Privacy Policy of
E PACK Sp. z o.o.
of 26.04.2022

 

E PACK Sp. z o.o., as the owner of the www.epack.com.pl website  , makes every possible effort to ensure that your privacy is properly protected. In order to implement the lawful (GDPR), transparent and secure processing of your personal data, we adopt the following privacy policy.

In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), we would like to inform:

1.      General information:

A.      The Administrator of Personal Data within the meaning of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Dz.Urz. UE L 2016, No. 119) (hereinafter referred to as GDPR) is E PACK Sp. z o.o. NIP: 521-350-985-9, REGON: 141637432, KRS: 0000317723, with its registered office in Tarnów, Kurnakowicza 5 Street, tel. 883-903-283, e-mail: biuro@epack.com.pl

B.      The User within the meaning of this Privacy Policy is a natural person using the Administrator’s websites, including the Administrator’s contact forms.

C.      Contact with in matters regarding the processing of personal data by the Administrator: biuro@epack.com.pl

1.      The purpose of data processing by the Administrator.

A.      The User entrusts the processing of personal data to the Administrator in order to handle recruitment, inquiry or order placed via the contact form.

B.      Providing personal data by the User during contact is voluntary, and the data provided will be used (if applicable) only for the purposes of:

                                                                                           I.            Answer.

                                                                                        II.            Presentation of the Administrator’s offer.

                                                                                      III.            Security of the Administrator’s network systems (e.g. protection against spam and DDOS attacks).

                                                                                      IV.            To measure your audience on the web.

                                                                                         V.            Recruitment of an employee.

C.      Giving consent by providing contact details is voluntary, but in some cases failure to provide them may prevent the handling of the inquiry / order placed via the contact form.

2.      Legal basis for data processing by the Administrator.

A.      The legal basis for the processing of personal data for the purposes set out in 2.b a and 2.b.b is the User’s consent (Article 6. 1. a) GDPR), and / or Article 6. 1.b) of the GDPR in the case of the User’s willingness to conclude a contract.

B.      The prerequisite for the processing of personal data for the purpose specified in 2.b.c is the legitimate interest pursued by the administrator (Article 6. 1. f) of the GDPR), and the legal basis is Recital 49 of the GDPR and the Regulation of the Minister of Internal Affairs and Administration of 29 April 2004 on the documentation of personal data processing and technical and organizational conditions to be met by devices and IT systems used to process personal data.

C.      The prerequisite for the processing of personal data for the purpose specified in 2.b.d is the legitimate interest pursued by the controller (Article 6.1.f) of the GDPR), and the legal basis is Article 8 point 1 d) of the Regulation of the European Parliament and of the Council on the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on privacy and electronic communications).

D.     Personal data for the purpose specified in 2.b are processed due to the desire to conclude a contract (Article 6. 1.b) of the GDPR), and the legal basis for the collected data is Art. 221 § 1. Labour Code

1.      Scope of data processing by the Administrator

A.      For the purposes indicated in 2.b.a and 2.b.b., to the extent that the User voluntarily provides, the Administrator may process:

                                                                                           I.            name and surname (contact person)

                                                                                        II.            contact phone number

                                                                                      III.            e-mail address for contact

                                                                                      IV.            internet domain address (and possibly other related data provided by the User)

                                                                                         V.            other data provided by the User

B.      For the purpose given in 2.b.c::

                                                                                           I.            IP address

                                                                                        II.            meta data sent by the browser (or other end device establishing a connection to the Administrator’s website)

C.      For the purpose stated in 2.b.d.:

                                                                                           I.            meta data sent by the browser

D.     For the purpose specified in 2.b.e (recruitment), we will ask the person applying for employment to provide data such as: name and surname, date of birth, place of residence (correspondence address), education and the course of previous employment.

E.      Recipients of personal data and transfer of personal data to a third country:

                                                                                           I.            The User’s personal data related to the purposes listed in points 2.b.a. to 2.b.c. and 2.b. will be processed only by the Administrator.

                                                                                        II.            Data related to the purpose from point 2.b.d. will be processed by the Administrator and a partner, Google Inc. with its registered office in the USA, whose web audience measurement tool (Google Analytics) is used by the Administrator. This data is anonymous and is not  shared further.

                                                                                      III.            Google, which provides the Administrator with a web audience measurement service, has acceded to the EU-US Privacy Shield Agreement and, in accordance with the Decision of the European Commission of 12 July 2016 IP/16/216, the transfer of personal data to entities based in the United States that have acceded to the above-mentioned agreement ensures an adequate level of protection of personal data, in accordance with Article 45 of the GDPR;

F.      The User’s personal data may be made available to entities from the Administrator’s capital group and to the Administrator’s partners with whom the Administrator cooperates by combining products or services. In the case of cooperation, subcontractors (processors), such as accounting firms, hosting companies, may also have access to the data.

2.      Rights of the User whose data is processed.

A.      You have the right to:

                                                                                           I.            access to your personal data,

                                                                                        II.            rectification of personal data,

                                                                                      III.            deletion of personal data,

                                                                                      IV.            restriction of the processing of personal data

                                                                                         V.            transfer of personal data

                                                                                      VI.            object to the processing of personal data

                                                                                    VII.            Withdrawal of previously expressed consent to the processing of personal data

B.      In order to exercise his rights, the User should send an e-mail to the address provided in 1.a., a letter to the address of the registered office given in 1.a. or contact by phone to the number provided in 1.a.

C.      The Administrator executes the User’s request immediately, with the proviso that the deletion or limitation of the possibility of data processing may affect the possibility or scope of proper handling of the submitted inquiry / order.

3.      The period of personal data processing by the Administrator.

A.      The Administrator stores Users’ personal data for a period not longer than it is necessary to handle the submitted inquiry / order, including the preparation of a personalized commercial offer and enabling the Administrator to perform its obligations.

B.      At any time, the User may submit a request for the deletion of his personal data. In this case, they will be deleted immediately, but this may involve interrupting the handling of the submitted query.

4.      Information stored in the User’s end device (Cookies).

A.      In order to ensure the proper operation of the website, and in particular to adapt the content of the website and advertisements to the User’s preferences and optimize the use of the website, the Administrator may use the capabilities of the terminal device for processing and storage and may collect information from the User’s end device.

B.      The data described in point 1 will be used by the Administrator only to the extent necessary to provide the services requested by the User and to protect network systems.

C.      The User can decide for himself what data will be sent to the Administrator by changing the settings of his browser (e.g. by blocking the saving of Cookies).

D.     This website uses web traffic analysis scripts (Google Analytics) provided by Google Inc ., based in the USA, (Google Adwords) provided by Google Ireland Limited, based in Ireland, (Facebook) provided by Facebook Ireland Ltd. with its registered office in Ireland. These scripts may store data on his end device (e.g. cookies). You can object to this by blocking cookies and other data from third-party websites in your browser.

E.      Instructions on how to change the settings described in sections 3 and 4 can be found in the browser settings, its user manual or on the manufacturer’s website.

F.      The user can delete cookies at any time by using the available functions in the web browser he uses. Restricting the use of cookies  may affect some of the functionalities available on the website.

G.      In order to opt out of the display of personalized Google ads (AdWords and others) based on the use of the Website, the User may make appropriate changes to the advertising settings using the tool available on the https://adssettings.google.pl/authenticated website  and clear cookies in the web browser. Resignation from the display of personalized Facebook ads based on the use of the Website, the User may make appropriate changes to the advertising settings using the instructions indicated on the https://www.facebook.com/help/1075880512458213/ website  and clear cookies in the web browser. Blocking the collection of data by Google analytical tools (Analytics, Optimize and others) and Facebook, the User may in the settings of his browser disable the acceptance of cookies and data of external websites, clear cookies  in the web browser, use add-ons blocking tools (e.g. https://tools.google.com/dlpage/gaoptout/?hl=pl ) or use the Website in the browser in a mode without saving information in cookies.

H.     more information about cookies can be found on the website: http://wszystkoociasteczkach.pl/

5.      Lodging a complaint:

A.      The User has the right to object to the processing of his personal data, on the basis of which the Administrator will cease to process data in the indicated scope / purpose. To object, please send a message as described in section 5.b.

B.      The User has the right to lodge a complaint against the Administrator to the supervisory body, which is the President of the Office for Personal Data Protection.

1.      Obligations of the Administrator

A.      The Personal Data Administrator undertakes to take measures to secure the processing of personal data to the extent specified in the Act, and in particular undertakes to:

B.      Securing data against their disclosure to unauthorized persons, taking away by an unauthorized person, changes, damage or destruction.

C.      Allow the processing of personal data only to persons with an authorization issued by him.

D.     Ensure control over the correctness of personal data processing.

E.      Keeping records of persons authorized to process personal data, taking special care to ensure that persons authorized to process these data keep them secret, also after the completion of the Administrator’s implementation, including by informing them about the legal consequences of violating the confidentiality of data and receiving statements about the obligation to keep this data secret.

F.      Keeping documentation required by law describing the method of processing entrusted personal data and technical and organizational measures ensuring the protection of the processing of such data, including in particular: the Register of Data Processing Processes, the Personal Data Security Policy and the Instructions for Managing the IT System used for the Processing of Personal Data.

G.      Ensure that IT and telecommunications equipment and systems used to process personal data comply with the requirements of the Regulation of the Ministry of the Interior and Administration of 29 April 2004 on the documentation of processed personal data and the technical and organizational conditions to be met by devices and systems.”