1.1. Controller - NOWY STYL Sp. z o.o. with registered office at the address: ul. Pużaka 49, 38-400 Krosno, entered into the register of entrepreneurs of the National Court Register by the District Court in Rzeszów, XII Commercial Division of the National Court Register, under the KRS (National Court Register) number: 0000077550, NIP (tax payer's ID number): 6840009302, REGON (state statistical number): 370016299.
1.2. Personal data – any information about an individual identified or identifiable by one or more specific elements, including device IP, location data, internet identifier and information collected via cookies and any other similar technology.
1.4. GDPR – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing of Directive 95/46/EC.
1.5. Website - website maintained by the Controller at the address nowystylgroup.com, nowystyl.pl. nowystyl.com, nowystyl.fr, forumseating.com, forumseating.pl, forumseating.fr, bnos.com, grammer-office.com
1.6. User – any individual visiting the Website or using one or several services or functionalities described in the Policy.
2. PROCESSING OF DATA IN CONNECTION WITH THE USE OF THE WEBSITE
2.1. In connection with User's use of the Website the Controller collects data, to the extent necessary to provide specific services offered, and information on User's activities on the Website. Detailed principles and purposes of processing personal data collected during User’s use of the Website are described below.
3. PURPOSES AND LEGAL GROUNDS FOR the PROCESSING OF DATA ON THE WEBSITE
USE OF THE WEBSITE
3.1. Personal data of all persons using the Website (including IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Controller:
3.1.1. for the purpose of electronically providing services by making available to Users contents collected on the Website – then the legal grounds for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of GDPR);
3.1.2. for analytical and statistical purposes – then the legal grounds for processing is the legitimate interest of the Controller (Article 6(1)(f) of GDPR) which consists in analysing Users' activities and preferences in order to improve the functionalities used and services provided;
3.1.3. in order to establish and pursue any claims or defend against such claims – the legal grounds for processing is the legitimate interest of the Controller (Article 6(1)(f) of GDPR) consisting in the protection of Controller’s rights;
3.1.4. for marketing purposes of the Controller and other entities – the rules for the processing of personal data for marketing purposes have been described in the "MARKETING" section.
3.2. User's activities on the Website, including his or her personal data, are recorded in system logs (a special computer programme for keeping a chronological record with information on events and activities concerning the IT system used for the provision of services by the Controller). Information collected in logs is processed primarily for purposes related to the provision of services. The Controller also processes such information for technical and administrative purposes to ensure the security of the IT system and to manage that system, as well as for analytical and statistical purposes – in this regard, the legal grounds for processing is the legitimate interest of the Controller (Article 6(1)(f) of GDPR).
3.3. The Controller provides the opportunity to be contacted via electronic contact forms. To use a form, a User needs to provide personal data necessary to be contacted and receive a reply to his or her inquiry. A User can also provide other data to facilitate contact or the handling of his or her inquiry. Data marked as mandatory must be provided in order for the inquiry to be received and handled, and failure to provide such data will result in inability to provide service. Provision of other data is voluntary.
3.4. Personal data are processed:
3.4.1. to handle a request or respond to an inquiry sent via a contact form – the legal grounds for processing will be Controller’s legitimate interest (Article 6(1)(f) of GDPR); Controller’s legitimate interest is to enable the handling of requests and responding to inquiries from persons interested in the services or products of the Nowy Styl Group.
4.1 The Controller processes Users' personal data in order to carry out marketing activities which may consist in:
4.1.1. displaying to the User marketing contents not adjusted to User’s preferences (contextual advertising);
4.1.2. sending e-mail notifications about interesting offers or contents, which in some cases may contain commercial information (newsletter service)
4.1.3. carrying out other types of activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
4.2. The Controller processes Users' personal data for marketing purposes in connection with the directing of Contextual Advertising to Users (ie. advertising that is not adjusted to User's preferences). The processing of personal data then takes place in connection with the pursuing of Controller’s legitimate interest (Article 6(1)(f) of GDPR).
4.4. Personal data are processed:
4.4.1. for the purpose of providing the newsletter service – the legal grounds for processing is the necessity of processing for the performance of the contract (Article 6(1)(b) of GDPR);
4.4.2. where marketing contents are directed to User as part of the newsletter, the legal grounds for processing, including profiling, is Controller’s legitimate interest (Article 6(1)(f) of GDPR) in connection with consent to receive the newsletter which has been given;
4.4.3. for analytical and statistical purposes – the legal grounds for processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR), consisting in analysing Users' activities on the Website in order to improve the functionalities used;
4.4.4. for the purpose of establishing and pursuing any claims or defending against such claims – the legal grounds for processing is the legitimate interest of the Controller (Article 6(1)(f) of GDPR).
4.5. User's personal data can also be used by the Controller to direct marketing contents to the User via various channels, ie. by e-mail, MMS/SMS or phone. Such actions can be taken by the Controller only if the User has given consent to them, which can be cancelled at any time. Provision of personal data for marketing purposes is voluntary.
5. SOCIAL NETWORKING SITES
5.1. The Controller processes personal data of Users visiting Controller’s profiles kept on social networking sites (Facebook, YouTube, Instagram and Twitter). Such data are processed only in connection with the keeping of the profile, including to inform Users about Controller’s activities and to promote various types of events, services and products. The legal grounds for the processing of personal data by the Controller for this purpose is Controller’s legitimate interest (Article 6(1)(f) of GDPR) consisting in promoting Controller’s own brand.
5.2. The Controller processes Users' personal data included in the Facebook Lead Ad form and the Lead Gen Forms form used on LinkedIn.
5.3. User's personal data indicated in the form referred to under Article 5.2. are processed:
5.3.1. to provide User with marketing information about Controller’s products and services (as part of the newsletter service) - the legal grounds for processing will be Controller’s legitimate interest arising from User’s request for marketing information to be sent electronically to the e-mail address and/or telephone number SMS/MMS provided;
5.3.2. to make User’s personal data available to other companies in the Nowy Styl Group for their marketing purposes – the legal grounds for processing will be User’s consent to the processing of data for that purpose (where consent is not given, User’s personal data will not be processed for that purpose).
5.4. Provision of personal data for marketing purposes is voluntary.
6. COOKIES AND SIMILAR TECHNOLOGY
6.1. Cookies are small text files installed on the device of a User browsing the Website. Cookies collect information facilitating the use of the website – e.g. by recording User's visits to the Website and activities carried out by the User.
6.2. Cookies are used for the following purposes:
6.2.1. customization of the contents of web pages on the Website to match User preferences and optimization of web page use; in particular, these files can be used to recognize Website User's device and display a web page appropriately, customized to his/her individual needs;
6.2.2. developing statistics to help understand how Website Users use web pages, to be able to improve their structure and contents;
6.2.3. a marketing purpose in connection with the directing of contextual advertising to Users (ie. advertising that is not adjusted to User's preferences).
6.3.1. analysing Users' activities and preferences in order to improve functionalities used and services provided; and
6.3.2. directing contextual advertising to Users (ie. advertising that is not adjusted to User's preferences).
6.4. The following types of cookies are used as part of the Website:
6.4.1. session cookies and persistent cookies. Session cookies are temporary files stored on User's terminal unit until user leaves the website or shuts down the software (web browser); Persistent cookie files are stored on User's terminal unit for a time specified in cookie parameters or until removed by the User;
6.4.2. indispensable cookies which enable the use of services available on the Website, eg. authentication cookies used for services that require authentication on the Website;
6.4.3. cookies used to ensure security, e.g. used to detect authentication abuse on the Website;
6.4.4. performance cookies, enabling the collection of information on how pages of the Website are used;
6.4.5. functional cookies, enabling the "memorization" of settings selected by the User and personalization of User's interface, e.g. regarding User’s selected language or region, font size, website appearance etc.;
6.6. In many cases browser software (web browser) allows storing cookies on User's terminal unit by default. Website Users are able to change cookie settings at any time. Those settings can be changed in particular so as to block automatic cookie support in web browser settings, or notify the User each time cookies are submitted to Website User's device. Detailed information about whether and how cookies can be supported are available in software settings (web browser) and in help files available in browser menu.
7. PERSONAL DATA PROCESSING PERIOD
7.1. The period of data processing by the Controller depends on the type of service provided and the purpose of the processing. As a rule, data is processed for the duration of the provision of a service or the performance of an order, until a previously expressed consent is withdrawn or an effective objection to data processing is made, in cases where the legal grounds for data processing is the Controller’s legitimate interest.
7.2. The data processing period may be extended where processing is necessary to establish, pursue or defend against any claims, and after that period only where and to the extent that it is required by law. After the end of the processing period data is irreversibly deleted or anonymized.
8. USER RIGHTS
8.1. User has the right to: access the content of data and request its rectification, deletion, restriction of processing, the right to transfer data and the right to object to the processing of data, as well as the right to lodge a complaint with the supervisory body in charge of personal data protection.
8.2. To the extent that User's data are processed based on consent, such consent may be withdrawn at any time by contacting the Controller at the following address: email@example.com
8.3. The User has the right to object to the processing of data for marketing purposes if the processing takes place in connection with Controller's legitimate interest, and – for reasons related to a special situation of the User - in other cases where the legal grounds for data processing is a legitimate interest of the Controller (eg. in connection with the pursuit of analytical and statistical objectives).
8.4. For more information about rights arising from GDPR, please see here.
9. DATA RECIPIENTS
9.1. In connection with the performance of services, personal data will be disclosed to external entities, including in particular providers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing accounting services, couriers (in connection with the delivery of an order), marketing agencies (within the scope of marketing services) and entities associated with the Controller, including companies in Controller’s capital group.
9.2. If User’s consent is obtained, User’s data may also be made available to other entities for their own purposes, including marketing purposes.
9.3. The Controller reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information on appropriate legal basis and in accordance with applicable law.
10. TRANSFERRING DATA OUTSIDE THE EEA
10.1. The level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers personal data outside the EEA only when necessary and ensuring an adequate level of protection, primarily through:
10.1.1. cooperation with personal data processors in countries in respect of which an appropriate decision of the European Commission has been issued;
10.1.2. application of standard contractual clauses issued by the European Commission;
10.1.3. application of binding corporate rules approved by the competent supervisory authority;
10.1.4. where data is transferred to the USA – cooperation with entities participating in the Privacy Shield programme approved by the decision of the European Commission.
10.2. The Controller always gives notice of its intention to transfer personal data outside the EEA at the collection stage.
11. SECURITY OF PERSONAL DATA
11.1. The Controller conducts risk analysis on an ongoing basis to ensure that personal data is processed in a secure manner ensuring, above all, that only authorized persons have access to data, and only to the extent that is necessary given tasks performed by those persons. The Controller ensures that all operations on personal data are recorded and performed only by authorized employees and associates.
11.2. The Controller takes all necessary measures to ensure that his subcontractors and other cooperating entities guarantee that appropriate safety controls are applied whenever they process personal data at the request of the Controller.
12. CONTACT DETAILS
12.1. Controller can be contacted via e-mail at the address firstname.lastname@example.org or to mailing address: ul. Pużaka 49, 38-400 Krosno, Poland.
13.1. The Policy is reviewed on an ongoing basis and updated as necessary. The current version of the Policy was adopted on 25 May 2018.