The personal data processor is Blu Experience sp.z o.o. with headquarters in Krakow, ul. Warszawska 1531-155 Kraków, entered into the Register of Entrepreneurs of the National Court Register by the District Court for Kraków-Śródmieście in Kraków XI Commercial Division of the National Court Register under the number 0000495773, NIP: 9452177517, REGON: 123030655, with a share capital of PLN 50,000.00.
Personal data collected by the Administrator are processed under the provisions of Regulation (EU) 2016/679 of the European Parliament and the Council of 27/04/2016 on the protection of individuals concerning the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection) (Journal of Laws UE L 119, p. 1), hereinafter referred to as: “GDPR”.
Capitalized words have the meaning given to them in the Platform’s regulations.
The administrator makes special efforts to protect the privacy and information provided to him. The administrator with due diligence selects and applies appropriate technical measures, including programming and organizational measures, ensuring the protection of the data being processed, in particular, protects the data against unauthorized disclosure, disclosure, loss and destruction, unauthorized modification, as well as against their processing in violation of applicable law.
The addressees of the Platform Services are not persons under 16 years of age. The personal data administrator does not provide for the deliberate collection of data on persons under 16 years of age.
The Platform may use the so-called Plugins and other social media tools, including, in particular, enabling the User to share content with other users of these websites or order them as part of the account at the provider of the portal. The providers of these services may also process personal data as independent administrators. In this case, the Administrator and the plug-in provider are joint controllers of personal data.
Personal data administrator – you can contact the personal data administrator via:
• registered letter sent to the postal address: in ul. Szachowa 1, 04-894 Warszawa
• e-mail messages to the following address: email@example.com
• interactive chat available on the Platform.
PURPOSES AND BASIS FOR THE PROCESSING OF PERSONAL DATA
The personal data administrator processes your personal data for the following purposes and scope:
• to contact the User – if you contact us via an interactive chat available on the Platform – for this purpose, we may process your personal data provided as part of the chat form, data regarding the device session, operating system, browser, location and a unique ID, IP address;
• to establish, pursue and enforce claims and defend against claims in court proceedings and other enforcement authorities – for this purpose we may process your personal data necessary to prove the existence of a claim or which result from a legal requirement, court order or other legal procedure;
• considering complaints, complaints and requests as well as answers to Users’ questions – for this purpose, we process the personal data provided by you in the contact form, complaints, complaints and requests, and questions contained in a different form. For this purpose, we also process other personal data provided by you, including data contained in documents attached to complaints, complaints and requests;
PERSONALIZED ADVERTISING AND SOCIAL PLUGINS
Due to the use of the so-called social plugins, including those enabling the User to share content or their instructions with other users of these websites as part of their account with the provider of a given portal, the providers of these websites may also process your personal data as independent administrators. When you visit the Platform, the browser you use may make a direct connection with the servers of entities providing these plug-ins/tools, thanks to which these entities receive information about your use of the Platform and, inter alia, Your IP address. Such information may be sent regardless of whether you have an account on the website of such entity and whether you are currently logged in to it. If you have an account with such an entity and you are logged in to it, this information may additionally be linked and assigned to your account on the social network. Certain content may also be published as part of your profile on social networks and visible to other users of such websites, including in particular those with whom you establish relationships.
If you do not want the providers of plug-ins/tools / social networking sites to assign your data collected when entering the Platform to your profile with a given provider, then before entering the Platform, make sure you log out of this social networking site. Remember that you can also prevent the loading of plugins on the website by using appropriate mechanisms within the browser you use – by its settings.
The administrator tries to exercise due diligence to select only software, including the above-mentioned plugins, from reputable entities that broadly define their rules for the protection of personal data.
The purposes, scope and rules for the collection and further processing of personal data by these entities can be found in their privacy protection rules. We encourage you to read them, you will find them, among others at the following addresses:
CATEGORIES OF RELATED PERSONAL DATA
The personal data controller processes the following categories of relevant personal data:
• contact details;
• data on complaints, complaints and requests.
FREEDOM TO PROVIDE PERSONAL DATA
Providing the required personal data by you is voluntary and is a condition for the provision of Services.
DATA PROCESSING TIME
Personal data will be processed by us as the Administrator for the period necessary to carry out marketing activities and other services performed for the User. Personal data will be deleted in the following cases:
• when the data subject asks for their removal or withdraws the consent granted;
• after receiving information that the stored data is out of date or inaccurate.
Some data in the field of: e-mail address, name and surname, the address may be stored for the next 3 years for evidence purposes, considering complaints, complaints and claims related to the Platform. This data will not be used for marketing purposes.
We store data on Users who are not logged in for a period corresponding to the life cycle of “cookies” saved on devices or until they are deleted on the User’s device by the User.
PERSONAL DATA RECIPIENTS
We provide your personal data to the following categories of recipients:
• state authorities, such as the prosecutor’s office, the Police, the Office for Personal Data Protection, if they request it;
Personal data may also be transferred to other entities – suppliers of tools whose cookies we use. Information on these entities and the purposes of using cookies can be found in the Cookies Policy.
Our suppliers are based mainly in the countries of the European Economic Area (EEA), but also outside the EEA. Your personal data transferred outside the EEA will be secured with appropriate legal safeguards so that our suppliers guarantee a high level of personal data protection. These guarantees result in particular from the obligation to use standard contractual clauses adopted by the Commission (EU) or participation in the Privacy Shield program established under the Commission Implementing Decision (EU) 2016/1250 of July 12 2016, on the adequacy of the protection provided by the Shield EU-US Privacy.
THE RIGHTS OF THE PERSON WHOSE PERSONAL DATA WE PROCESS
Under the GDPR, you have the right to:
• access to personal data (Article 15 of the GDPR) – you can obtain information from the Administrator whether your data is being processed and if it is being processed, you have the right to:
• access to data;
• obtain information about the purposes of the processing, categories of personal data processed, about the recipients or categories of recipients of this data, the planned period of storage of your data or the criteria for determining this period, about your rights under the GDPR and the right to lodge a complaint with the supervisory authority, about the source these data, about automated decision-making, including profiling, and the security measures used in connection with the transfer of these data outside the European Union;
• obtain a copy of your personal data.
• rectification of personal data (Article 16 of the GDPR) – if your personal data is incorrect, you can request the Administrator to rectify it immediately. You can also request the Administrator to supplement this data.
• deletion of personal data, the so-called “The right to be forgotten” (Article 17 of the GDPR) – you can request it when:
• your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• you have withdrawn your specific consent to the extent to which personal data was processed based on your consent;
• your personal data has been processed unlawfully;
• you have objected to the processing of your personal data in connection with the processing necessary to perform a task carried out in the public interest or the processing necessary for the purposes of legitimate interests pursued by the Administrator or a third party.
Despite submitting a request to delete personal data, the Administrator may process your data further to establish, assert or defend claims about which you will be informed.
• submitting a request to limit the processing of personal data (Article 18 of the GDPR) – you can request it when:
• you question the correctness of your personal data – the personal data administrator will limit the processing of your personal data for a period allowing for the verification of the correctness of this data;
• when the processing of your data is unlawful, and instead of deleting personal data, you request the restriction of the processing of your personal data;
• your personal data are no longer needed for processing, but they are needed to establish, assert or defend your claims;
• when you object to the processing of your personal data – until it is determined whether the legitimate interests of the Personal Data Administrator override the grounds indicated in your objection.
• objection to the processing of personal data (Article 21 of the GDPR) – you can object at any time to the processing of your personal data, including profiling, in connection with:
• processing necessary to perform a task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the Administrator or a third party;
• requests for the transfer of personal data (Article 20 of the GDPR) – you have the right to receive your personal data from the Administrator in a structured, commonly used, machine-readable format and send them to another personal data administrator or request that the Administrator send your personal data directly to another the administrator (if technically possible).
• withdrawal of consent to the processing of personal data – you can do it at any time. This does not affect the lawfulness of the processing carried out based on your consent before its withdrawal.
• complaints to the supervisory authority – if you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
You can exercise all your rights by contacting the Administrator at the contact addresses indicated in this document. The administrator, without undue delay – and in any case within one month of receiving the request – will provide you with information about the actions taken in connection with your request. If necessary, the monthly period may be extended by another two months due to the complexity of the request or the number of requests. In any case, the Administrator will inform you about such extension within one month of receiving the request, stating the reasons for the delay.