Privacy Policy

I. Definitions

  1. Administrator – Thomas Passon conducting business activity under the name PP - Pools Thomas Passon with its seat in Przywory at Parkowa 1, 46-050 Tarnów Opolski, Opole voivodeship, NIP: 9910496468, REGON: 161538789,
  2. Personal data - information about an identified or identifiable natural person; an identifiable natural person is a person who can be directly or indirectly identified by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, internet identifier, and information collected via cookies and other similar technology.
  3. GDPR - Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  4. Policy - this Privacy and cookies Policy.
  5. User - every natural person visiting the Service or using one or several services or functionalities described in the Policy as well as a natural person whose personal data is processed by the Administrator, e.g., visiting the Administrator's premises or directing an inquiry to him in the form of an email.
  6. Service - website run by the Administrator at the address www.pp-pools.eu

II. Introduction

  1. The purpose of this Policy is to define the principles, method of processing, and use of Users' personal data. The Policy also contains information regarding the rights of natural persons in relation to their shared personal data. The legal basis of the Policy is Regulation of the European Parliament and of the Council (EU) No 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. This Policy constitutes the fulfillment by the Administrator of obligations arising from Art. 12 and 13 of GDPR.
  2. The Policy applies to every website, service referring to this information, as well as to data transmitted through them, by phone, electronic means, or in person at the Administrator's seat. Please note that upon leaving the Administrator's website, the User enters an area where the Policy does not apply. The Administrator is not responsible for the privacy policy rules applicable on websites operated by other entities.
  3. In connection with the business activity conducted by the Administrator and the User's use of the Service, the Administrator collects data to the extent necessary to provide individual offered services, as well as information about the User's activity in the Service. Below are described detailed rules and purposes of processing Personal data.

III. Contact with the Administrator and Data Protection Officer

A Data Protection Officer has been appointed in the company, with whom one can contact in every matter regarding the processing of personal data. Contact with the Data Protection Officer is possible at the email address: info@pp-pools.eu or at the correspondence address: Parkowa 1, 46-050 Tarnów Opolski.

IV. Purposes and legal bases of processing Personal data

In the scope of contact by phone or email:

a) providing an answer to asked questions by email or via the contact form and maintaining contact with You, which constitutes the legally justified interest of the administrator (Art. 6(1)(f) GDPR). Personal data will be processed until the claims expire.

b) Newsletter sending the newsletter to persons who have consented to receiving it. The basis for processing this personal data is the consent specified in Art. 6(1)(a) GDPR. Such data is stored until the consent is withdrawn.

In the scope of using the Service:

a) for the purpose of providing electronic services in the scope of making available to Users content collected in the Service - then the legal basis for processing is the necessity of processing to perform the contract.

b) for analytical and statistical purposes - then the legal basis for processing is the legally justified interest of the Administrator (Art. 6(1)(f) GDPR), consisting in conducting analyses of Users' activity, as well as their preferences to improve applied functionalities and provided services.

The User's activity in the Service, including his Personal data, is recorded in system logs (a special computer program serving to store a chronological record containing information about events and actions that concern the IT system used to provide services by the Administrator). Information collected in logs is processed primarily for purposes related to providing services. The Administrator also processes them for technical, administrative purposes, for ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes - in this scope, the legal basis for processing is the legally justified interest of the Administrator (Art. 6(1)(f) GDPR).

If the User places in the Service any Personal data of other persons (including their name and surname, address, phone number, or email address), he may do so only on the condition of not violating the law and personal rights of these persons.

Email and traditional correspondence

a) in case of directing to the Administrator via email or traditional correspondence not related to services provided for the sender or another contract concluded with him, personal data contained in this correspondence is processed only for the purpose of communication and resolving the matter to which the correspondence relates. The legal basis for processing is the legally justified interest of the Administrator (Art. 6(1)(f) GDPR) consisting in conducting correspondence directed to him in connection with his business activity.

b) Collecting data within business contacts

c) In connection with the conducted business activity, the Administrator collects personal data, e.g., during business meetings or via exchanging business cards - for purposes related to initiating and maintaining business contacts. Such personal data is processed for the purpose of realizing the legally justified interest of the Administrator and his contractor (Art. 6(1)(f) GDPR) consisting in creating a network of contacts in connection with the conducted business activity.

Processing data in connection with providing services or performing other rights:

a) In case of collecting data for purposes related to performing a specific contract, the Administrator provides the person whose data concerns detailed information regarding the processing of her personal data at the moment of concluding the contract or at the moment of obtaining personal data in case processing is necessary to take actions by the Administrator at the request of the Data subject, before concluding the contract.

b) Processing personal data of the Administrator's clients or staff members of contractors.

c) In connection with concluding contracts within the conducted business activity, the Administrator obtains from contractors/clients data of persons involved in the performance of such contracts (e.g., data of persons authorized to contact, performing orders, etc.). The scope of shared data is in each case limited to the degree necessary for the performance of the contract and usually does not include other information than name and surname and official contact details. Such personal data is processed for the purpose of realizing the legally justified interest of the Administrator and his contractor (Art. 6(1)(f) GDPR), consisting in enabling correct and efficient performance of the contract.

Fulfillment of legal obligations imposed on the Administrator

a) the administrator processes Users' Personal data in connection with fulfilling legal obligations imposed on him, regarding, among others, keeping accounting and bookkeeping documentation, as well as realizing the rights of persons whose data concerns. Such personal data is processed based on Art. 6(1)(c) GDPR - processing is necessary to fulfill a legal obligation incumbent on the Administrator.

b) establishing, pursuing claims, and defending against claims

c) for the purpose of establishing, pursuing claims, and defending against claims, including documenting raised objections to the processing of personal data, Users' personal data shared with the Administrator will be processed. The legal basis for processing personal data is Art. 6(1)(f) GDPR, which allows processing personal data for the purpose of possibly establishing, pursuing, or defending against claims, being the realization of the legally justified interest of the Administrator.

V. Recipients of Personal data

In connection with conducting activity requiring the processing of personal data, personal data may be disclosed to external entities.

The recipient of Your personal data may be external companies providing support to the administrator based on commissioned services, with whom appropriate data processing entrustment agreements have been concluded, i.e., IT service providers, authorized employees, and collaborators of the personal data administrator.

VI. COOKIES

When you enter our website, we inform you that we use cookies and other technologies (including tracking or profiling) on it so that this site functions correctly, to personalize content and ads displayed to you, and to analyze visit statistics. You can consent to our use of all the above cookies or adjust cookie settings to your preferences by clicking on the banner that will display during your first visit to our website, the "Cookie Settings" button.

You can withdraw given consents at any time by recalling the cookie management banner by clicking the "Cookie Settings" button located in the footer of our website. A "cookie" is a small text file that a website sends to the visitor's computer or other Internet-connected device (e.g., smartphone), which is then opened during subsequent visits to the site to identify the user's browser or to save information or settings in the web browser. A cookie usually contains the domain name from which it was sent, the "lifetime" of the cookie, and a randomly generated unique identifier.

Purposes of using cookies:

Cookies can have various functions. In our service, we use cookies for the following purposes:

a) adapting the content of our service to your preferences and optimizing the use of websites, in particular recognizing the user's device and appropriately displaying the website, tailored to his individual needs; this means that we can remember you in case of a repeat visit to our site and personalize the site according to your preferences. In this case, certain information about you may be associated with the cookie, which may constitute personal data,

b) creating statistics that form the basis for analyzing how users use websites,

c) analyzing the status of an anonymous user by comparing his email/IP/other data provided when, e.g., filling out a form with previously used email addresses of persons who filled out the form to measure advertising effectiveness (by checking whether it is a new or returning customer).

Types of cookies used in the Service:

a) Necessary for providing services (e.g., maintaining a session).

b) Functional - helping us adapt the appearance of the site and displayed ads to your preferences, analyzing traffic on the site and interest in published materials.

c) Marketing - Marketing cookies allow matching displayed ad content to your interests, not only on our site but also outside it. They may be installed by advertising partners via our website. Based on information from these cookies and activity in other services, your interest profile is built.

d) Analytical - cookies allow checking the number of visits and traffic sources on our site. They help us determine which pages are more and less popular and understand how users navigate the site.

GOOGLE ANALYTICS

Google Analytics cookies are files used by Google to analyze how the User uses the Service, to create statistics and reports on the Service's functioning. Google does not use collected data to identify the User nor combine this information to enable identification. Detailed information on the scope and rules of data collection in connection with this service can be found at the link:

VII. Transfer of personal data outside the European Economic Area (EEA)

The level of personal data protection outside the European Economic Area (EEA) differs from that ensured by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary and with ensuring an appropriate level of protection, primarily through:

i. cooperation with entities processing personal data in countries for which an appropriate European Commission decision regarding ensuring an adequate level of Personal data protection has been issued;

ii. applying standard contractual clauses issued by the European Commission;

iii. applying binding corporate rules, approved by the competent supervisory authority;

VIII. Period of processing Personal data

The Administrator processes obtained personal data for the period necessary to achieve the purpose/purposes for which they were shared. The period of processing data is related to the purposes and bases of their processing, therefore:

  • data processed based on statutory requirements will be processed for the time during which legal regulations require data retention;
  • when the basis for processing is the performance of a contract, then data is processed by the Administrator as long as it is necessary to perform the contract;
  • data processed based on the legally justified interest of the Administrator will be processed until an effective objection is raised by the person whose data concerns or until this interest ceases. Data processed for the purpose of pursuing or defending against claims will be processed for a period equal to the limitation period of these claims;
  • data processed based on consent will be processed until the consent is withdrawn by the person whose data concerns;

The period of processing data may be extended if processing is necessary to establish or pursue claims or defend against claims, and after this period - only if and to the extent required by law. After the processing period, data is irreversibly deleted or anonymized.

IX. Rights of data subjects

The Administrator implements the rights of persons whose data concerns related to the processing of their personal data. In particular, every data subject has the right to:

  • access their personal data,
  • rectify personal data,
  • delete data ("right to be forgotten"),
  • restrict the processing of personal data,
  • object to the processing of personal data.

In case the basis for processing personal data is the legally justified interest of the Administrator, the data subject has the right to object at any time to the processing of personal data, without the need to justify their decision, especially in case the legally justified interest consists in conducting activities related to direct marketing.

Consent given by data subjects via the Websites can be withdrawn at any time, which does not affect the lawfulness of processing carried out before its withdrawal.

The Administrator informs that there is no obligation to delete data (i.e., implement the "right to be forgotten") in case processing is necessary for:

  • exercising the rights and freedoms of expression and information,
  • fulfilling a legal obligation of processing under EU or Polish law,
  • archival purposes in the public interest, scientific or historical research purposes, or statistical purposes,
  • establishing, pursuing, or defending claims.

The above rights, as well as the intention to withdraw consent, can be realized by sending an appropriate request electronically to the Administrator's email or by mail to the Administrator's address provided in point I of the Policy.

In every case of recognizing that the rights of a natural person resulting from legal provisions and the Policy are violated, Users have the right to lodge a complaint with the Office for Personal Data Protection with its seat in Warsaw at Stawki 2.

X. Security of Personal data

The Administrator ensures the security of personal data against their unlawful disclosure to unauthorized persons, takeover of data by unauthorized persons, destruction, loss, damage, or alteration, and processing of personal data in a manner inconsistent with the provisions of GDPR.

The data administrator takes technical and organizational measures meeting GDPR requirements to secure entrusted personal data, in particular measures listed in Art. 24 and Art. 32 GDPR, ensuring confidentiality, integrity, and availability of services processing shared personal data.

XI. Final provisions

In matters not regulated by this Policy, EU and national personal data protection regulations apply.