We are glad you are reading this information. We want you to know what will happen to your data, when you contact us, establish and maintain business relationships or ask for an offer. You will find here also couple of words about cookies files. Therefore, we invite you to read this text!
I. What is the most important here?
1.1 For formal reasons, we kindly inform you that the administrator of personal data within the meaning of the provisions on the protection of personal data, including the notorious GDPR is Crimston, a company limited liability company with its registered office in Warsaw (02-017), at Al. Jerozolimskie 123A, entered in the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register under KRS number 0000795227, NIP 701-09-36-221, REGON 383906152, share capital PLN 5,000.00, e-mail address: email@example.com, hereinafter referred to as “we” in appropriate case according to a definition in Polish.
1.2 When you decide to use the services we offer, in particular, you send a contact form, before we start work, we will need your personal data. But even if you simply contact us using an e-mail address or telephone, you provide us with your details. We know how valuable personal information is, so we guarantee that your data will remain confidential, we will not sell it to anyone, and we will make it available only if it is necessary or expedient to ensure the highest quality of services we provide or in cases specified by law.
1.3 GDPR provides you with multiple rights due to the fact that we process your data. We respect all of it as much as possible. For details, read below. In order to exercise your rights, please contact:
- By e-mail: firstname.lastname@example.org
- By post: 02-117 Warszawa ul. Al. Jerozolimskie 123 A.
1.4 We can offer you the opportunity to use social functions, i.e. sharing content on social networks and profile subscriptions. This results in the possibility of using cookies for social network administrators, as far as it regards to Facebook, Google+, Instagram.
1.5 We use Google Analytics analytical tools to collect information about your activity on our website. To this end, Google LLC cookies are used.
1.6 We also use Facebook Pixel – a marketing tool used to address personalized ads on Facebook. This is related to the use of Facebook cookies.
1.7 In order for the website to function properly, we use our own cookies.
In short, that’s it. If you need more information, we encourage you to read on. 😊
II. Rules for processing personal data
2. We declare that we exercise due diligence to protect your rights and freedom in connection with the fact that we process your data. At the same time, we ensure that your data is processed:
2.1 In consistency with legal rules, reliably and in a manner transparent to you – “compliance with the law, reliability and transparency“;
2.2 For specific, explicit and legitimate purposes, it is not further processed in a manner inconsistent with these purposes – “purpose limitation”;
2.3 Adequately, appropriately and in a limited way to what is necessary for the purposes for which it is processed – “data minimization“;
2.4 Correct and, if necessary, personal information is updated – “correctness“;
2.5 In a form allowing your identification for a period not longer than it is necessary for the purposes for which the data is processed – “storage restriction“;
2.6 In a manner providing adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures – “integrity and confidentiality“.
III. Purpose and legal basis for processing personal data
3. Your data is processed in order to:
3.1 carry out marketing activities, including providing electronic services;
3.2 make a contact;
3.3 establish and maintain business relationships.
4. Your data may also be processed for the purpose of possible handling of complaints and other claims, i.e. determination, investigation and defense against claims resulting from our activities – pursuant to art. 6 par. 1.f of GDPR.
5. If it is necessary to issue and store invoices and other accounting documents, your data will be processed on the basis of art. 6 par. 1. c of GDPR and accounting and tax regulations.
6. If you contact us, for example by using our e-mail addresses available on the website, you provide us with your e-mail address using the reservation form – also: name and surname, telephone number and other personal data, depending on what you write in the message, and if you use the chat available on Facebook – the name under which you operate on this website and other data that you want to communicate us at your own discretion. In this case, your data will be processed in order to contact you on the basis of art. 6 par. 1.a of GDPR, because by making contact with us, you consent to the processing. However, after the contact, the basis for further data processing is art. 6 par. 1.f of GDPR because the archiving of correspondence in order to show its content in the future is our justified goal.
7. In case you provide us with a cooperation offer or we will ask you for a business relationship, the basis for the processing of your personal data will be Art. 6 par. 1 point b or f. of GDPR.
IV. The scope of processed personal data or what data do we process?
8. This is a good place to remind you that we process only data that is necessary to achieve the goal, for which they have been collected and to a wider extent only when the law obliges us to do so.
8.1 In the case of establishing business relationships, we process contact details: first name, last name, telephone number and e-mail address and company if you are an entrepreneur, moreover, if you order a club card or booking order, we process your declaration of age.
8.2 The data processed in the scope of contact include your e-mail address and other data which you can provide us with your own subject.
8.3 In addition, we can process other categories of data required by law, e.g. NIP, if you ask for a VAT invoice for the entrepreneur.
V. Period of processing personal data
9. If we process data on the basis of your consent, the data will be processed until withdrawal of consent, and in other cases – only until the time necessary to achieve the purposes for which they were collected.
10. The data processed in order to establish, investigate and defend against claims resulting from our operations will be processed until the claims are expired, in accordance with legal rules.
11. Data processed in connection with the need to issue and store invoices and other accounting documents will be processed within 5 years from the end of the tax year in which the operation was performed, unless the provisions specifying the period of data storage for this purpose change.
12. Data processed for the execution of the contract will be processed until it is executed and processed to establish business relationships – to conclude a contract.
VI. Where do we get personal data from?
13. We collect personal data directly from you – you provide them to us by initiating a contact. Only in the case of data processing in order to establish business relationships, we can obtain data from publicly available sources or from an entity acting on your behalf.
VII. Who we share your personal information with?
14. Access to your personal data may have:
14.1 Individuals with whom we cooperate – on the basis of an appropriate authorization;
14.2 Entities we work with and entrust your data with, in order to provide the highest quality of services. It is about providers of IT and hosting services, legal and accounting services. These entities, as entities mentioned in point 15.1, process your personal data on our behalf and only for the purposes set out in this document. In particular:
14.2.1 Zenbox.pl with its registered office in Częstochowa (42-200), Dąbrowskiego 7, NIP: 949-219-10-21 REGON: 242888558 – to store data on the website’s server;
14.2.2 Tax Service Sp. z o.o. with headquarters in Warsaw, ul. Willowa 8/10 lok. 28, 00-790 Warsaw – in the field of invoicing bills and invoices and keeping accounts;
14.2.3 Google LLC – to use Google services.
14.3 Other entities, in particular state administration bodies, only to the extent and under the terms of applicable law.
VIII. What rights do you have in processing your data?
15. First of all, we would like to inform you that providing data is voluntary, but necessary to achieve the goals set out in this document.
16. Please be advised that no personal data is processed in automatic decision-making processes (profiling).
17. We cannot miss the fact that you have the right to:
17.1 Access to your data, based on art. 15 of GDPR
17.2 To correct their data, pursuant to art. 16 of GDPR
17.3 To request the deletion of data, i.e. the famous “right to be forgotten“. Keep in mind, however, that this right is not absolute, because it is granted in cases specified in art. 17 sec. 1, subject to the exceptions specified in art. 17 sec. 3 of GDPR;
17.4 To limit processing in cases specified in art. 18 GDPR; as well as to
17.5 Transfer of data to another administrator, but only in cases specified in art. 20 of GDPR.
18. At your request, we will provide you with a copy of your data, with each subsequent copy that you ask us to provide after you collect a reasonable fee.
19. You also have the right to withdraw your consent to the processing of your data at any time. However, you should know that it will not affect the correctness of processing before the consent is withdrawn.
20. Please be advised that regardless of all of the above rights, you have the right to object to the processing of your personal data for reasons related to your particular situation, if the basis for processing is art. 6 par. 1.f. Therefore, if the basis of processing is our legitimate interest. In this case, we will not be able to process your personal data at the above-mentioned basis, unless we demonstrate the existence of valid, legally substantiated grounds for data processing, superior to your interests, rights and freedom, or grounds for investigation, determination or defense of claims. However, if your objection concerns data processing for direct marketing purposes, it will be absolutely binding for us.
21. In order to use any of the above permissions, contact us:
- By e-mail: email@example.com
- By post: 02-117 Warszawa ul. Al. Jerozolimskie 123 A.
22. The safety of your data is very important to us. However, if you decide that by processing personal data, we violate the provisions of the GDPR, you can submit a complaint to the President of the Office of Personal Data Protection.
IX. Cookies files and similar technologies
23. Cookies, but what is it ?
23.2 Cookies are small pieces of information consisting of a number of letters and numbers. They make the user’s life easier enabling memorizing his preferences and personalizing websites. They are not dangerous, do not modify configuration settings in end devices, i.e. computers, smartphones or tablets, do not affect the software installed on these devices or cannot be used to carry viruses. What is important, they can be turned off entirely or partly by the user from the web browser settings.
23.3 Typically, session cookies are distinguished, which are automatically deleted when the web browser is closed and persistent (permanent) cookies that remain in the browser’s memory for a long time, also after its closure.
23.4 You should also know about the distribution of cookies in own and third party cookies. The first ones are installed on the user’s end device by the administrator of the given page, in this case they can be read by us. By using a cookie file, we receive a declaration of your age from the user. On the other hand, third party cookies are read by IT systems of these third parties, with the exception of the administrator of the given website. We have devoted the whole section X. Third-Party cookie files to a third-party cookie files – see below.
24. Since you already know what is going on with these cookies, we would like to inform you that:
24.1 The administrator of the website maintained at https://crimston.pl are we. We place your own cookies on your end device and we can read them.
24.2 Please be advised that we do not automatically collect any data, including non-personal data, other than through “cookies”.
25.In order to administer cookie settings, select the web browser you use from the list below and follow the instructions:
26. If you do not change your cookie settings, it means that you accept the default settings of your browser. We also reserve that disabling cookies may hamper, and in some cases prevent, the use of our website and other websites.
X. Third party cookies
27. Google Analytics cookies
27.1 As mentioned in the introduction, we use the Google Analytics tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA to create statistics and their analysis aimed at optimizing our website.
27.2 Google Analytics automatically collects information about how you use our website. The information collected in this way is most often transmitted to servers in the United States and stored there.
27.3 We have activated the anonymization of the IP address of the user of our website, thanks to which your IP address is shortened before forwarding. Only in exceptional cases, the full IP address is forwarded to a Google server in the United States and shortened there. The anonymized IP address provided by your browser as part of Google Analytics is not combined with other Google data, as provided by Google LLC.
27.4 For your information, please note that Google LLC has a registered office in the USA and uses technical infrastructure located in the USA, where GDPR and other European Union regulations do not work. Nevertheless, wanting to operate legally in European Union countries, including Poland, Google LLC joined the EU-US-Privacy Shield program to ensure an adequate level of protection of personal data required by European regulations. Under the agreement between the US and the European Commission, the latter has found an adequate level of data protection for companies certified by Privacy Shield.
27.5 You can prevent the data collected by cookies concerning the use of your website by Google by you, from being recorded by Google from being used on our site, as well as Google’s processing of this data by installing the browser plug-in at the following address: https://tools.google.com/dlpage/gaoptout.
28. Facebook Cookies – Pixel Facebook
28.1 We use the marketing tools offered by Facebook and Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA. As part of these tools, we address advertising on Facebook.
28.2 Facebook’s Pixel automatically collects information about how you use our website for browsed websites. The information collected in this way is most often transmitted to the Facebook Inc. server in the United States and stored there.
30. If you want to know more about how social network administrators referred to in paragraph 29 process personal data and cookies, we refer to the regulation of these administrators (click on the link or paste the appropriate address in the window of your browser):
- Facebook – https://www.facebook.com/legal/FB_Work_Privacy,
- Instagram – – https://help.instagram.com/519522125107875?helpref=page_content
- Google – https://policies.google.com/privacy?hl=pl
31. Server logs. Using this site, as well as any other, involves sending queries to the server hosting the website. Each such query is saved in the server logs. The logs include, among others: your IP address, time of arrival of the query and time of sending the answer, information about your web browser. We do not combine this data with any of your personal information or use it to identify any person.
32. This regulation in this wording is effective from January 01, 2020.