Privacy and Cookies Policy
This document determines principles of protecting personal data of people visiting “www.nobonobo.pl”
The Controller shall be obliged to protect the privacy of the Users. Acting with that purpose in mind, the Controller shall make every effort to provide the User with protection of personal data provided in order to use the Website.
- The controller
- Collecting personal data
- Types of collected personal data
- For what purpose, on what basis and how long we process personal data
- Website user’s rights
- Recipients of personal data
- Processing of children’s data
- Data transfer outside the eea
- Automated decision making
- Cookies policy
- Security of personal data
I. THE CONTROLLER
Your personal data shall be administered by KAZA DESIGN Sp. z o.o based in Łodygowice, ul. Żywiecka 212, entered in the National Court Register by the District Court for Bielski-Biała, 8th Commercial Department of the National Court Register under KRS number: 0000381485, REGON: 241808110, NIP: 5532486891
e-mail address: firstname.lastname@example.org
- Personal data – any information about a natural person identified or possible to be identified by one or several specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including IP address of the device, data about location, online identifier and information collected through cookie files and other similar technology.
- GDPR – Regulation of the European Parliament and the European Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in connection with personal data processing and free flow of such data, and repealing Directive 95/46/EC.
- Website – website run by the Controller at www.nobonobo.pl
- User – any natural person visiting the Website or using at least one of the services provided by the Controller or the functions of the Website.
III. COLLECTING PERSONAL DATA
The Controller collects Users’ data using the www.nobonobo.pl website.
These data are collected in accordance with the principles set out in the GDPR, only to the extent necessary to provide services related to the use of the Website by the Controller.
Use of the Website does not require registering as a user. Thus, users are not divided into registered and unregistered.
IV. TYPES OF COLLECTED PERSONAL DATA
The scope of personal data collected by the Controller through the Website depends on the function used by the User, e.g. newsletter, contact form.
The Controller also collects information about Users in an automated manner through cookies.
V. FOR WHAT PURPOSE, ON WHAT BASIS AND HOW LONG WE PROCESS PERSONAL DATA
The User’s personal data is processed by the Controller in accordance with GDPR and Polish domestic legislation.
Types of collected Website Users’ Personal Data as well as the purpose and basis of their processing depend on the User’s use of the Website.
Personal Data are used only in connection with the User’s use of the services provided electronically by the Controller, in particular handling a request or inquiry and contacts with the User.
USING THE WEBSITE
While using the Website, information about the User is being collected in an automated manner via cookies. For more information concerning the rules of using cookies, the purposes for which they are used, and the ways of turning them off, see Chapter XI of the Policy.
Users who want to send a notification or inquiry are requested to fill a relevant form with data necessary to contact the User and to provide answers to the inquiry in the scope covered by form fields (e.g. phone or e-mail address depending on the preferred form of communication).
The User may also – in order to facilitate the handling of the notification – provide additional data, thereby expressing consent to process it. Such data can be removed at any time. Providing data marked as mandatory is not obligatory but it is required to handle the submitted notification. Providing the remaining data is voluntary.
Based on the provided consent (Article 6 (1) letter a of the GDPR), personal data provided in the Contact Form are being processed for contact reasons and in order to answer questions. as well as to determine, pursue or defend against claims on the basis of the Controller’s legitimate interest in determining, pursuing or defending against claims (Article 6 (1) letter f of the GDPR).
Your data provided to the Controller in connection with requesting an answer to a question or handling a request will be processed until the User withdraws the consent or the Controller responds to a question or service request, whichever occurs first. After this period, the processing period may be extended by the time necessary to establish, pursue or defend against claims.
This functionality provided by the Controller can be used by any User who is at least 16 years of age and shares their e-mail address in order to receive a Newsletter containing commercial information regarding products, services, promotions and offers. Providing data indicated while subscribing to the newsletter is voluntary, but necessary in order to receive a newsletter containing commercial information regarding products, services, promotions, and offers.
This functionality provided by the Controller can be used by any User who is 16 years old and shares their phone number for direct marketing purposes, using telecommunications terminal equipment and automated calling systems. Providing the indicated data is voluntary, but necessary in order to receive marketing information.
Personal data are being processed:
- • in order to receive trade information regarding products, services, promotions and offers or for direct marketing purposes, performed using telecommunications terminal equipment and automated calling systems (by e-mail) to the indicated e-mail address – on the basis of voluntary consent (Article 6 (1) letter a of the GDPR
- • for possible determination, pursuing or defense against claims – legitimate interest of the Controller is the legal basis for processing (Article 6 (1) letter f of the GDPR) involving the determination, pursuing and defense against claims.
Personal data will be processed until the User withdraws the consent to data processing and then for the period necessary to establish, investigate or defend against claims. After this period, personal data will be anonymized or deleted.
VI. WEBSITE USER'S RIGHTS
We inform you that you are entitled to:
- the right to accessyour data and receive copies thereof
- the right to correct your data
- the right to remove data. If you feel there is no basis for us to process your personal data, you can request its removal.
- the right to object to the processing of data “Marketing” objection. You have the right to object to the processing of your data performed in order to conduct direct marketing. If you use this right – we will stop data processing for this purpose.Objection due to special situation. You have the right to object to the processing of your data on the basis of a legitimate interest for purposes other than direct marketing. Then you should indicate your particular situation, which in your view justifies the cessation of data processing. Unless we demonstrate that the basis for processing of your data is superior to your rights, we will stop processing your data for these purposes
- the right to submit an objectionagainst data processing. Objections due to a specific situation. You have the right to object to your personal data being processed on the basis of a legally justified interest when processing is necessary to complete a task being performed in the public’s best interest or to exercise public authority entrusted with us. You ought to indicate your particular situation which, in your opinion, justifies the cessation of personal data being processed covered by the objection. We will stop processing your data for these purposes, unless we prove that the basis for processing your data is superior to your rights or that your data is necessary to determine, pursue or defend against claims.
- the right to transfer data. You have the right to receive, in a structured, commonly used, machine readable format (e.g. “.csv” format), personal data you have provided on the basis of the contract or your consent. You can also commission us to send this data directly to another entity.
- the right to submit complaints to the supervisory authority.If you feel that we do not process your personal data in accordance with the law, you can submit a complaint to the President of the Office of Personal Data Protection.
- the right to withdraw consent to personal data processing. At any moment, you have the right to withdraw your consent to process data that is being processed on the basis of your consent. The withdrawal of consent shall not affect the right to processing conducted on the basis on your consent prior to its withdrawal.
You have the right to withdraw your consent to the processing of personal data at any time, which we process based on your consent. Withdrawal of consent will not affect the lawfulness of the processing which was carried out on the basis of your consent before its withdrawal.
In order to exercise the aforementioned rights, please contact us via traditional mail or e-mail using the following data:
KAZA DESIGN Sp. z o.o. based in Łodygowice, ul. Żywiecka 212, KRS: 0000381485, REGON: 241808110, NIP: 5532486891
(Monday to Friday, 08:00-16:00).
The application to exercise rights by the User should, if possible, include such elements as:
- specification of the right the person to whom data relates wants to exercise,
- objectives of processing which the request applies to,
- expected manner of examining the request.
VII. RECIPIENTS OF PERSONAL DATA
The Controller shall transfer personal data to entities it cooperates with when processing it to the extent deemed necessary to perform a given service or provide a functionality, suppliers responsible for IT systems, IT companies, hosting companies, Google LLC.
Data may be also transferred to other entities if there is a legal obligation to do so.
VIII. PROCESSING OF CHILDREN'S DATA
Services offered by the Controller as part of the Website are addressed to persons over 16 years of age. Therefore, the Controller does not knowingly process children’s personal data.
If the Website collects content not allowed for a minor, its legal representative may ask the Controller to correct, change or delete this information.
IX. DATA TRANSFER OUTSIDE THE EEA
Our partners have their registered offices mostly in the European Economic Area countries (EEA) or in Switzerland, considered a country meeting appropriate level of Personal Data Protection.
Some Partners like e.g. Google LLC, Instagram are based in various countries outside the EEA. Due to the transfer of your data outside the EEA territory, your data shall be sent to these entities on the basis of appropriate legal protection in the form of standard contractual stipulations of personal data protection approved by the European Commission.
Such transfer shall take place, provided that appropriate protection level of your data is provided and confirmed in particular by:
- cooperation with personal data processing entities in countries with regard to which a relevant decision of the Commission was issued;
- use of standard contractual clauses issued by the European Commission;
- use of binding corporate rules approved by a competent supervisory body;
- in the event of transferring data to the US – cooperation with entities participating in the Privacy Shield program approved by the European Commission’s decision.
Upon your request, we shall provide you with a copy of your data that shall be transferred beyond the EEA territory.
X. AUTOMATED DECISION MAKING
However, the Controller does not make the decisions concerning the User in an automated manner, including
XI. POLITYKA COOKIES
Cookie file is a small piece of text information sent by the server and saved on the device of the person visiting our Website (usually on the hard drive of computers or mobile devices). It stores information which the Website may need to adjust to the ways of using it by the visiting person and to collect statistical data relating to the Website.
Saving cookies on Users’ terminal devices depends solely on their will. This means that when you agree to the saving of cookies, these files can be temporarily stored in a designated space and read by their provider. The realization of the following objectives is also justified by the Controller’s legitimate interest in ensuring access to the Website and providing the highest possible level of services (Article 6 (1) letter f of the GDPR).
Cookies are used to support login registration, presentation and personalization of the Website content, handling forms, adjusting the content of the Website to the preferences of the given User, ensuring the proper operation of the Website and its functionality.
Cookies are also used to personalize the content and for functional, statistical, analytical and marketing purposes.
The legitimate interest of the Controller, consisting in marketing of its products and services, conducting statistical and analytical analyzes, and ensuring provision of services at the highest level, is the base for gathering information about Website Users.
The Website uses cookie files used to monitor traffic on the website, i.e. data analytics, including Google Analytics cookies belonging to Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), in short Google. Cookie files are saved on the User’s computer and then transferred to a Google server in the US and saved there. They are used by Google to analyse the way in which the Website is used by the User, to create statistics and reports on the Website functioning. In particular, Google prepares reports for the Controller containing information about demographic data, e.g. age, and also for advertising purposes. Using cookies allows you to display personalized ads, run marketing campaigns that are more interesting to the users, and at the same time more valuable to the publishers and advertisers. Google also uses conversion cookie files the primary purpose of which is to help advertisers to determine how many people clicking on their ads have actually bought their products. These files allow the advertisers to see if the user visited the advertiser’s website after clicking the ad.
Google does not use collected data to identify the Website’s User and does not connect such information to enable identification. The website uses anonymization of IP addresses, which means that within the EU member states or other countries being parties to the Agreement on the European Economic Area, IP address of the Website’s User shall be first shortened by Google. Full IP address is transferred to Google in the US and there it is shortened only in exceptional cases. With regard to exceptional cases in which personal data is transferred to the US, Google has EU-US Privacy Shield certification, https://www.privacyshield.gov/EU-US-Framework. It means that this entity has undertaken to use data protection principles binding within the European Union.
Article 6 (1) sentence 1 letter f of the GDPR is the legal basis for using Google Analytics i.e. the legitimate interest of the Controller consisting in conducting studies and statistics.
Google Analytics stores the collected data for 26 months.
Selection of proper settings in the web browser prevents the using and saving of cookie files on devices used by the Website’s User while browsing the Website. We are informing you, however, that it may entail not being able to use all the Website’s functions. You can also block Google from saving and processing data generated by cookie files related to using the website (including IP addresses of the Website’s Users). For this purpose, you have to download and install plug-ins for the browser available under the following link: Browser Add-on to deactivate Google Analytics
Google AdWords Remarketing
The Website uses Google AdWords Remarketing functions by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
The legal basis for data processing of the Website’s User is Article 6 (1) sentence 1 (f) of GDPR, that is a legally justified interest of the Controller consisting in direct marketing, conducting analyses and statistics.
Google AdWords uses remarketing technology which allows the Controller to address the Website’s Users (and thus persons who have visited the Website and this way become interested in the offer presented therein) with advertisements presented on websites of Google partners. The applied cookie files enable recognition of the Website’s Users during their visits on websites of our advertising partners, as well as display of advertisements tailored to the interest of Website’s Users. Interests of Website’s Users are also examined through cookie files.
Data saved in cookie files is not, however, used by Google AdWords to create profiles of the Website’s Users, and thus, they are not used to connect them with other personal data.
You can block Google from using cookie files by visiting www.google.com/privacy/ads. We inform you, however that it may entail not being able to use all the Website’s functions.
Change in cookie settings
Detailed information on changing the Cookie settings and their unassisted removal in the most popular web browsers is available in the web browser’s help section and at the following websites:
XII. SECURITY OF PERSONAL DATA
The Controller conduct risk analysis on a current basis to ensure personal data is processed in a safe manner – ensuring, above all, that data can be accessed only by authorized persons and only to the extent necessary to perform tasks thereby. The Controller ensures that all operations conducted using personal data are registered and performed only by authorized employees and co-workers.
The Controller undertakes all necessary actions to ensure that its subcontractors and other cooperating entities provide guarantees of using relevant safety measures in every case when processing personal data by order of the Controller.
The Controller may in the future change the Policy, e.g. due to the changes in binding regulations concerning personal data processing or other legislation, changes in services or functionalities offered via the Website, technological and technical solutions that may affect the provisions specified in the Policy.