1.1. Administrator or GALIENA-INNOVATIONS - GALIENA-INNOVATIONS Sp. z o.o., 31-051 Krakow, Poland, 2 Berka Joselewicza street, office 1, entered in the register of entrepreneurs of the Regional Court Register kept by the District Court for the Krakow city in Krakow, under KRS number 0000616345, NIP 6772402517, having charter capital in the amount of PLN 5000.00
1.2. Personal data - all information about an individual identified or identifiable by one or more specific factors determining physical, physiological, genetic, psychological, economic, cultural or social identity, including - if they allow identification of the User - IP device, data about location, internet identifier and information collected through cookies and other similar technologies.
1.4. GDRP - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing of Directive 95/46 / EC (general regulation on data protection).
1.5. Website - a website maintained by the Administrator on webpages: galiena-innovations.com, galiena-innovations.org, galiena-innovations.eu, galiena-innovations.com, galiena-innovations.xyz and on mobile applications or web applications.
1.6. User - any individual visiting the Website or using one or several services or functionalities of the Website.
1.7. Trusted Partner - an entity with whom the Administrator cooperates, providing marketing content tailored to the User or intermediary while providing such content.
2. PROCESSING OF DATA IN CONNECTION WITH THE USE OF THE SERVICE
2.2. In connection with the User's use of the Website, the Administrator collects his data to the extent necessary to provide particular services offered, as well as information on the User's activity on the Website, including device IPs, location data, internet ID and information collected via cookies and other similar technologies. Cookies and similar technologies are not used to identify the User and their identity is not determined on the basis of mentioned technologies. Cookies and similar technologies in a situation where they do not directly identify an individual, may be considered as personal data only in combination with other unique identifiers or other information that would allow the person to be identified.
2.3. The use of the Website is possible without the User having to set up an account. In this case, the use of the Website does not require providing of personal data in the registration form. Processed data includes information about the use of the Website.
2.4. The User may create a feedback request on the Website by filling out the registration form (in which the data required to create an valid contact and requested data are appropriately marked, and the remaining data - if its application is provided in the form - is optional and is not required while creating of the feedback request), so that the manager of the company can contact the User. In this case, personal data provided in the registration form and information about the use of the Website are processed.
2.6. If there are additional functionalities available within the Website, such as the possibility of ordering a newsletter or using the contact form, appropriate information regarding the rules of processing of personal data and the scope of data being processed, will be available for collection of these functionalities.
3. COOKIE FILES AND SIMILAR TECHNOLOGIES
3.1. In connection with the use of the Website, cookies or similar technologies are used to provide the User with access to the Website, improve its operation, display of profile and content tailored to the User's needs.
3.2. Cookies are small text files saved in the User's telecommunications terminal device (computer, telephone, tablet, etc.) while using the Website, allowing for saving and reading information that the Administrator and other entities that provide him services (e.g. analytical and statistical) or Trusted Partners use for different purposes that can be categorized as described below.
3.3. Cookies similar to cookies include local storage, session storatege, and service workers, which operate in the following way: technology uses a separate part of browser memory used to store data saved by the website.
3.4. For simplicity, cookies and similar technologies will be referred to collectively as "cookies".
3.5. We use two types of cookies or similar technologies due to their operational life:
3.5.1. session - files stored on the User's device until logging out by the User or leaving the Website;
3.5.2. permanent - files stored on the User's device until they are deleted by the User or until the cookie file expires within the time specified in the cookie specification.
3.6.1. Cookie required, necessary to use the Website:
a) cookies with data entered by the User (session id) for the duration of the session (user input cookies); b) authentication cookies used for services requiring authentication for the duration of the session (authentication cookies); c) cookies used to ensure security, e.g. used to detect user-centric security cookies; d) session cookies of multimedia players (e.g. flash player cookies) for the duration of the session (multimedia player session cookies);
3.6.2. Functional cookie, facilitating the use of the Website:
a) persistent cookies used to personalize the User interface for the duration of the session or a little longer (user interface customization cookies); b) cookies used to monitor traffic on the Website, i.e. data analytics - these are files used to analyze the use of the Website by the User, to create statistics and reports on the functioning of the Website.
3.8. The User may change the settings of cookies or similar technologies at any time by changing privacy settings in the browser or application or changing the settings of his account on the Website, provided that this change may cause to lack of access to certain Website functions.
3.9. You can change the privacy settings by selecting the appropriate option in the browser or application settings. In the case of use of the most popular web browsers, the User can independently manage the privacy settings, including cookies, in particular by accepting cookies, changing cookie settings, and blocking or deleting cookies. The manner and scope of changes in privacy settings depends on the type or version of the browser or application used by the User. Detailed information on changes in privacy settings is available on the websites of these suppliers.
4. OBJECTIVES AND LEGAL BASIS FOR PROCESSING DATA ON THE SERVICE
The Administrator processes User's' personal data in order to:
4.1. providing access to the website - pursuant to art. 6 par. 1 lit. b of GDRP;
4.2. performing liabilities resulting from legal regulations - pursuant to art. 6 par. 1 lit. c of GDRP;
4.3. performing the following legitimate interests of the Administrator or a third party - pursuant to art. 6 par. 1 lit. f of GDRP:
4.3.1. self-marketing including profiling, in particular presenting behavioral advertising, displaying marketing content on the Website to the User or sending notifications about interesting offers or content to designated Users by electronic means of communication, in particular by e-mail, provided that the User has given appropriate consent, and other types of marketing-related activities, e.g. satisfaction surveys
4.3.2. detection and elimination of fraud;
4.3.3. achieving of internal goals related to the provision of services and business operations, including evidence, analytical and statistical purposes. 4.4. The User's personal data will be processed with his consent for marketing purposes of Trusted Partners, in particular related to the presentation of behavioral advertising - pursuant to art. 6 par. 1 lit. i of GDRP.
4.5. The implementation of the above objectives means that the Administrator uses profiling in some cases. This means that due to the automatic processing of data, the Administrator evaluates selected factors concerning individuals in order to analyze their behavior or create a forecast. As a result of this analysis, it is not important to make meaningful decisions about the User in an automated manner.
5. PERIOD OF PROCESSING OF PERSONAL DATA
5.1. Personal data will be processed until the User did requests to delete it out of Administrator’s systems, and then for the period: a) provided for the performance of obligations under the law on defense, state security and public safety and order, as well as tax and accounting regulations, b) for the period of limitation of claims and until the completion of civil, enforcement, administrative and criminal proceedings that require processing of the data, and in the case of consent until the goal of consent or its revocation is reached, whichever comes first.
5.2. The User may independently delete cookies from his device. In order to clean the end device of the User (computer, phone, tablet, etc.) from cookies, the browser cache memory and cookies should be deleted. The process of clearing the cache memory and cookies should be done in the browser settings. Settings may vary depending on the browser and its version.
6. USER AUTHORITY
6.1. In connection with the processing of personal data, the User has the following rights:
6.1.1. to correct the data - if during the collection of data an error has appeared or if the data is subject to a change, the User has a right to enter correct and current data, and the Administrator will correct or update them;
6.1.2. to have access to data - the User may exercise this right if he wants to know what data we process;
6.1.3. to delete data, also known as the "right to be forgotten" - if the User finds that the data is no longer necessary for the purposes for which they were collected, he has the right to address the Administrator with a request of their deletion;
6.1.4. to limit the processing of data - if the User has doubts as to whether the Administrator processes the data correctly, he has the right to submit an application for limiting the processing of the data;
6.1.5. to transfer data - the User may receive and transfer from the Administrator to another entity data provided by the Administrator;
6.1.6. to object to the processing of data based on a legitimate interest of the Administrator or a third party, including profiling, for reasons related to a particular situation and to object to the processing of data for direct marketing purposes;
6.1.7. to revoke the consent at any time - the User has a right to revoke the consent given regarding the data processing at any time and without giving a reason; the revocation of consent is not retroactive, i.e. the processing, which took place before the consent is was revoked, remained fully valid and legal; the User can revoke a consent by changing the settings in browser or other application.
6.2. In order to consider the application for the implementation of the above said rights, the Administrator is entitled to verify the identity of the User, which allows preventing the disclosure of information about the User to unauthorized persons. In the case of Users who have not created an account on the Website, the Administrator is not able to verify the User's identity, because the data being processed relates only to information about the use of the Website, without information about the User's identity.
6.3. The User may submit a complaint regarding the processing of personal data to the supervisory body dealing with the protection of personal data. In the Republic of Poland, the supervisory body is the President of the Office for Personal Data Protection.
7. DATA RECEIVERS AND TRUSTED PARTNERS
7.1. Users' personal data may be transferred to the following categories of recipients: entities providing the Administrator with the services necessary to carry out the tasks of processing, including IT suppliers, entities providing technical, organizational and advisory support, other subcontractors in the field of customer service, billing and processing of payments, marketing, integrators and to entities authorized by law.
8. TRANSFER OF DATA OUTSIDE THE EEA. The personal data of the User may be transferred to foreign countries or international organizations outside of the European Economic Area, where these countries / organizations have been found by the European Commission's decisions to ensure an adequate level of protection of personal data to the level of protection applicable in the European Economic Area; subject to appropriate safeguards, which may consist in using Binding Corporate Rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the President of the Office for Personal Data Protection or contractual clauses admitted by the President of the Office for Personal Data Protection, and copies thereof can be obtained on an application submitted in the manner indicated in paragraph 10 below.
9. SECURITY OF PERSONAL DATA
9.1. The Administrator conducts risk analysis on an on-going basis to ensure that personal data is processed in a secure manner - ensuring, first of all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks performed by them. The Administrator ensures that operations on personal data are recorded and made only by authorized employees and associates.
9.2. The Administrator undertakes all necessary measures, so that its subcontractors and other cooperating entities would guarantee that appropriate security measures at the request of the Administrator will be applied whenever they process personal data.
10. CONTACT DETAILS
10.1. Requests, statements and all correspondence regarding personal data should be sent by phone to the Customer Service Center (tel. +48 609 039 835), in writing to the following address: GALIENA-INNOVATIONS Sp. z o.o., 31-051 Krakow, Poland, 2 Berka Joselewicza Street, office 1, by e-mail to the following address: [email protected].