This document will give you the details of the Controller of your personal data as well as inform you about the purpose, extent, and duration of processing of the data. You will also learn who will be given access to your data and on what conditions. You will also be told about your rights in relation to the processing of your data as set forth in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
1. General information.
No personal and address details provided by you will be in any way sold to any third parties or entities.
2. Information related to personal data.
Pursuant to Art. 13(1-2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR), we inform you that:
a) Data Controller.
The website administrator and data controller Regionalna Dyrekcja Lasów Państwowych, Adress: Toruń, ul. Mickiewicza 9, hereinafter referred to as Data Controller.
The Data Controller did not appoint a Data Protection Supervisor and is solely responsible for all the obligations related to personal data processing.
b) Processing purpose and grounds and the data retention period.
|Processing purpose||Processing legal grounds||Data retention period|
|Conclusion and performance of a services contract.||Art. 6(1)b of GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).||Data Controller will process personal data throughout the term of the contract.|
|Compliance with tax obligations.||Art. 6(1)c of GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case obligations under tax law).||Data Controller will process the above data for 5 years.|
|Contact form processing.||Art. 6(1)f of GDPR (processing is necessary for the purposes of a legitimate interest pursued by the Controller, in this case responding to the message received).||Data Controller will process the above data until an effective objection is made to the processing or the purpose of the processing is accomplished.|
|Compliance with obligations related to personal data protection.||Art. 6(1)c of GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case obligations under personal data protection regulations).||Data Controller will process the above personal data until the expiry of the limitation period of any claims for violation of personal data protection regulations.|
|Establishing, exercising and defending claims.||Art. 6(1)f of GDPR (processing is necessary for the purposes of a legitimate interest pursued by the Controller, in this case establishing, exercising and defending any claims which may arise in connection with provision of services or use of the website).||Data Controller will process the above personal data until the expiry of the limitation period of any claims which may arise in connection with provision of services or use of the website.|
|Analysing your activity on the website.||Art. 6(1)f of GDPR (processing is necessary for the purposes of a legitimate interest pursued by the Controller, in this case analysing your activity on the website).||Data Controller will process the above data until an effective objection is made to the processing or the purpose of the processing is accomplished.|
|Sending business messages - marketing of own services via e-mail.||After granting the consent prescribed by the regulations on provision of services by electronic means. Art. 6(1)f of GDPR (processing is necessary for the purposes of a legitimate interest pursued by the Controller, in this case sharing information on the current activities: products, services, promotions and innovations).||Data Controller will process the above personal data until the consent is revoked, an effective objection is made or the purpose of the processing is accomplished.|
|Complaint processing.||Art. 6(1)b of GDPR (under which personal data can be processed if they are necessary to perform a contract or to take steps to enter into a contract).||Data Controller will process personal data throughout the term of the contract.|
c) Consent withdrawal and objection.
You can withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal. You also have the right to object to processing of your personal data based on the legitimate interests pursued by the Data Controller. The Data Controller will discontinue the processing of your data for those purposes, unless the Data Controller can demonstrate that with regard to those data there are compelling legitimate grounds for the processing by the Data Controller which override your interests or fundamental rights and freedoms or the data will be necessary for the Data Controller to establish, exercise or defend claims, if any.
d) Recipients of personal data.
The personal data can be made available by the Data Controller to the following recipients:
- the domain name supplier,
- the entity providing tools for activity analysis on the Google Analytics website,
- the entity providing accounting services,
- the entity providing IT services.
Apart from that, occasionally the Data Controller may have to make your personal data available to other entities, private or public, under an applicable legal regulation or a decision of competent authorities. The Data Controller assures that each and every request for access to personal data is thoroughly analysed in order not to disclose the data to unauthorised parties.
e) Transfer to third countries.
Since the Data Controller uses the services of Google Analytics or Facebook Pixel, your personal data may be transferred to the following third countries:
- the United States of America – under the Commission Implementing Decision (EU) 2016/1250 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield.
- Chile, Singapore, and Taiwan (Republic of China) – under contractual clauses ensuring an adequate level of protection, compliant with the standard contractual clauses set forth in the Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council.
f) Rights of data subjects.
The Data Controller offers the possibility to exercise the rights listed below by use of email contact and every request in this respect will be complied with within 30 days of receiving it (if due to the complex nature of the request or the number of requests it is impossible for the Data Controller to comply with the request within 30 days, the request will be met within another month, with a prior notice given by the Data Controller of the intended extension of the period):
- Right to withdraw consent. Be advised, however, that withdrawal of consent may prevent further use of any services which by law can be provided by us only with your consent. What is more, withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right to object to data use. If the Data Controller processes data on the ground of a legitimate interest, an objection can be made to the use of data. If the objection proves justified, and the Data Controller has no other legal grounds for the data processing, the data concerned will be deleted.
- Right to erasure of data (“right to be forgotten”). Upon request, the Data Controller will erase the data in the event of consent withdrawal, a justified objection made against the use for marketing or statistical purposes, unlawful processing or if the data is no longer necessary for the purposes for which they were collected or for which they were processed. However, the Data Controller reserves the right to keep some personal data to the extent necessary for making back-up copies or establishing the purposes, exercising or defending claims, and for relations with state authorities.
- Right to restrict data processing. If it is contested that the data are accurate and their processing is lawful and necessary and if an objection is made.
- Right to rectification. The Data Controller, upon your request, shall rectify the data (in case of inaccurate data) and complete the data (in case of incomplete data).
Right to data portability. The Data Controller, upon your request, shall send a file, in pdf format or as otherwise agreed, containing your personal data to you or directly to another Controller as specified by you.
g) Right to lodge a complaint.
You have the right to lodge a complaint with the President of the Personal Data Protection Office if you decide that the processing of personal data violates the provisions of the GDPR.
h) Requirement to provide data and consequences of failure to provide data.
Providing personal data is voluntary, but necessary for you to use our services. As a consequence of your failure to provide the data you will not be able to use our offer.
Your personal data will not be subject to automated processing, including profiling.
3. Cookies policy.
Cookies are short text files stored on the computer, telephone or any other device used by you. There are the so-called own cookies, which can be read by us and which we use to ensure correct operation of our website. There are also the so-called external cookies read by the systems owned by third-party entities whose services we use.
The website uses two types of cookies: session cookies, which are deleted once you close the browser, log out or leave a website, and permanent cookies, which are stored on the user’s end device, which makes it possible to recognise the user’s browser next time the website is accessed until they are deleted by the user or until the time set in the parameters the specific cookies. You have the right to change the settings of cookies or to delete them. Cookies used on our website do not store any personal data or any other information collected from you.
- to identify the browser session, which facilitates the use of the website functions,
- to improve the website safety and using speed,
- to use analytical tools.
More information on cookies can be found at wszystkoociasteczkach.pl or in the "Help" section in the browser menu.
Our website uses the following tracking technologies:
- Plug-ins and other tools related to social media such as Facebook or Instagram.
4. Server logs.
Using our website involves sending inquiries to the server hosting the website.
Every inquiry to the server is stored in the server logs which include the IP address, date and time of visit, information on the browser and operating system used.The data stored in server logs are not linked to specific website users and are used as supporting material for administration purposes. Their content is not disclosed to authorised server administrators only.
Our policy is valid as of: 2021-08-13