Privacy policy

FOR

EPP SP. Z O.O.

TABLE OF CONTENTS

Definitions
Data Processing in Connection with the Use of the Website
Purposes of and Legal Basis for Data Processing on the Website
Cookies and Similar Technology
Analytical and Marketing Tools Used by the Controller’s Partners
Managing Cookie Settings
Duration of Personal Data Processing
User Rights
Data Recipients
Transfer of Data outside the EEA
Personal Data Security
Contact Details
Amendments to Privacy Policy

PRIVACY POLICY

Definitions
1. Controller – EPP Office – Oxygen Sp. z o.o. with its registered office in Warsaw, ul. Konstruktorska 12a, entered in the Register of Business Entities, part of the National Court Register, kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Business and the National Court Register Division, under No. KRS 0000405092, identified by NIP (tax ID No.) 5252524372 (hereinafter: the “Controller”).
2. Personal Data – information about a natural person who is identified or identifiable by one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity, including the device IP, location data, internet identifier, and information collected through cookies and other similar technologies.
3. Policy – this Privacy Policy.
4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
5. Website – the website operated by the Controller at: https://oxygenoffice.com.pl
6. User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.
Data processing in connection with the use of the website
1. In connection with the User’s use of the Website, the Controller collects data to the extent necessary to provide the individual services offered and information about the User’s activity on the Website. The following describes the specific principles and purposes of the processing of the Personal Data collected during the User’s use of the Website.
Purposes of and legal basis for data processing on the website

Use of the website
1. Personal data of all persons using the Website (including IP addresses or other identifiers and information collected through cookies or other similar technologies) are processed by the Controller:
  1. in order to provide electronic services in terms of providing Users with access to content collected on the Website, in which case the legal basis for the processing is the necessity of the processing for the performance of a contract (Article 6(1)(b) GDPR);
  2. for analytical and statistical purposes, in which case the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in conducting analyses of Users’ activity and their preferences in order to improve the functionalities used and services provided;
  3. for the purposes of possible establishment, exercise or defence of legal claims, in which case the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in the protection of its rights.
2. The Users’ activity on the Website, including their Personal Data, is recorded in system logs (a special computer programme used to keep a chronological record containing information on events and activities that relate to the IT system used to provide services by the Controller). The information collected in the logs is processed primarily for the purposes of providing services. The Controller also processes them for technical and administrative purposes, for the purposes of ensuring security and managing the IT system, as well as for analytical and statistical purposes, in which case the legal basis for processing is the Controller’s legitimate interest (Article 6(1)(f) GDPR).
Cookies and similar technology
1. Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information to facilitate the use of the website, e.g. by remembering the Users’ visits to the Website and their actions.
2. Service cookies
  The Controller uses the so-called service cookies primarily to provide the User with electronic services and to improve the quality of these services. Accordingly, the Controller and other entities providing analytical and statistical services to the Controller use cookies when storing information or accessing information already stored in the User’s telecommunications end device (computer, phone, tablet, etc.). Cookies used for this purpose include:
  1. user input cookies (session ID), for the duration of the session;
  2. authentication cookies used for services that require authentication for the duration of the session;
  3. user-centric security cookies, i.e., security ensuring cookies, e.g. those used for detecting misuse of authentication;
  4. multimedia player session cookies (e.g. flash player cookies), for the duration of the session;
  5. user interface customisation cookies, i.e., persistent cookies to personalise the User’s interface for the duration of the session or slightly longer.
Analytical and marketing tools used by the controller’s partners
1. The Controller and its Partners apply various solutions and tools used for analytical purposes. Below is some basic information on these tools. Please refer to the privacy policy of the respective Partner for further details.
2. Social plug-ins
  The Website uses social network plug-ins (LinkedIn). These plug-ins allow the Users to share content published on the Website with the social network of their choice. As a result of the use of plug-ins on the Website, the respective social network receives information about the User’s use of the Website and may attribute this information to the User’s profile created on the respective social network. The Controller has no knowledge of the purpose or scope of data collection by social networks. Detailed information can be found at the links below:
  1. LinkedIn
    https://www.linkedin.com/legal/privacy-policy?_l=pl_PL
Managing cookie settings
1. The use of cookies to collect data via them, including accessing the data stored on the User’s device, requires the User’s consent. This consent may be withdrawn at any time.
2. Consent is not required only for cookies the use of which is necessary for the provision of a telecommunications service (data transmission to display content).
3. You can withdraw your consent to the use of cookies via your browser settings. Detailed information can be found at the links below:
  1. Internet Explorer:
    https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
  2. Mozilla Firefox:
    https://support.mozilla.org/pl/kb/ciasteczka
  3. Google Chrome:
    https://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
  4. Opera:
    https://help.opera.com/Windows/12.10/pl/cookies.html
  5. Safari:
    https://support.apple.com/kb/PH5042?locale=en-GB
Duration of personal data processing
1. The duration of the data processing by the Controller depends on the type of service provided and the purpose of the processing. As a general rule, data are processed for the duration of the service, until the consent given is withdrawn or an effective objection is made to the processing in cases where the legal basis for the processing is the Controller’s legitimate interest.
2. The data processing period may be extended, if the processing is necessary for the establishment, exercise or defence of possible legal claims, and thereafter only if and to the extent required by law. After the expiry of the processing period, the data are irreversibly deleted or anonymised.
User rights
1. The User has the right to access the content of the data and to request their rectification, erasure or restriction of processing, the right to data portability, and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory authority dealing with the protection of Personal Data.
2. To the extent that User data are processed on the basis of consent, this consent may be withdrawn at any time by contacting the Controller or using the functionalities provided on the Website.
3. The User has the right to object to the processing of data for marketing purposes, if the processing is carried out in connection with the Controller’s legitimate interest, and, for reasons related to the User’s particular situation, in other cases where the legal basis for the data processing is the Controller’s legitimate interest (e.g. in connection with the pursuit of analytical and statistical purposes).
4. For more information on your rights under GDPR, please click here.
Data recipients
1. In connection with the provision of services, Personal Data will be disclosed to third parties, including, without limitation, IT service providers, in particular hosting service providers, providers responsible for the operation of IT systems, analytical service providers, marketing agencies (to the extent of marketing services), and entities related to the Controller, including member companies of its group.
2. If the User’s consent is obtained, his or her data may also be made available to other entities for their own purposes, including marketing purposes.
3. The Controller reserves the right to disclose selected information concerning the User to the competent authorities or to third parties, if they make a request for such information on the basis of appropriate legal grounds and in accordance with the provisions of the applicable law.
Transfer of data outside the EEA
1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate degree of protection ensured, primarily by:
  1. cooperation with processors of Personal Data in countries for which a relevant adequacy decision of the European Commission has been issued confirming that the country provides adequate level of protection of Personal Data;
  2. the use of standard contractual clauses issued by the European Commission;
  3. the application of binding corporate rules approved by the competent supervisory authority;
  4. in the case of data transfers to the USA, cooperation with entities participating in the Privacy Shield framework approved by a decision of the European Commission.
Personal data security
1. The Controller conducts risk analysis on an ongoing basis to ensure that Personal Data are processed by the Controller in a secure manner, primarily by ensuring that only authorised persons have access to the data and only to the extent necessary for their tasks. The Controller also ensures that all operations on Personal Data are recorded and carried out only by authorised employees and associates.
2. The Controller shall take any and all necessary measures to ensure that its subcontractors and other cooperating entities likewise guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Controller.
Contact details
1. You may contact the Controller via the e-mail address rodo@epp-poland.com
2. The Controller has appointed the Personal Data Protection Coordinator whom you may contact via e-mail rodo@epp-poland.com on any matters concerning the processing of Personal Data.
Amendments to privacy policy
1. This Policy is reviewed on a regular basis and updated as necessary.