Controller – EPP Office – Symetris Business Park Sp. z o.o. with its registered office
in Warsaw, ul. Konstruktorska 12a, entered in the Register of Business Entities, part of the National
Court Register, kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Business and
the National Court Register Division, under No. KRS 0000404690, identified by NIP (tax ID No.)
5252523071, (hereinafter: the “Controller”).
Personal Data – information about a natural person who is identified or identifiable by
one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural
or social identity, including the device IP, location data, internet identifier, and information
collected through cookies and other similar technologies.
Policy – this Privacy Policy.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27
April 2016 on the protection of natural persons with regard to the processing of personal data and on
the free movement of such data, and repealing Directive 95/46/EC.
User – any natural person visiting the Website or using one or more of the services or
functionalities described in the Policy.
DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE
In connection with the User’s use of the Website, the Controller collects data to the extent necessary
to provide the individual services offered and information about the User’s activity on the Website. The
following describes the specific principles and purposes of the processing of the Personal Data
collected during the User’s use of the Website.
PURPOSES OF AND LEGAL BASIS FOR DATA PROCESSING ON THE WEBSITE
Use of the website
Personal data of all persons using the Website (including IP addresses or other identifiers and
information collected through cookies or other similar technologies) are processed by the Controller:
in order to provide electronic services in terms of providing Users with access to content
collected on the Website, in which case the legal basis for the processing is the necessity of
the processing for the performance of a contract (Article 6(1)(b) GDPR);
for analytical and statistical purposes, in which case the legal basis for the processing is the
Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in conducting analyses of
Users’ activity and their preferences in order to improve the functionalities used and services
provided;
for the purposes of possible establishment, exercise or defence of legal claims, in which case
the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f)
GDPR) consisting in the protection of its rights.
The Users’ activity on the Website, including their Personal Data, is recorded in system logs (a special
computer programme used to keep a chronological record containing information on events and activities
that relate to the IT system used to provide services by the Controller). The information collected in
the logs is processed primarily for the purposes of providing services. The Controller also processes
them for technical and administrative purposes, for the purposes of ensuring security and managing the
IT system, as well as for analytical and statistical purposes, in which case the legal basis for
processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).
COOKIES AND SIMILAR TECHNOLOGY
Cookies are small text files installed on the device of the User browsing the Website. Cookies collect
information to facilitate the use of the website, e.g. by remembering the Users’ visits to the Website
and their actions.
Service cookies
The Controller uses the so-called service cookies primarily to provide the User with electronic
services and to improve the quality of these services. Accordingly, the Controller and other
entities providing analytical and statistical services to the Controller use cookies when storing
information or accessing information already stored in the User’s telecommunications end device
(computer, phone, tablet, etc.). Cookies used for this purpose include:
user input cookies (session ID), for the duration of the session;
authentication cookies used for services that require authentication for the duration of the
session;
user-centric security cookies, i.e., security ensuring cookies, e.g. those used for detecting
misuse of authentication;
multimedia player session cookies (e.g. flash player cookies), for the duration of the session;
user interface customisation cookies, i.e., persistent cookies to personalise the User’s
interface for the duration of the session or slightly longer.
ANALYTICAL AND MARKETING TOOLS USED BY THE CONTROLLER’S PARTNERS
The Controller and its Partners apply various solutions and tools used for analytical purposes. Below is
some basic information on these tools. Please refer to the privacy policy of the respective Partner for
further details.
Social plug-ins
The Website uses social network plug-ins (LinkedIn). These plug-ins allow the Users to share content
published on the Website with the social network of their choice. As a result of the use of plug-ins
on the Website, the respective social network receives information about the User’s use of the
Website and may attribute this information to the User’s profile created on the respective social
network. The Controller has no knowledge of the purpose or scope of data collection by social
networks. Detailed information can be found at the links below:
The use of cookies to collect data via them, including accessing the data stored on the User’s device,
requires the User’s consent. This consent may be withdrawn at any time.
Consent is not required only for cookies the use of which is necessary for the provision of a
telecommunications service (data transmission to display content).
You can withdraw your consent to the use of cookies via your browser settings. Detailed information can
be found at the links below:
The duration of the data processing by the Controller depends on the type of service provided and the
purpose of the processing. As a general rule, data are processed for the duration of the service, until
the consent given is withdrawn or an effective objection is made to the processing in cases where the
legal basis for the processing is the Controller’s legitimate interest.
The data processing period may be extended, if the processing is necessary for the establishment,
exercise or defence of possible legal claims, and thereafter only if and to the extent required by law.
After the expiry of the processing period, the data are irreversibly deleted or anonymised.
USER RIGHTS
The User has the right to access the content of the data and to request their rectification, erasure or
restriction of processing, the right to data portability, and the right to object to the processing of
the data, as well as the right to lodge a complaint with the supervisory authority dealing with the
protection of Personal Data.
To the extent that User data are processed on the basis of consent, this consent may be withdrawn at any
time by contacting the Controller or using the functionalities provided on the Website.
The User has the right to object to the processing of data for marketing purposes, if the processing is
carried out in connection with the Controller’s legitimate interest, and, for reasons related to the
User’s particular situation, in other cases where the legal basis for the data processing is the
Controller’s legitimate interest (e.g. in connection with the pursuit of analytical and statistical
purposes).
For more information on your rights under GDPR, please click here.
DATA RECIPIENTS
In connection with the provision of services, Personal Data will be disclosed to third parties,
including, without limitation, IT service providers, in particular hosting service providers, providers
responsible for the operation of IT systems, analytical service providers, marketing agencies (to the
extent of marketing services), and entities related to the Controller, including member companies of its
group.
If the User’s consent is obtained, his or her data may also be made available to other entities for
their own purposes, including marketing purposes.
The Controller reserves the right to disclose selected information concerning the User to the competent
authorities or to third parties, if they make a request for such information on the basis of appropriate
legal grounds and in accordance with the provisions of the applicable law.
TRANSFER OF DATA OUTSIDE THE EEA
The level of protection of Personal Data outside the European Economic Area (EEA) differs from that
provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only
when necessary and with an adequate degree of protection ensured, primarily by:
cooperation with processors of Personal Data in countries for which a relevant adequacy decision
of the European Commission has been issued confirming that the country provides adequate level
of protection of Personal Data;
the use of standard contractual clauses issued by the European Commission;
the application of binding corporate rules approved by the competent supervisory authority;
in the case of data transfers to the USA, cooperation with entities participating in the Privacy
Shield framework approved by a decision of the European Commission.
PERSONAL DATA SECURITY
The Controller conducts risk analysis on an ongoing basis to ensure that Personal Data are processed by
the Controller in a secure manner, primarily by ensuring that only authorised persons have access to the
data and only to the extent necessary for their tasks. The Controller also ensures that all operations
on Personal Data are recorded and carried out only by authorised employees and associates.
The Controller shall take any and all necessary measures to ensure that its subcontractors and other
cooperating entities likewise guarantee the application of appropriate security measures whenever they
process Personal Data on behalf of the Controller.
The Controller has appointed the Personal Data Protection Coordinator whom you may contact via e-mail rodo@epp-poland.com on any matters concerning the
processing of Personal Data.
AMENDMENTS TO PRIVACY POLICY
This Policy is reviewed on a regular basis and updated as necessary.