP address) can be sent by your browser directly to the service provider’s server and stored there. If you are logged in to one of the social networks, this service provider will be able to directly associate your visit to our Site with your profile on the given social network.

For information on the purposes and scope of the collection of personal data, further processing and use of personal data by Facebook, Instagram and Pinterest, as well as your rights and how you can change the appropriate settings to protect your privacy, please refer to the respective privacy policies of the services:

(i) Facebook: https://www.facebook.com/privacy/explanation

(ii) Instagram: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

(iii) Pinterest: https://policy.pinterest.com/pl/privacy-policy

If you do not want social networks to collect data about you through our Service, you should log out of them before visiting our Service. You can also completely prevent plug-ins from loading on the site by using the appropriate extensions for your browser.

What personal data we process

We may process the following categories of information about you:

usage data about all users of the Service:

  • IP address of the device,
  • server date and time,
  • location of the terminal device from which the user connects to the Service,
  • Technical parameters of the device and software used by the user,
  • data about the content viewed on the Website (the way of moving between subpages of the Website, browsing time, frequency of visits),
  • data about the source from which the user came to the Service,
  • geographic location (country),
  • preferred language (the language of the device interface),
  • Mouse actions (movements, locations, clicks) and key clicks,
  • URL code of the link and its domain,
  • device screen resolution,
  • Online identifiers, Internet protocol addresses and device identifiers.

data of persons contacting the Administrator:

  • name,
  • phone number,
  • email address,
  • The name of the company and information about the services provided (applies to persons contacting the Administrator about establishing cooperation),
  • other data that may be included by the sender in the content of the message and in the documents attached to it or provided during the phone call.

To whom we disclose your data

In our operations, we use the support of specialized external entities that may or must have access to some of your data – these include IT service providers, accounting, legal, hosting, mailing system providers, analytics, marketing and remarketing tool providers, social plugin providers, as well as our trusted partners and associates. In addition, the Service users’ data may be disclosed to third parties that provide us with cookie-related services.

The data of all users of the Service and those who contact us are processed in an information system, located in part in the so-called public cloud provided by third parties.
Information related to your use of the Service may also be accessed by recipients authorized by law to receive it (e.g., government authorities in the event of such a request).

Some of the operations described above involve the transfer of your personal data to so-called third countries (outside the European Economic Area), where the RODO does not apply. However, this always takes place on the basis of the legal instruments provided for in the RODO, which guarantee adequate protection of your rights and freedoms.

In the case of the transfer of personal data to a third country within the meaning of the RODO, when the European Commission has not issued a decision on the adequate protection of personal data for those countries (in accordance with Article 45 of the RODO), we take appropriate measures to ensure an adequate level of data protection in the event of transfer. These include the European Union’s standard contractual clauses or binding internal data protection regulations. In cases where this is not possible, we base the transfer of data on the exceptions described in Article 49 of the RODO, in particular express consent or the necessity of the data transfer to fulfill the terms of the contract or to perform pre-contractual activities. The legal basis for data transfers to third countries is therefore, unless otherwise stated, the consent referred to in Article 6(1)(a) of the RODO in conjunction with Article 49(1)(a) of the RODO. At the same time, we would like to inform you that in the case of sending data to a third country for which there is no decision on adequate protection of personal data or adequate guarantees, there is a possibility and risk that authorities in the third country in question (for example, intelligence services) will gain access to the transferred data for the purpose of collection and analysis, and that the possibility of enforcing the rights of data subjects cannot be guaranteed.

How long we will process your personal data

Your personal data will be processed for the duration of your use of the Service, and in justified cases, also later for the period necessary for the statute of limitations for claims specified by the relevant regulations.

Personal data provided through the means of communication of your choice will be retained for no longer than necessary to respond, after which time it may be retained only in justified cases for the period necessary for the statute of limitations for claims as defined by relevant regulations.

The processing of your personal data contained in cookies continues until you disable the use of cookies. You can do this by deleting cookies and changing the cookie settings of your browser.

The processing of your personal data based on consent as a legal premise, continues until you withdraw your consent.

How we enable you to exercise your rights

We make every effort to ensure that you are satisfied with your cooperation with us. Remember, however, that you have a number of rights that will allow you to influence how we process your personal data and, in some cases, cause us to stop such processing. These rights are:

The right of access to personal data (regulated in Article 15 of the RODO)

Article 15
Data subject’s right of access

  1. The data subject is entitled to obtain confirmation from the controller as to whether or not personal data concerning him or her is being processed, and if this is the case, he or she is entitled to access it and the following information:
    (a) purposes of processing;
    (b) categories of personal data involved;
    (c) information about the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
    d) where possible, the intended period of storage of personal data, and where this is not possible, the criteria for determining this period;
    e) information about the right to request from the controller rectification, erasure or restriction of the processing of personal data concerning the data subject, and to object to such processing;
    f) information about the right to lodge a complaint with a supervisory authority;
    g) if the personal data have not been collected from the data subject – any available information about their source;
    h) information about automated decision-making, including profiling as referred to in Art. 22 (1) and (4), and – at least in these cases – relevant information about the principles of such decision-making, as well as about the significance and anticipated consequences of such processing for the data subject.
  2. If personal data is transferred to a third country or international organization, the data subject has the right to be informed of the appropriate safeguards referred to in Article 46 related to the transfer.
  3. The controller shall provide the data subject with a copy of the personal data being processed. For any subsequent copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject requests a copy electronically, and unless he or she indicates otherwise, the information shall be provided by common electronic means.
  4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

The right to rectify data (regulated in Article 16 of the RODO)

Article 16
Right to rectify data

The data subject has the right to request from the controller the prompt rectification of personal data concerning him/her that is inaccurate. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by providing an additional statement.

The right to erasure (regulated in Article 17 of the RODO)

Article 17
Right to erasure (“right to be forgotten”)

  1. The data subject has the right to request from the controller the immediate erasure of personal data concerning him/her, and the controller is obliged to erase the personal data without undue delay if one of the following circumstances applies:
    a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    b) the data subject has withdrawn the consent on which the processing is based pursuant to Art. 6(1)(a) or 9(2)(a), and there is no other legal basis for the processing;
    c) the data subject objects under Art. 21 (1) against the processing and there are no overriding legitimate grounds for the processing, or the data subject objects under Article 21 (2) against the processing;
    (d) the personal data have been unlawfully processed;
    (e) the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the controller is subject; (f) the personal data have been collected in connection with the offering of information society services referred to in Article 8(1)(b). 1.
  2. If a controller has made personal data public, and is required to delete such personal data under paragraph 1, the controller shall, taking into account available technology and the cost of implementation, take reasonable measures, including technical measures, to inform controllers processing such personal data that the data subject requests such controllers to delete any links to such data, copies of such personal data or replications thereof.
    2.Paragraphs 1 and 2 shall not apply to the extent that the processing is necessary:
    (a) for the exercise of the right to freedom of expression and information;
    (b) for compliance with a legal obligation requiring processing under Union law or the law of a Member State to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    (c) for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and 9(3);
    d) for archival purposes in the public interest, for purposes of scientific or historical research or for statistical purposes in accordance with Article 89(1), insofar as the right referred to in paragraph 1 is likely to prevent or seriously impede the purposes of such processing; or
    e) for the establishment, investigation or defense of claims.

The right to restrict processing (regulated in Article 18 of the RODO)

Article 18
Right to restrict processing

  1. The data subject has the right to request the controller to restrict processing in the following cases:
    (a) the data subject disputes the accuracy of the personal data – for a period allowing the controller to verify the accuracy of the data;
    (b) the processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead a restriction of its use;
    (c) the controller no longer needs the personal data for the purposes of the processing, but the data are needed by the data subject to establish, assert or defend claims;
    (d) the data subject has raised an objection under Art. 21(1) against the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds of the data subject’s objection.
  2. If processing has been restricted pursuant to paragraph 1, such personal data may be processed, with the exception of storage, only with the consent of the data subject, or to establish, assert or defend claims, or to protect the rights of another natural or legal person, or for compelling reasons of public interest of the Union or a Member State.
  3. Before lifting a restriction on processing, the controller shall inform the data subject who requested the restriction under paragraph (2). 1.

The right to restrict processing (regulatedThe right to object to processing (regulated in Article 21 RODO)

Article 21
Right to object

  1. The data subject has the right to object at any time – on grounds relating to his or her particular situation – to the processing of personal data concerning him or her based on Article 6(1)(e) or (f), including profiling under these provisions. The controller shall no longer be allowed to process such personal data unless the controller demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.
  2. If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
  3. If the data subject objects to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.
  4. At the latest on the occasion of the first communication with the data subject, the data subject shall be clearly informed of the right referred to in paragraphs 1 and 2, and shall be presented clearly and separately from any other information.
  5. In connection with the use of information society services and without prejudice to Directive 2002/58/EC, the data subject may exercise the right to object through automated means using technical specifications.
  6. If personal data are processed for scientific or historical research purposes or for statistical purposes under Article 89(1), the data subject has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out in the public interest.

The right to data portability (regulated in Article 20 of the RODO)

Article 20
Right to data portability

  1. The data subject has the right to receive in a structured, commonly used machine-readable format the personal data concerning him or her that he or she has provided to the controller, and has the right to send such personal data to another controller without hindrance from the controller to whom the personal data was provided, if:
    a) the processing is based on consent pursuant to Art. 6(1)(a) or 9(2)(a) or on the basis of a contract pursuant to Article 6(1)(b); and
    b) the processing is carried out by automated means.
  2. In exercising the right to data portability under paragraph 1, the data subject has the right to request that the personal data be sent by the controller directly to another controller, insofar as this is technically possible.
  3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article. 17. This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of public authority entrusted to the controller.
  4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.To exercise any of the rights described above, please contact us, e.g. by e-mail to the address through which we have contacted you, or at: kontakt@nilen.pl

Complaint to the supervisory authority

Pursuant to Article 77 of the RODO, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place where the alleged violation was committed, if you believe that the processing of personal data concerning you has violated or is violating the provisions of the RODO.

In Poland, the supervisory authority is the President of the Office for Personal Data Protection. You can get detailed information (including contact details) on the website of the Office for Personal Data Protection maintained at: https://uodo.gov.pl/

If you want to contact another supervisory authority responsible for the protection of personal data – visit the website of the European Data Protection Board available at: https://edpb.europa.eu/about-edpb/about-edpb/members_pl

Is the provision of data necessary to enter into a contract with us

Your personal data obtained in connection with the use of our Service is not collected for the purpose of entering into a contract with you as defined in the RODO.

Providing your selected personal information when contacting us through your chosen communication channel is completely voluntary, but in most situations necessary to respond to your inquiry.

You do not have to share the information contained in cookies with us. You can prevent this by deleting cookies and changing the cookie settings on your browser. Detailed information about the possibility and methods of handling cookies is available in the settings of your software (web browser). Remember, however, that changing the settings of cookies so that the use of the information contained in them is blocked may cause difficulties in using the Website.

Where we got your personal information from

We obtain the data of users of the Service and those who contact us only to themselves.

We obtain the remaining data, including anonymous usage data and personal data related to the use of cookies, by automated means – most often, however, this is not personal data.

Automated processing and profiling

Exploitation data and data related to the use of cookies may be processed by automated means as defined by the RODO.

Data processed through marketing and remarketing tools or social plugins may be subject to profiling.

Other data collected in connection with the use of the Website, including data of users and those who contact us, are not processed by automated means or subject to profiling.