The Data Controller for the processing of data collected via the website located at https://www.grcadvisory.com is GRC Advisory Sp. z o.o., principal place of business and address for service: ul. Strzegomska 138, 54 – 429 Wrocław, registered in the National Court Register KRS: 0000350726, tax identification number NIP: 8942993784, statistical number REGON: 021167324, share capital PLN 50.000, email address:email@example.com, hereinafter referred to as the “Data Controller”, which is also a Service Provider.
The User’s personal data shall be processed in accordance with the provisions of the Personal Data Protection Act of 29 August 1997 (Dz. U. [Journal of Laws] No. 133, item 883, as amended) as well as the Act on the Provision of Electronic Services of 18 July 2002 (Dz. U. No. 144, item 1204, as amended).
The Data Controller shall take all reasonable steps to protect the interests of data subjects and ensure that all data is:
- lawfully processed,
- obtained only for specified, lawful purposes, and not further processed in any manner incompatible with those purposes,
- factually correct, adequate and relevant in relation to the purposes for which it is processed and shall be stored in a form that permits identification of the data subject, for no longer than is necessary for those purposes.
PURPOSE AND SCOPE OF DATA COLLECTION
The data received by the Data Controller shall be used exclusively to:
- contacting the Customer
- information purposes and other activities related to the Customer’s activity on the website https://www.grcadvisory.pl
The Data Controller may process the following personal data about the User:
- first name and surname,
- e-mail address,
- phone number.
The Data Controller may collect and process the following information about how the User interacts with the electronic services (usage data):
- digits and symbols which identify the end-user’s network termination point or ICT system,
- information on the date and time of access as well as the scope of each use of the electronic services,
- information on the use of the electronic services.
LEGAL GROUND FOR PROCESSING
The use of the service, concluding contracts for the provision of electronic services through an online store, which involves the need to enter personal information is entirely voluntary. The subject of the data independently decides whether to start using the services provided electronically by the Provider.
In accordance with Art. 23 of the Law on Personal Data Protection (Dz. U. Nr 133, poz. 883 ze zm. – Journal of Laws No. 133, item. 883 as amended) Processing is permitted, among others, if:
- the data subject has given his consent, unless the subject matter is the deletion of data
- it is necessary to perform the contract if the data subject is a party or when it is necessary to take action before the conclusion of the contract at the request of the data subject..
The processing of personal data by the Data Controller is always within the framework of admissibility of the processing referred to in paragraph. 2. Data processing will be linked to performance of the contract or the need to take action before concluding the contract on the request of the data subject (para. 2 pt. b).
THE RIGHT TO CONTROL, ACCESS AND CORRECT PERSONAL DATA
The User has the right to access their personal data and correct them.
Every person has the right to control the processing of data concerning them contained in the data set Data Controller and notably the right to request to supplement, update, or correct personal data, temporary or permanent suspension of theirprocessing or removal if they are incomplete, outdated, inaccurate or collected in violation of the law or are no longer needed for the purpose for which they were collected.
In order to exercise the rights referred to in paragraph. 1 and 2 can be used by sending an appropriate e-mail to: firstname.lastname@example.org.
Cookies are essential for the provision of electronic services via the website. Cookies, especially those requiring the User’s additional authorisation, contain information that is necessary for the proper functioning of the website.
The website uses three main types of cookies:
- “session” cookies are temporary files which are stored on the User’s end-device until they log out (leave the website),
- “analytical” cookies provide information on how individual User interact with website and are used to improve the performance of the website. Analytical cookies collect information about how User use the website, what type of website referred the User to website, the frequency of visits and the time of each visit. All User data is collected anonymously and used solely for statistical analysis of website use.
The User can adjust cookie permissions via options in their browser settings. More detailed information about cookie management with specific web browsers can be found in the browsers’ respective settings.
The Data Controller uses technical and organizational measures to ensure the protection of personal data processed appropriate to the risks and category of data being protected, and in particular protects data against their unauthorized disclosure, takeover by an unauthorized person, processing with violation of existing regulations change, loss, damage or destruction.
The Service Provider provides the technical means to prevent the acquisition and modification by unauthorized persons personal data transmitted electronically.