.svg)
.svg){kind=icon}
Privacy Policy
I. Introduction
Contact for the Data Protection Officer:
Paweł Biały
iod@donedeliveries.com
+48 33 875 54 12
1. The administrator of your personal data(hereinafter referred to as the: User(s)) collected through the websiteat www.donedeliveries.com (hereinafter referred to as the: Service)is DONE DELIVERIES Spółka z ograniczoną odpowiedzialnością sp. z o.o. based inAndrychów, at ul. Batorego 35 (hereinafter referred to as the: Administrator). Contactwith the Administrator:
Postal address: Andrychów, ul. Batorego 35
Emailaddress: hello@donedeliveries.com
Phonecontact: +48 33 875 54 12
Contactfor the Data Protection Officer
IOD@donedeliveries.com
The data administrator is responsible for thesecurity of the provided personal data and for processing it in accordance withthe law.
2. In matters related to the processing of personaldata and exercising the rights granted to users under the personal dataprotection regulations, you can contact the Administrator.
3. Personal data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), as well as other currently applicable data protection laws.
4. During your visit to the Service, personal data provided by the user is collected in accordance with the functionalities used by the user. For some functionalities of the Service, a dedicated regulation is provided. In such cases, personal data is processed for purposes and in the manner specified in that regulation. In other cases, personal data is processed in accordance with the principles set out in this Privacy Policy.
II. Basic information
1. The following information applies to all methodsof handling personal data provided by users, as indicated in Chapters III and IV.
2. Data will not be collected for decisions basedsolely on automated data processing, including profiling as referred to inArticle 22 of the GDPR.
3. With all data security guarantees, personal dataprocessed via the Service may be transferred – in addition to persons authorisedby the Administrator – to other entities, including:
1) entities authorised to receive such data underthe law;
2) entities processing them on behalf of the Administrator (e.g. IT technical service providers, hosting service providers,service technicians for those services and IT equipment, providers of analytical services, entities providing advisory services);
3) other entities as necessary for the performanceof the contract, the provision of services, and legal requirements, such as electronic payment operators, postal and courier companies, notary or lawfirms, contractors providing services for the Administrator under concluded agreements.
4. The Administrator will not transfer yourpersonal data to countries outside the European Economic Area.
5. The Administrator informs that, in connection with the processing of personal data obtained viathe Service, each person to whom the data pertains has the right to submit arequest regarding:
1) access to data (information about dataprocessing or a copy of the data);
2) rectification of data (when it is incorrect);
3) deletion of personal data (the right to beforgotten);
4) restriction of personal data processing;
5) data portability to another administrator;
6) objection to data processing when the basis forprocessing is the legitimate interest of the Administrator;
7) withdrawal of consent, if the Administrator processes personal data based on consent, at any time and in any manner without affecting the period prior to its withdrawal;
– as specified in the GDPR. To exercise theserights, please contact the Administrator (as per the contact details providedabove).
6. Each person to whom the data pertains has theright to file a complaint with the President of the Personal Data ProtectionOffice in Warsaw if they believe that the processing of personal data isinconsistent with the law.
7. The data was obtained by the Administrator directly from the user. The Administrator may also process personal data ofother persons provided by the user in accordance with the various functionalities of the Service.
III. PERSONAL DATA PROVIDED BY THE USER
A. EMAIL OR PHONE CONTACT
1. The Administrator processes personal data,including the first name, last name, contact phone number, email address, andother information provided by the user, to the extent necessary to handle enquiries and respond to questions submitted via the phone number and email addressavailable on the Service (legal basis – Article 6(1)(f) GDPR) – “legitimate interest”. If the user provides special categories of data (e.g. health information), they declare that they consent to its use for proper handling of enquiriesand communication, including responding to the request (legal basis – Article9(2)(a) GDPR) – “explicit consent to process health data”.
2. The Administrator has the right to processpersonal data for as long as necessary to fulfil the purposes mentioned above.Depending on the legal basis, this will be either:
· the time necessary to handle the enquiry, respond to the question, or resolvematters related to the correspondence or conversation;
· the time until an objection is raised;
· the time until the user withdraws consent (including consent to the processing ofspecial categories of data).
3. Withdrawal of consent can be made, inparticular, by contacting the Administrator via the contact details providedabove. Withdrawal of consent does not affect the lawfulness of data use duringthe period when consent was valid.
4. Providing personal data is voluntary butnecessary to respond to the enquiry or for proper handling and fulfilment ofthe request. Failure to provide personal data may result in an inability torespond or fulfil the request.
B. Contact Form
1. The Administrator may collect personal data,including the contact phone number or email address and other informationprovided by the user via the contact form available on the Service.
2. The Administrator processes personal data to theextent necessary to respond to enquiries submitted via the contact form (legalbasis – Article 6(1)(f) GDPR) – “legitimate interest”. If the user provides special categories of data (e.g. health information), they declare that theyconsent to its use for proper handling of enquiries and communication,including responding to the request (legal basis – Article 9(2)(a) GDPR) – “explicit consent to process health data”.
3. The Administrator hasthe right to process personal data for as long as necessary to fulfil thepurposes mentioned above. Depending on the legal basis, this will be either:
1) the time necessary to respond to the enquirysubmitted via the contact form;
2) the time until an objection is raised;
3) the time until the user withdraws consent (including consent to the processing of special categories of data).
4. Withdrawal of consentcan be made, in particular, by contacting the Administrator via the contactdetails provided above. Withdrawal of consent does not affect the lawfulness ofdata use during the period when the consent was valid.
5. Providing the data indicated in the contact form is voluntary but necessary to respond to the enquiry or for proper handling and fulfilment of the request. Failure to providepersonal data will result in the inability to send a response to the user.
C. Marketing Communication - Agreement to Provide Newsletter
1. The Administratorprocesses your personal data to:
1) provide marketing communication (e.g. newsletters) via electronic communication means (particularly email, phone calls, SMS or MMS messages) based on separate consent for data processing for this purpose – e.g., in the case of sending additional marketing materials, event invitations (legal basis – Article 6(1)(b) GDPR) – “agreement”;
2) carry out direct marketing, including sending information about the Administrator's products and services, as well as third-party (e.g. business partners) products and services cooperating with the Administrator (legal basis – Article 6(1)(f) GDPR) – “legitimate interest”;
in compliance with the Telecommunications Actand the Electronic Services Act – regarding the communication channel for such marketing content, as chosen by the user – “consent.”
2. The Administrator has the right to processpersonal data for as long as necessary to fulfil the purposes mentioned above.Depending on the legal basis, this will be either:
1) the time necessary to fulfil the contract;
2) the time until the expiration of claimsresulting from the contract;
3) the time until the user withdraws consent, butwithdrawal does not affect the period before its withdrawal.
3. The recipient of marketing communication mayunsubscribe at any time and without providing a reason, as specified in theTerms of Service.
4. Providing data formarketing communication through the chosen communication channel (i.e. email,phone number) is voluntary but necessary to receive such information. Failureto provide personal data will result in the inability to receive marketingcontent
D. Facebook
1. The Administrator isthe controller of personal data for users using the products and servicesoffered by Meta Platforms Ireland Limited, headquartered at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as: Meta),who visit the Administrator’s pages, particularly at the address: https://www.facebook.com/DONEDeliveries/ (hereinafter referred to as the: Fanpage). The Administrator is responsible for the security of the personal data providedand its processing in accordance with the law.
2. Administrator przetwarza dane osobowe użytkowników, którzy korzystając z produktów i usług firmy Meta, odwiedzają Fanpage. Dane te są przetwarzane:
1) in connection with managing the Fanpage,including promoting the Administrator’s brand (legal basis: Article 6(1)(f)GDPR – “legitimate interest”);
2) to respond to questions submitted via Messengeror other services offered by Meta (legal basis: Article 6(1)(f) GDPR – “legitimateinterest”); in the case of special categories of data (e.g. healthinformation), the user declares that they consent to its use for properhandling and responding to enquiries (legal basis: Article 9(2)(a) GDPR – “consent”).
3. The Administrator has the right to process:
1) publicly available personal data (such as theusername, profile picture, activity status on Facebook or Messenger), comments,and other information publicly shared by the user using Meta's products andservices;
2) personal data provided by the user visiting theFanpage, including information shared in the user’s profile and other comments,messages, and communications (e.g. pictures, contact details, residenceinformation, interests, or worldviews, etc.);
3) other personal data provided by users inmessages via Messenger or other Meta services (including contact details,health information, etc.) to respond to enquiries or fulfil contact requests.
4. The scope of personal data processing, detailed purposes, and user rights when using Meta's products and services are specified directly in:
1) Facebook’s terms of service (available at: https://www.facebook.com/legal/terms);
2) “Data Policy” (available at: https://www.facebook.com/policy); or
3) legal provisions specified by the actions takenby the user on Facebook.
5. The Administrator has the right to processpersonal data for the period necessary to achieve the above-mentioned purposes.Depending on the legal basis, this will be either:
1) the time until an objection is raised (or theFacebook account is deleted;
2) the time until consent is withdrawn (or theFacebook account is deleted). Withdrawal of consent does not affect thelegality of data processing during the period when the consent was valid;
3) the time necessary to handle a request sent bythe user via Messenger or other Meta services.
6. The catalogue of personal data recipientsprocessed by the Administrator primarily depends on the range of products andservices used by the Facebook user, but also on the user’s consent or legalprovisions. With all data security guarantees, the Administrator may transferpersonal data of users visiting the Fanpage to other entities, including thoseprocessing data on behalf of the Administrator, such as technical serviceproviders and advisory service providers (including law firms), as well ascontractors providing services to the Administrator based on concludedagreements.
7. The Administratorwill not transfer personal data of users utilising Meta products and servicesto countries outside the European Economic Area (countries other than EU memberstates, Iceland, Norway, and Liechtenstein).
8. The Administrator may process personal data of users utilising Meta products and services who visit the Fanpage to analyse how users interact with the Administrator’s website and related content (for statistical purposes) – in cases where user interactions with the Fanpage and related content trigger an event for page statistics, which involves the processing of personal data (legal basis: Article 6(1)(f) GDPR – “legitimate interest”).
9. In the case of personal data processed for the purpose of conducting statistics regarding user actions on the Fanpage (including following or unfollowing the page, recommending the page in a post or comment, liking or unliking the page or post), Nowa Itaka and Meta are joint controllers of the personal data of users. The types of data, the scope of processing, and privacy protection rules and user rights are detailed in:
1) this document,
2) the “Data Policy” document, published at: https://www.facebook.com/policy,
3) the “Page Insights Joint Controller Addendum”document, published at: https://www.facebook.com/legal/terms/page_controller_addendum.
10. Meta is responsible for informing users utilising Meta’s products and services about data processing for page statistics and enabling them to exercise their rights in accordance with the GDPR. Information on the data used to create page statistics is available at: https://www.facebook.com/legal/terms/information_about_page_insights_data.
11. Meta’s Data Protection Officer can be contacted via the form available at: https://www.facebook.com/help/contact/540977946302970.
E. Instagram
1. The Administrator is the controller of personal data for users who use products and services offered by Meta Platforms Ireland Limited, headquartered at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as: Meta) within the Instagram service, visiting the Administrator's profile available at: https://www.instagram.com/done.deliveries/. The Administrator is responsible for the security of the personal data provided and for processing it in accordance with the law
2. The Administrator processes the personal data of users who visit the Business Profile using Meta’s products and services. This data is processed:
1) in connection with managing the BusinessProfile, including promoting the Administrator’s brand (legal basis: Article6(1)(f) GDPR – “legitimate interest”);
2) to respond to questions submitted via Instagramor other services offered by Meta (legal basis: Article 6(1)(f) GDPR – “legitimateinterest”); in the case of special categories of data (e.g. healthinformation), the user declares that they consent to its use for properhandling and responding to enquiries (legal basis: Article 9(2)(a) GDPR – “consent”).
3. The Administrator has the right to process:
1) publicly available personal data (such asusername, profile picture, Instagram activity status), comments, and otherinformation publicly shared by the user;
2) personal data provided by the user visiting theBusiness Profile, including information shared in the user’s profile, as wellas other comments, messages, and communications (e.g. pictures, contactdetails, interests, or worldviews, etc.);
3) other personal data provided by users inmessages via Instagram or other Meta services (including contact details,health information, etc.) to respond to enquiries or fulfil contact requests.
4. The scope of personal data processing, detailedpurposes, and user rights when using Instagram’s products and services arespecified directly in:
1) Instagram’s terms of service (available at: https://help.instagram.com/581066165581870); and
2) “Privacy Policy” (available at: https://privacycenter.instagram.com); or
3) legal provisions specified by the actions takenby the user on Instagram.
5. The Administrator has the right to process personal data for as long as necessary to fulfil the purposes mentioned above.Depending on the legal basis, this will be either:
1) the time until an objection is raised (or theInstagram account is deleted);
2) the time until consent is withdrawn (or theInstagram account is deleted). Withdrawal of consent does not affect thelawfulness of data processing during the period when the consent was valid;
3) the time necessary to handle enquiries submittedvia Instagram or other Meta services.
6. The list of personal data recipients processedby the Administrator primarily arises from the scope of the Instagram productsand services used by the user, but also from the user’s consent or legalprovisions. With all data security guarantees, the Administrator may transferpersonal data of users visiting the Business Profile to other entities,including those processing data on behalf of the Administrator, e.g. technicalservice providers and advisory service providers (including law firms), as wellas contractors providing services to the Administrator based on concludedagreements.
7. The Administrator will not transfer personal data of users using Meta products and services to countries outside the European Economic Area (i.e. countries other than EU countries and Iceland,Norway, and Liechtenstein).
8. The Administrator may process personal data of users using Meta’s products and services who visit the Business Profile to analyse how users interact with the Administrator's website and related content (for statistical purposes) – in cases where user interactions with the Business Profile and related content trigger an event for page statistics, which involves the processing of personal data (legal basis: Article 6(1)(f) GDPR – “legitimate interest”).
9. In the case of personal data processed for the purpose of conducting statistics regarding user actions on the Business Profile (including following or unfollowing the Business Profile, recommending the Business Profile in a post or comment, liking or unliking the Business Profile or a post), Nowa Itaka and Meta are joint controllers of users' personal data. The types of data, the scope of processing, and privacy protection rules and user rights have been detailed in:
1) this document;
2) “Data Policy” available at: https://privacycenter.instagram.com/policy;
3) “Page Insights Joint Controller Addendum”available at: https://www.facebook.com/legal/terms/page_controller_addendumand https://www.facebook.com/business/help/441651653251838?id=419087378825961.
10. Meta is responsible for informing Instagram users about the processing of data for page statistics and for enabling them to exercise their rights in accordance with the GDPR (information on data used to create page statistics has been provided at: https://privacycenter.instagram.com/policy).
11. Meta’s Data Protection Officer can be contacted via the form available at: https://www.facebook.com/help/contact/540977946302970.
F. LinkedIn
1. The Administrator is the controller of personal data for users utilising the products and services offered by LinkedIn Ireland Unlimited Company, located at Wilton Place, Dublin 2, Ireland (hereinafter referred to as: LinkedIn), who visit the Administrator’s profile available at: https://pl.linkedin.com/company/donedeliveries (hereinafter referred to as: Business Profile). The Administrator is responsible for the security of the personal data provided and for processing it in accordance with the law.
2. The Administrator processes the personal data of users who, while using LinkedIn’s products and services, visit the Business Profile. This data is processed:
1) in connection with managing the BusinessProfile, including promoting the Administrator’s brand (legal basis: Article6(1)(f) GDPR – “legitimate interest”);
2) to respond to questions submitted via servicesoffered by LinkedIn (legal basis: Article 6(1)(f) GDPR – “legitimate interest”);in the case of special categories of data (e.g. health information), the userdeclares that they consent to its use for proper handling and responding to enquiries,including conducting communication and providing responses (legal basis:Article 9(2)(a) GDPR – “consent”).
3. The Administrator has the right to process:
1) publicly available personal data (such as username, profile picture, LinkedIn activity status), comments, and other information publicly shared by the user utilising LinkedIn’s products and services;
2) personal data provided by the user visiting the Business Profile, including information shared in the user’s profile, as well as other comments, messages, and communications (e.g. pictures, contact details, work location, residence, education, interests, or worldviews);
3) other personal data provided by users in messages via LinkedIn services (including contact details and health information) to respond to enquiries or fulfil a contact request.
4. The scope of personal data processing, detailed purposes, and the rights and obligations of the user utilising LinkedIn’s products and services are directly outlined in:
1) LinkedIn’s user agreement (available at: https://pl.linkedin.com/legal/user-agreement); and
2) the “Privacy Policy” (available at: https://pl.linkedin.com/legal/privacy-policy); or
3) legal provisions specified by the actions takenby the user on LinkedIn.
5. The Administrator hasthe right to process personal data for as long as necessary to fulfil thepurposes mentioned above. Depending on the legal basis, this will be either:
1) the time until an objection is raised (or theLinkedIn account is deleted);
2) the time until consent is withdrawn (or theLinkedIn account is deleted). Withdrawal of consent does not affect thelawfulness of data processing during the period when the consent was valid;
3) the time necessary to handle the inquirysubmitted by the user via LinkedIn services.
6. The catalogue of personal data recipientsprocessed by the Administrator primarily arises from the scope of LinkedInproducts and services used by the user, but also from the user’s consent orlegal provisions. With all data security guarantees, the Administrator maytransfer the personal data of users visiting the Business Profile to otherentities, including those processing data on behalf of the Administrator, suchas technical service providers and advisory service providers (including lawfirms), and contractors providing services to the Administrator under concludedagreements.
7. The Administrator will not transfer personal data of users utilising LinkedIn’s products and services to countries outside the European Economic Area (countries other than EU member states, Iceland, Norway, and Liechtenstein).
8. The Administrator may process personal data of users utilising LinkedIn’s products and services who visit the Business Profile to analyse how users interact with the Administrator’s website and related content (for statistical purposes) – in cases where user interactions with the Business Profile and related content trigger an event for page statistics, which involves personal data processing (legal basis: Article 6(1)(f) GDPR – “legitimate interest”).
9. In the case of personal data processed for the purpose of conducting statistics regarding user actions on the Business Profile (including following or unfollowing the Business Profile, recommending the Business Profile in a post or comment), Nowa Itaka and LinkedIn are joint controllers of users' personal data. The types of data, the scope of processing, and privacy protection rules and user rights have been detailed in:
1) this document;
2) the “Privacy Policy” document, published onLinkedIn at: https://pl.linkedin.com/legal/privacy-policy;
3) the “Page Insights Joint Controller Addendum”document, published on LinkedIn at: https://legal.linkedin.com/pages-joint-controller-addendum.
10. LinkedIn is responsible for informing users utilising LinkedIn’s products and services about data processing for page statistics and enabling them to exercise their rights in accordance with the GDPR (information on the data used to create page statistics has been provided at: https://pl.linkedin.com/legal/privacy-policy).
11. You can contact LinkedIn’s Data Protection Officer via the form available at: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
G. YouTube
1. The Administrator is the controller of personal data for users utilising the products and services offered by YouTube, i.e. Google Ireland Limited, located at Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin, Ireland (hereinafter referred to as: Google), who visit the Administrator’s profile available at:
https://www.youtube.com/channel/UCAAtdTOw0zdKKRL4oCPfEWQ (hereinafter referred to as the: Business Channel). The Administrator is responsible for the security of the transferred personal data and its processing in accordance with the provisions of law.
2. The Administrator processes the personal data of users who, while using YouTube’s products and services, visit the Business Channel. This data is processed:
1) in connection with managing the Business Channel, including promoting the Administrator’s brand (legal basis: Article 6(1)(f) GDPR – “legitimate interest”);
2) to respond to questions submitted via YouTube or other services offered by Google (legal basis: Article 6(1)(f) GDPR – “legitimate interest”); in the case of special categories of data (e.g. health information), the user declares that they consent to its use for proper handling and responding to enquiries, including conducting communication and providing responses (legal basis: Article 9(2)(a) GDPR – “consent”).
3. The Administrator has the right to process:
1) publicly available personal data (such as username, profile picture, YouTube activity status), comments, and other information publicly shared by the user utilising YouTube’s products and services;
2) personal data provided by the user visiting the Business Channel, including information shared in the user’s profile, as well as other comments, messages, and communications (e.g. pictures, contact details, residence information, interests, or worldviews);
3) other personal data provided by users in messages via YouTube or other Google services (including contact details, health information, etc.) to respond to enquiries or fulfil a contact request.
4. The scope of personal data processing, detailed purposes, and the rights and obligations of the user utilising YouTube’s products and services are directly outlined in:
1) YouTube’s terms of service (available at: https://www.youtube.com/intl/pl/about/policies/#community-guidelines); and
2)the “Privacy Policy – Privacy & Terms” (available at: https://policies.google.com/privacy); or
3) legal provisions specified by the actions taken by the user on YouTube.
5. The Administrator has the right to processpersonal data for as long as necessary to fulfil the purposes mentioned above.Depending on the legal basis, this will be either:
1) the time until an objection is raised (or theYouTube account is deleted);
2) the time until consent is withdrawn (or theYouTube account is deleted). Withdrawal of consent does not affect thelawfulness of data processing during the period when the consent was valid;
3) the time necessary to handle enquiries submittedby the user via YouTube or other Google services.
6. The catalogue of personal data recipients processed by the Administrator primarily arises from the scope of YouTube products and services used by the user, but also from the user’s consent or legal provisions. With all data security guarantees, the Administrator may transfer the personal data of users visiting the Business Channel to other entities, including those processing data on behalf of the Administrator, such as technical service providers and advisory service providers (including law firms) and contractors providing services to the Administrator under concluded agreements.
7. The Administrator will not transfer personal data of users utilising YouTube’s products and services to countries outside the European Economic Area (countries other than EU member states, Iceland, Norway, and Liechtenstein).
8. The Administrator may process personal data of users utilising YouTube’s products and services who visit the Business Channel to analyse how users interact with the Administrator’s website and related content (for statistical purposes) – in cases where user interactions with the Business Channel and related content trigger an event for page statistics, which involves personal data processing (legal basis: Article 6(1)(f) GDPR – “legitimate interest”).
9. In the case of personal data processed for the purpose of conducting statistics regarding user actions on the Business Channel (including following or unfollowing the Business Channel, recommending the Business Channel in a post or comment, liking or unliking a video), Nowa Itaka and Google are separate controllers of users' personal data. The types of data, the scope of processing, and privacy protection rules and user rights have been detailed in:
1) this document;
2) the “Privacy Policy – Privacy & Terms”document, published on Google at: https://policies.google.com/privacy.
10. Google is responsible for informing users utilising YouTube’s products and services about data processing for page statistics and for enabling them to exercise their rights in accordance with the GDPR (information on the data used to create page statistics has been provided at: https://policies.google.com/privacy).
11. You can contact Google’s Data Protection Officer via email at: data-protection-office@google.com.
H. Project: Drivers interested in working for DONE Carriers
1. The project aims to connect drivers with carriers cooperating with the Administrator in cases where: the driver is interested in establishing contact with such carriers; and the carriers are interested in establishing contact with the driver. Upon request and with the driver’s consent, the Administrator will provide their contact details (name, surname, phone number) to the carriers, who will then be able to contact the driver directly.
2. The Administrator processes the personal data of drivers for the purpose of connecting them with carriers cooperating with the Administrator, i.e. for the purpose of sharing personal data with the carriers.
3. Providing data by the driver is voluntary but necessary to achieve the aforementioned goal. The consequence of not providing the required personal data is the inability to share the driver's data with the carriers.
4. The driver may withdraw the provided consent at any time and without reason, which will not affect the processing before the withdrawal.
5. The Administrator has the right to process personal data until the driver withdraws consent or until the above-described project is terminated, whichever comes first.e.
6. The Administrator may transfer personal data, in addition to persons authorised by the Administrator, to other entities, including those processing data on behalf of the Administrator, such as technical and IT service providers and advisory service providers; other controllers as necessary for the provision of services and legal requirements, based on concluded agreements.
7. After the driver’s data is transferred to the carrier, the carrier becomes the controller of the driver’s personal data. As such, if the driver wishes to exercise their rights regarding personal data, they should contact the carrier directly.
8. The rights related to personal data processing are applicable and in accordance with Section II of this Privacy Policy.
I. PROJECT: LENDING OF CERTIFICATES OF PROFESSIONAL COMPETENCE
1. The project aims to connect individuals holding a certificate of professional competence (hereinafter referred to as the: Certificate) with carriers who do not possess the Certificate, for the purpose of lending the Certificate. Upon request, and with the consent of the Certificate holder, the Administrator will publish information (name, surname, contact details) on their website about the willingness to lend their Certificate to carriers cooperating with the Administrator.
2. The Administrator processes the personal data of individuals holding the Certificate for the purpose of lending the Certificate to carriers cooperating with the Administrator (legal basis: Article 6(1)(a) GDPR – “consent” in connection with Article 4 of the Regulation (EC) No. 1071/2009 of the European Parliament and of the Council of 21 October 2009 establishing common rules concerning the conditions to be complied with to pursue the occupation of road transport operator and repealing Council Directive 96/26/EC).
3. Providing data is voluntary but necessary to achieve the aforementioned goal. The consequence of not providing the required personal data is the inability to share the data with carriers interested in obtaining the Certificate.
4. Consent can be withdrawn at any time and without reason, which will not affect the processing before the withdrawal.
5. The Administrator has the right to process personal data until consent is withdrawn or until the above-described project is terminated, whichever comes first.
6. The Administrator may transfer personal data, in addition to persons authorised by the Administrator, to other entities, including those processing data on behalf of the Administrator, such as technical and IT service providers and advisory service providers; other controllers as necessary for the provision of services and legal requirements, based on concluded agreements.
7. After the driver's data is transferred to the carrier, the carrier becomes the controller of the driver’s personal data. As such, if the driver wishes to exercise their rights regarding personal data, they should contact the carrier directly.
8. The rights related to personal data processing are applicable and in accordance with Section II of this Privacy Policy.
J. Recording of telephone calls
1. The Administrator processes personal data collected through the telephone call recording system to verify the quality of the services provided, based on a legitimate interest (legal basis: Article 6(1)(f) GDPR – “legitimate interest”). On the same legal basis, personal data may also be processed to establish or pursue claims and defend against claims, for the duration of the limitation period.
2. The provision of data in connection with the recording of a telephone conversation is voluntary and therefore failure to provide it does not entail any negative legal consequences. Data is transferred within the framework of conversations conducted by employees of departments responsible for relations and cooperation with customers and carriers in the scope of the provision of the transport service.
3. Recordings from the telephone call recording systems will be stored for no longer than six months from the date of the recording. In cases where the recording is evidence in legal or administrative proceedings, this period will be extended until the proceedings are finally concluded. After these periods, recordings containing personal data will be destroyed, ensuring all data security guarantees. The Administrator may transfer personal data of the user, in addition to authorised persons, to other entities, including those processing data on behalf of the Administrator, such as technical service providers and advisory service providers, as well as other controllers, where necessary to respond to questions.
4. The Administrator will not transfer the user’s personal data to countries outside the European Economic Area (countries other than EU member states, Iceland, Norway, and Liechtenstein).
5. The rights related to personal data processing apply accordingly and are detailed in Section II of this Privacy Policy.
IV. Automatically collected data
1. Using the Service involves sending requests to the server, which are automatically logged in event logs.
2. The event logs record data related to user sessions, including: IP address, device type, date and time of the visit to the Service, information about the web browser and operating system, browser language, and time zone.
3. The data recorded in the event logs is not associated with specific individuals.
4. Access to the content of the event logs is granted to persons authorised by the Administrator to administer the Service.
5. The chronological record of event information serves as a support material used for administrative purposes. Analysing the event logs enables the detection of threats, ensuring the proper security of the Service, and creating statistics to better understand how users interact with the Service.
6. Data related to user sessions is used to diagnose problems related to the operation of the Service, analyse potential security breaches, manage the Service, and create statistics (legal basis: Article 6(1)(f) GDPR – “legitimate interest”).
7. The Service uses cookies to function. More information on this can be found in the “INFORMATION ABOUT COOKIES”.
V. Final Provisions
1. This document is informative in nature and applies specifically to the Service.
2. The Administrator reserves the right to make changes to the current privacy policy, particularly in the case of:
1) technological developments;
2) changes to generally applicable laws, includingthose concerning data protection or information security;
3) development of the Service, including theimplementation of new functionalities.
3. The Administrator will inform users about changes to the privacy policy by posting a notice on the Service’s website.
4. The Privacy Policy is effective from 15 September, 2024.
INFORMATION ABOUT COOKIES
I. GENERAL INFORMATION
1. In accordance with the provisions of the Telecommunications Law, the Administrator informs about the use of cookies and other similar internet technologies in the Service.
2. Only anonymous statistical data about users is collected via cookies and other internet technologies. The information obtained through these technologies is not attributed to any specific individual and does not allow for identification.
3. The placement and use of cookies and other internet technologies are not harmful to the user’s device (i.e. computer, phone, or tablet), and they do not cause any changes in the device’s configuration, installed software, or applications.
4. The purpose of using the above-mentioned technologies by the Service is to:
1) tailor the content of the Platform’s webpages to the user’s preferences and optimise the use of the Service; in particular, these files allow the recognition of the user’s device and properly display the webpage, adjusted to their individual needs;
2) maintain the user’s session on the Service (after logging in), so that the user does not have to re-enter their login and password on every subpage of the Service;
3) create analyses, reports, and statistics on how users utilise the Service’s pages, which helps improve the structure and content;
4) monitor traffic quality to verify compliance with legal regulations for using analytical cookies;
5) present advertisements, including based on the user’s preferences on the Service.
II. COOKIES AND OTHER TECHNOLOGIES
1. During the use of the Service, small text files are placed on the user’s device. These files typically contain the following information:
1) the name of the Service from which the cookiewas sent;
2) a unique generated number;
3) the storage duration of the file.
2. These files can be categorised based on their source and how long they remain on the user’s device. The Service uses the following types of files:
1) Based on the source, cookies are categorised as:
a) first-party cookies (own) – originating from the Service, with the file containing a name indicating the domain belonging to the Administrator; these cookies are used for: authenticating and maintaining the session on the website; optimising and improving service performance (performance cookies) that allow the collection of data on how the website is used; enhancing the functionality and reliability of the service and providing access to full functionality, including correctly configuring certain features (functional cookies) that allow for the saving of selected settings and customisation of the interface, e.g. language, font size, or website appearance; ensuring the security of the website, e.g. detecting abuses related to the authentication process on the website; saving the fact that highlighted information was acknowledged (INFO session cookie).
b) third-party cookies (external) – placed through the Service, the file saves the name indicating the domain belonging to the Administrator; these cookies are used to display relevant materials in advertising networks; to study the activity of anonymous users and generate statistics based on this, helping understand how the Service is used; and to enable the use of third-party technologies embedded in the Service.
2) Based on how long the cookies are stored on the user’s device, they are categorised as:
a) session cookies, which are created each time the website is visited and are deleted when the browsing window is closed,
b) persistent cookies, which are stored on the user’s device for a period defined in the cookie parameters or until manually deleted by the user.
3. Third-party cookies (e.g. from service providers, partners, or other entities cooperating with the Administrator) are placed on the user’s device, in particular to:
1) study the activity of anonymous users and generate statistics, for example, through Google Analytics software, which helps understand how users interact with the Service; Google does not use the collected data to identify the user or combine this information to enable user identification. Detailed information can be found at: https://www.google.com/intl/pl/policies/privacy/partners;
2) enable the use of services and technologies embedded in the Service from external providers (e.g. Facebook, YouTube plugins);
3) implement the Administrator’s marketing goals, for example using Google Adwords, a tool that measures the effectiveness of advertising campaigns conducted by the Administrator, allowing the analysis of data such as keywords. Detailed information can be found at: https://policies.google.com/technologies/ads?hl=pl.
4. The Administrator also uses the capabilities of web browsers, which can store information, including the following technologies that enable data storage:
1) IndexedDB – data stored as objects, access towhich is restricted exclusively to the appropriate data sources, such asdomains or subdomains from which they were saved;
2) Session Storage – a data storage facility thatserves as an equivalent to cookies but has a much larger data capacity. Thedata stored in Session Storage is deleted after the browser window is closed;
3) Local Storage – a data storage facility whereinformation is permanently stored in the user’s web browser until manuallydeleted.
IV. EXTERNAL ENTITIES
1. The Administrator informs that cookies may also be placed and used by external entities. The Service includes embedded buttons, tools, or content that link to services and websites of the Administrator's partners, such as social media plugins (e.g. Facebook, YouTube, Instagram). Using these applications may result in information being transmitted via cookies and similar internet technologies to the mentioned external entities and other entities cooperating with the Administrator.
2. The Administrator recommends that users review the cookie policies of these external entities after navigating to other sites.
V. HOW TO MANAGE COOKIES AND OTHER TECHNOLOGIES
1. The user of the Service can make choices regarding the use of cookies by the Administrator and third parties (especially analytical and advertising cookies). Changing cookie settings may affect the quality of the services or make it impossible to use certain services and functionalities of the Service (e.g. disabling cookies necessary for the proper functioning of the Service, saving user preferences, or saving login data).
2. The user may withdraw consent for the use of certain cookies (e.g. for analytical or marketing purposes) at any time by changing the settings, which will not affect the legality of data processing carried out prior to the withdrawal of consent.
3. The user can also change the cookie settings in their web browser or disable cookies at any time. If the user does not change the default browser settings concerning data-collecting cookies, these cookies will be placed on their device and used according to the rules defined by the web browser provider.
4. Information on managing cookies in specific browsers, including instructions for blocking cookies, can be found on the pages dedicated to each browser:
1) Chrome: https://support.google.com/chrome/answer/95647?hl=pl
2) Firefox: https://support.mozilla.org/pl/kb/ciasteczka
3) Microsoft Edge: https://support.microsoft.com/pl-pl/help/4468242/microsoft-edge-browsing-data-and-privacy-microsoft-privacy
4) Opera: https://help.opera.com/pl/latest/web-preferences/#cookies
5) Safari: https://support.apple.com/pl-pl/HT201265
5. Users who, after reviewing the information available on the Service, do not want cookies and other technologies to remain stored in their browser should remove them from their browser after completing their visit to the Service.