I. BASIC TERMS

• Administrator – RomiCore Sp. z o.o. with its seat in Białystok (15-201), 107/3 Warszawska Street, e-mail address: [email protected],
• User – any natural person whose personal data is processed by the Administrator,
• Personal data – all information about an identified or identifiable natural person through one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity, as well as device IP, location data, online identifier and information collected through cookies and similar technology.
• RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
• Service – IT solution located on the Internet address romicore.pl which includes, among others, the complex of services provided electronically for Users.
• Processing of personal data – any operation performed upon personal data, such as collection, recording, storage, processing, alteration, disclosure and erasure, in particular those performed on computer systems;
• Violation of personal data protection – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.

II. PROCESSING OF PERSONAL DATA AND INFORMATION ON FORMS

1. The personal data of the Service Users may be processed by the Data Controller in case:
   1. when the Service User gives their consent to this in the forms posted on the Service, in order to take the action to which these forms relate (Article 6(1)(a) of the RODO);
   2. where processing is necessary for the performance of a contract to which the Service User is a party (Article 6(l)(b) RODO),
   3. in order to handle complaints – the legal basis for processing is that the processing is necessary for the performance of the contract (Article 6(1)(b) of the RODO);
   4. in order to fulfil a legal obligation to the Administrator (Article 6(1)(c));
   5. in order to possibly establish and assert or defend against claims – the legal basis for the processing is the legitimate interest of the Administrator in protecting your rights (Article 6(1)(f) RODO).
   6. for marketing purposes of the Administrator, consisting in informing the User about the current offer and new functionalities of the Service – the legal basis for the processing is consent (Article 6 (1) (a) RODO),

1. Administrator processes Service User’s personal data to the extent necessary for the purposes set forth in Section 1 above and for the period necessary to achieve such purposes, or until Service User withdraws consent. Failure to provide data by Service User may in certain situations result in the impossibility of accomplishing the purposes for which such data are necessary.
2. The Administrator may send commercial e-mails provided that the Service User has agreed to this.
3. The controller shall keep the register of persons authorised to process the data. The persons authorised to process the data shall be obliged to keep the personal data and the ways of securing them in strict confidentiality.
4. The controller and persons authorised to process such data shall apply technical and organisational measures to ensure the protection of personal data processed.
5. The following personal data of a Service User may be collected by means of forms placed in the Service or in order to execute agreements possible to be concluded within the Service: name, surname, address, electronic mail address, telephone number.
6. Data included in the forms, provided to the Administrator by the Service User, may be transferred by the Administrator to third parties, cooperating with the Administrator in connection with the Administrator’s performance of the purposes specified in point 1.
7. Data included in the forms, provided to the Administrator by the Service User, may be transferred by the Administrator to third parties, cooperating with the Administrator in connection with the Administrator’s performance of the purposes specified in point 1.
8. Data provided in the forms placed on the Website shall be processed for the purposes resulting from the function of a given form; moreover, they may be used by the Administrator also for archival and statistical purposes. The consent of the data subject shall be expressed by ticking the appropriate box on the form.
9. The User of the Website, where the Website so provides, by ticking the appropriate box in the registration form, may refuse or consent to receive commercial information by means of electronic communication, pursuant to the Act of 18 July 2002 on Electronic Provision of Services (Dz. U. of 2002, No. 144, item 1024 as amended). If a Service User has given their consent to receive commercial information by means of electronic communication, they have the right to withdraw such consent at any time. Exercising the right to revoke the consent to receive commercial information is done by sending by e-mail to the address of the Administrator the appropriate request together with the name of the Service User.
10. The Administrator processes personal data of Users who visit the Administrator’s profiles maintained in social media (Facebook, Instagram, YouTube, Twitter, Google+, Linkedin). This data is processed in order to inform Users about the Administrator’s activities, to offer services, as well as to communicate with Users through tools available in social media. The legal basis for the processing of personal data for this purpose is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO) consisting in promoting its own brand and the services offered, as well as building and maintaining a community associated with the brand.
11. Within the Website, the Administrator may automatically adjust certain content to the User’s needs, i.e. carry out profiling, using the personal data provided by the User. Such profiling consists mainly in automatic assessment of products in which the User may be interested on the basis of his/her current Internet activities, including the Administrator’s website, and displaying of product advertisements profiled in this manner. Profiling performed by the Administrator does not result in making decisions causing legal effects towards the User or affecting him/her in a similarly significant manner.

III. USERS RIGHTS

1. In accordance with Articles 15 – 22 of the RODO, each User of the Service has the following rights:
   a) right to information about the processing of personal data – the person making such a request shall be informed by the controller about the processing of personal data, the purposes and legal basis of the processing, the scope of the data held, the entities to which the personal data are disclosed and the planned date of their erasure;
   b) the right to obtain a copy of the data – The Administrator shall provide a copy of the data processed concerning the person making the request;
   c) right of rectification – The Administrator shall, at the request of the Participant, rectify any inconsistencies or errors concerning the personal data processed, and shall complete or update such data if it is incomplete or has changed;
   d) right to erasure – You may request the erasure of data whose processing is no longer necessary for any of the purposes for which they were collected;
   e) the right to restrict processing – on this basis the Controller shall cease to carry out operations on the personal data, with the exception of those operations to which the data subject has given his consent and their storage in accordance with the retention rules adopted, or until the reasons for the restriction of the processing cease to exist (e.g. a decision is issued by a supervisory authority allowing for further processing);
   f) right to data portability – on this basis, to the extent that the data are processed in connection with a contract concluded or consent given, the controller shall issue the data provided by the data subject;
   g) the right to object to processing for marketing purposes – The data subject may object at any time to the processing of personal data for marketing purposes, without having to justify such objection;
   h) the right to object to other purposes of the processing – the data subject may object to the processing of personal data at any time. The objection in this respect shall contain a statement of reasons and shall be subject to review by the Administrator;
   i)right of withdrawal of consent – where data are processed on the basis of consent, the data subject shall have the right to withdraw that consent at any time, which shall not affect the lawfulness of processing carried out before the withdrawal of consent;
   j) right of complaint – If the processing of personal data is considered to be in breach of the provisions of the RODO or other data protection legislation, the data subject may lodge a complaint with the supervisory authority.
2. A request for the exercise of data subjects’ rights can be made:
   a) in writing to the address: RomiCore Spółka z o.o. with its registered office in Białystok (15-201), ul. Warszawska 107/3
   b) by e-mail to: [email protected]
3. Applications will be responded to within one month of receipt. If it is necessary to extend this period, the Administrator will inform the applicant of the reasons for such extension.
4. The reply will be sent to the e-mail address from which the application was sent and, in the case of applications sent by post, by registered mail to the address indicated by the applicant, unless it is clear from the text of the letter that the applicant wishes to receive the reply to the e-mail address (in which case the e-mail address must be provided).

IV. COOKIES AND SIMILAR TECHNOLOGY

1. The website uses cookies.
2. Cookies (so-called „cookies”) are IT data, in particular text files, which are stored in the Service User’s terminal equipment and are intended for use on the Service’s websites. Cookies usually contain the name of the website from which they come, the time of storing them on the terminal equipment and a unique number.
3. The Administrator is the entity placing cookies on the Website User’s terminal equipment and accessing them.
4. Cookies are used for, among other things:
   a) creation of statistics which help to understand how users of the website use the website;
   b) Maintaining the session of the website user (after logging in), thanks to which the User does not have to enter the login and password again on each subpage of the website;
   c) defining a profile of a User in order to display him/her customised materials in advertising networks, in particular the Google network.
5. There are two main types of cookies used on the Website: „session” (session cookies) and „permanent” (persistent cookies). Session” cookies are temporary files that are stored in the final device of the User until logging out, leaving the website or switching off software (web browser). „Permanent” cookies are stored in the User’s terminal equipment for the time specified in the parameters of cookies or until they are deleted by the User.
6. Web browsing software (internet browser) usually allows the storage of cookies in the User’s terminal equipment by default. Users of the Website may change their settings in this respect. Internet browser allows to delete cookies. It is also possible to block cookies automatically. Detailed information on this subject is contained in the help or documentation of the Internet browser.
7. Restrictions on the use of cookies may affect some of the functionality available on the Website.
8. The Administrator uses Google Analytics product to collect statistics, thus the data of the User visiting the Website will be received by Google, 1600 Amphitheatre Parkway Mountain View, CA 94043 United States. Google is certified in the Privacy Shield programme. As part of an agreement between the United States and the European Commission, the latter has determined an adequate level of data protection for companies that are Privacy Shield certified. It is possible to prevent Google Analytics from accessing your data by installing a plug-in in your browser, which can be found at the following link: https://tools.google.com/dlpage/gaoptout/ If you are interested in the details related to data processing within Google Analytics, we encourage you to read the explanations prepared by Google: https://policies.google.com/privacy?hl=pl.
9. The Administrator also uses marketing tools available within the Facebook service and provided by Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA.  These tools target advertising on Facebook. Activities in this area are carried out on the basis of legitimate interest in the form of marketing of own products or services. In order to target advertisements personalised to the behaviour of users visiting the www.romicore.pl website, a Facebook Pixel has been implemented on the website, which automatically collects information on the use of the website. The information collected in this way is usually transmitted to a Facebook server in the USA and stored there. The information collected within the Facebook Pixel is anonymous, i.e. it does not allow the User to be identified. The Administrator is only informed as to what actions the User has taken within the scope of his page. Facebook may, however, combine this information with other information about you collected as part of your use of Facebook and use it for its own purposes, including marketing. Such activities of Facebook are no longer dependent on the Administrator, and information about them is described in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation. From your Facebook account, you can also manage your privacy settings. Facebook Inc. is based in the USA and uses technical infrastructure located in the USA. In order to ensure an adequate level of data protection as required by European legislation, Facebook has joined the EU-US-Privacy Shield programme. As part of an agreement between the US and the European Commission, the latter has determined an adequate level of data protection for companies with Privacy Shield certification.
10. In order to provide Users with additional information, the www.romicore.pl website contains links to websites administered by entities independent of the Administrator, i.e. Facebook, Instagram, Twitter LinkedIn, Google+, or You Tube. Separate privacy clauses or policies may apply to them. The Administrator encourages you to familiarise yourself with their content.
11. With regard to any websites, to which links are provided in the Service, and which are not owned or controlled by the Administrator, the Administrator does not bear any responsibility for their content, nor for the rules of information confidentiality protection applicable to the Users. By displaying a website containing such a link, the User’s browser will establish a direct connection to the servers of the administrators of social networking sites (service providers). The content of the plugin is transmitted by the respective provider directly to the User’s browser and integrated into the website. Thanks to this integration, the service providers receive information that the user’s browser displayed the administrator’s page, even if the user does not have a profile with the given service provider or is not logged in at the moment. Such information (along with the IP address) is sent by the User’s browser directly to the server of the given service provider (some servers are located in the USA) and stored there. If the User is logged into one of the social networks, the service provider will be able to directly associate the visit to the Administrator’s website with the User’s profile in that social network. If the User uses the respective plug-in, e.g. by clicking on the „Like” or „Share” button, the respective information will also be sent directly to the server of the respective service provider and stored there. Furthermore, this information will be published on the respective social network and will appear to the persons added as contacts of the User. The purpose and scope of the data collection and further processing and use of the data by the service providers, as well as the possibility for the user to contact the service provider, his/her rights in this respect and the possibility to make settings to ensure privacy are described in the privacy policy of the respective service provider.
12. If the User does not want the social networks to attribute the data collected during visits to the Administrator’s website directly to the User’s profile on a given website, he/she should log out from that website before visiting it. The User may also completely prevent the website from loading plug-ins by using appropriate extensions for his/her browser, e.g. blocking scripts.

V. SERVER LOGS

1. Using the website involves sending requests to the server, on which the website is stored. Each query sent to the server is recorded in the server logs.
2. The logs include the User’s IP address, the date and time of the server, information about the Internet browser and the operating system used. The logs are saved and stored on the server.
3. The data saved in server logs are not associated with specific persons using the website and are not used by the Administrator to identify the User.
4. Server logs constitute only auxiliary material used to administer the website, and their content is not disclosed to anyone except persons authorised to administer the server.

VI. FINAL PROVISIONS

1. The privacy policy is continuously reviewed and updated as necessary.
2. This privacy policy is effective as of 25.05.2018.