Privacy policy

Definitions

Controller – means the company under the business name of EPP Sp. z o.o. with its registered office in Warsaw, ul. Konstruktorska 12A.
Personal Data – information about a natural person who is identified or identifiable by one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity, including the device IP, location data, internet identifier, and information collected through cookies and other similar technologies.
Policy – this Privacy Policy.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Website – the website operated at: https://oxygenoffice.com.pl/
User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.

Data processing in connection with the use of the website

In connection with the User’s use of the Website, the Controller collects data to the extent necessary to provide the individual services offered and information about the User’s activity on the Website. The following describes the specific principles and purposes of the processing of the Personal Data collected during the User’s use of the Website.

Purposes of and legal basis for data processing on the website

Use of the website
1. Personal data of all persons using the Website (including IP addresses or other identifiers and information collected through cookies or other similar technologies) are processed by the Controller:
  1. in order to provide electronic services in terms of providing the Users with access to content collected on the Website, in which case the legal basis for the processing is the necessity of the processing for the performance of a contract (Article 6(1)(b) GDPR);
  2. for analytical and statistical purposes, in which case the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in conducting analyses of the Users’ activity and their preferences in order to improve the functionalities used and services provided;
  3. for the purposes of possible establishment, exercise or defence of legal claims, in which case the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).
2. The Users’ activity on the Website, including their Personal Data, is recorded in system logs (a special computer programme used to keep a chronological record containing information on events and activities that relate to the IT system used to provide services by the Controller). The information collected in the logs is processed primarily for the purposes of providing services. The Controller also processes them for technical and administrative purposes, for the purposes of ensuring security and managing the IT system, as well as for analytical and statistical purposes, in which case the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).
Contact forms
1. The Controller provides the option to contact it using electronic contact forms. The use of the form requires providing the Personal Data necessary to contact the User and respond to the enquiry made. The User may also provide other data in order to facilitate contact or the handling of an enquiry. The provision of data marked as mandatory is required in order to receive and handle the enquiry, and failure to do so will render handling it impossible. The provision of other data is voluntary.
2. Personal Data are processed:
  1. for the purpose of identification of the sender and the handling of his/her enquiry sent via the form provided, in which case the legal basis for the processing is the necessity of the processing for the performance of the service contract (Article 6(1)(b) RODO); with regard to the data provided optionally, the legal basis for the processing is the consent (Article 6(1)(a) RODO);
  2. for analytical and statistical purposes, in which case the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in keeping statistics on enquiries submitted by the Users via the Website in order to improve its functionality.

Cookies and similar technology

General information
Cookies are small text files that are placed on your computer by websites you visit. They are commonly used to improve the operation of websites or enhance their performance, as well as to provide information to website owners. The table below explains the cookies we use and why we use them. We use the following categories of cookies: session cookies and permanent cookies.
1. session cookies – remain on the User’s device until he/she leaves the website or until the software (web browser) is switched off;
2. permanent cookies – remain on the device for the time specified in the cookie parameters or until they are manually deleted by the User.
For what purpose does the controller use cookies?
Considering the purpose of the use of the cookies, the Controller uses two categories of cookies: “essential” and “additional” ones, for the following purposes:
1. “Essential” cookies – for the purpose and to the extent necessary for the correct display of the website. It is about providing basic functions such as security, network management, and availability. You can disable them by changing your browser settings, but this may affect the functioning of the website. Session cookies may be used on the Website for this purpose.
2. “Additional” cookies, including:
  1. functional cookies – to research the preferences of persons using the Website; the results of this research are intended to be used to improve the quality of the website’s display;
  2. marketing cookies – to collect more information about the User, to provide personalized Promotion, and/or to make an automated decision;
  3. analytical cookies – for marketing purposes in order to display personalised advertising on websites as well as remarketing through Google Ads and tracking user traffic on the website.
    Permanent and session cookies may be used on the Website for this purpose.
    
    The use of this category of cookies is based on the User’s consent. The data indicated are not combined with information such as name, email address or other data which makes it possible to easily identify the website visitor.
Analytical (third party) cookies
The Controller and the providers of the various functionalities apply various solutions and tools used for analytical purposes. Below is some basic information on these tools. Please refer to the privacy policy of the respective provider for further details.
1. Google analytics (provider: Google Inc.). These cookies are used to collect information about how visitors use the Website. The Controller uses this information to generate reports and improve the website. These cookies enable us to count visits and traffic sources so that we can measure and improve the performance of our website. They help to determine which pages are the most and least popular and to see how visitors move around the website. All information collected by these cookies is aggregated and therefore anonymous. If the User does not allow these cookies, we will not know when he/she visited our website. The explanation of Google’s privacy and data protection can be found at https://support.google.com/analytics/answer/6004245. As part of the service provided, data may be transferred outside the EEA and Switzerland, mainly to the United States.
2. Google tag manager (provider: Google Inc.) Google Tag Manager is a tag management system that enables the implementation of various tracking codes and analytical tools without interfering with the source code of a website. Google Tag Manager itself does not collect personal data, but it can trigger other tools (e.g. Google Analytics, Meta Pixel) that collect user data. For more information about Google’s data processing, please visit: Google Privacy Policy.
Marketing cookies
1. Information about the User’s use of the Website which allows us to customise the display of relevant advertisements on our websites or those of third parties, tailored to the Users’ preferences and habits.
  This information may be used, for example, to generate the Users’ general profiles, which means that the Website User is subject to profiling, but this type of profiling does not affect the User’s rights.
2. Decisions regarding the display of Promotions on specific pages may be made automatically on the basis of information collected about the User activity. The processing of the User personal data for the purpose of preparing and delivering tailored Promotions may in some cases involve the use of IT systems that allow the automated tailored Promotions to be displayed on the Website without human intervention. In accordance with the applicable law, in cases where a decision taken on the basis of such processing of the User personal data produces legal effects for the User or similarly significantly affects the User, the User has the right to obtain human intervention from the Controller, to express his/her own position, and to contest the decision. For this purpose, the User may contact the Controller or use the functionalities available on the Website.
  An automated decision, including the profiling, will take place if explicit consent is given in the cookie settings.
Social plug-ins
1. The Website uses social network plug-ins (such as Facebook, Google+, LinkedIn, and Twitter plug-ins). These plug-ins allow the Users to share content published on the Website with the social network of their choice. As a result of the use of plug-ins on the Website, the respective social network receives information about the User’s use of the Website and may attribute this information to the User’s profile created on the respective social network. The Controller has no knowledge of the purpose or scope of data collection by social networks. Detailed information can be found at the links below:
  1. Facebook: https://www.facebook.com/policy.php
  2. Google https://privacy.google.com/take-control.html?categories_activeEl=sign-in
  3. LinkedIn https://www.linkedin.com/legal/privacy-policy?_l=pl_PL
  4. Twitter https://twitter.com/en/privacy
2. What files we use:
  1. _ga (Google Analytics) – user traffic tracking and remarketing in Google Ads, category: analytical, duration: 2 years
  2. _gid (Google Analytics) – user identification on different pages within one session, category: analytical, duration: 24 hours
  3. _GTM-XXXXXX (Google Tag Manager) – managing analytical tags, category: functional, duration: to be deleted by the User
  4. cookie_consent (One Trust) – recording whether the user has accepted the cookie policy, category: essential, duration: 6-12 months
  5. consent_mode (One Trust) – recording whether the user has accepted the cookie policy, category: essential, duration: up to 2 years
Managing and deleting cookies
1. Most browsers offer the option of accepting or rejecting all cookies. The User can also easily change cookie settings in the browser settings. Blocking all cookies from the Website may cause operational difficulties or completely prevent the User from using certain functionalities.
2. Managing and deleting cookies varies depending on the browser used. Detailed information may found by using the browser’s Help function or by visiting https://www.allaboutcookies.org which explains step-by-step how to manage and delete cookies in most browsers.
3. Information on various browsers can be found on the following pages:
4. You can opt out of the Google Analytics mechanism on all sites by visiting: https://tools.google.com/dlpage/gaoptout.
Usage data
1. Even if no cookies are installed, the Website Controller may access the following data characterising the use of the Website (“other usage data”):
  1. the ID number assigned to the visitor’s device;
  2. markings identifying the termination of the telecommunications network;
  3. the ICT system (type of device, operating system, web browser) used by the User;
  4. information on the start, end, and scope of each use of the Website.
2. In order to ensure the highest possible quality of the Website, the Controller occasionally analyses log files to determine which pages are visited most often, which web browsers are used, whether the structure of the Website contains any errors, etc. Usage data are not combined with information such as name, email address or other data which makes it possible to easily identify the Website visitor.
Access to information stored on the device other than cookies
1. Based on the consent (expressed on the device) and for the sole purpose of providing the service electronically through the Application, the Controller accesses the following functionalities of the terminal device (e.g. mobile phone).
Personal data protection
1. Information obtained through the cookie mechanism and usage data may be considered personal data within the meaning of the GDPR in certain exceptional situations. If the information indicated above qualifies as personal data, the controller of the personal data is the Controller. Even where there is doubt as to whether a particular category of information is personal data, the Controller puts in place mechanisms to protect that information as personal data.
2. The processing of the above categories of data insofar as this is necessary for the correct display of the Website (the use of “essential” cookies) is based on the so-called legitimate interest of the Website Controller (Article 6(1)(f) GDPR). To this end, the following may occur:
  1. occasional analysis of log files in order to determine: which browsers are used by visitors to the site; which tabs, pages or sub-pages are most or least frequently visited or viewed; whether the structure of the site contains errors;
  2. preventing unauthorised access to the Website and the distribution of malicious code, interrupting denial-of-service attacks, and preventing damage to computer and electronic communications systems.
  In the above cases, the User has the right to object.
3. However, if the consent is given to the installation of “additional” cookies (e.g. analytical cookies provided by Google Analytics / marketing cookies), the information collected in this way will be used to research the preferences of visitors to the Website, with the results of this research being intended to be used to improve the quality of the Website. In this case, the basis for data processing is Article 399(1) and (2) of the Electronic Communications Law (Journal of Laws 2024, item 1221) read in conjunction with Article 6(1)(a) GDPR. As provided for in Article 400 of the Electronic Communications Law, obtaining the consent of the subscriber or end-user is governed by the data protection provisions. Cookies may be withdrawn and deleted from the device at any time. The withdrawal of the consent does not affect the lawfulness of the personal data processing carried out on the basis of the consent before its withdrawal.

Duration of personal data processing

The duration of the data processing by the Controller depends on the type of service provided and the purpose of the processing. As a general rule, data are processed for the duration of the service, until the consent given is withdrawn or an objection is made to the processing in cases where the legal basis for the processing is the Controller’s legitimate interest.
The data processing period may be extended, if the processing is necessary for the establishment, exercise or defence of possible legal claims, and thereafter only if and to the extent required by law. After the expiry of the processing period, the data are irreversibly deleted or anonymised.

User rights

The User has the right to access the content of the data and to request their rectification, erasure or restriction of processing, the right to data portability, and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory authority dealing with the protection of Personal Data.
To the extent that User data are processed on the basis of consent, this consent may be withdrawn at any time by contacting the Controller or using the functionalities provided on the Website.
The User has the right to object to the processing of data for marketing purposes, if the processing is carried out in connection with the Controller’s legitimate interest, and, for reasons related to the User’s particular situation, in other cases where the legal basis for the data processing is the Controller’s legitimate interest (e.g. in connection with the pursuit of analytical and statistical purposes).
For more information on your rights under GDPR, please click here.

Data recipients

In connection with the provision of services, Personal Data will be disclosed to third parties, including, without limitation, IT service providers, in particular hosting service providers, providers responsible for the operation of IT systems, analytical service providers, marketing agencies (to the extent of marketing services), and entities related to the Controller, including member companies of its group.
If the User’s consent is obtained, his/her data may also be made available to other entities for their own purposes, including marketing purposes.
The Controller reserves the right to disclose selected information concerning the User to the competent authorities or to third parties, if they make a request for such information on the basis of appropriate legal grounds and in accordance with the provisions of the applicable law.

Transfer of data outside the EEA

The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate degree of protection ensured, primarily by:
1. cooperation with processors of Personal Data in countries for which a relevant adequacy decision of the European Commission has been issued confirming that the country provides adequate level of protection of Personal Data;
2. the use of standard contractual clauses issued by the European Commission;
3. the application of binding corporate rules approved by the competent supervisory authority.

Personal data security

The Controller conducts risk analysis on an ongoing basis to ensure that Personal Data are processed by the Controller in a secure manner, primarily by ensuring that only authorised persons have access to the data and only to the extent necessary for their tasks. The Controller also ensures that all operations on Personal Data are recorded and carried out only by authorised employees and associates.
The Controller shall take any and all necessary measures to ensure that its subcontractors and other cooperating entities likewise guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Controller.

Contact details

You may contact the Controller via the e-mail address rodo@epp-poland.com or the following correspondence address: ul. Świętokrzyska 20, 25-406 Kielce.
The Controller has appointed the Personal Data Protection Coordinator whom you may contact via e-mail rodo@epp-poland.com on any matters concerning the processing of Personal Data.

Amendments to privacy policy

This Policy is reviewed on a regular basis and updated as necessary.