The website owner ensures that its overriding goal is to provide people using the website with privacy protection at a level at least corresponding to the requirements of applicable law, in particular the provisions of the GDPR and the Act of July 18, 2002 on the provision of electronic services.
The website owner may collect personal and other data. Collection of these data takes place, depending on their nature - automatically or as a result of the actions of visitors to the website.
- General information, cookies
- The owner and operator of the website is Water Point Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw, address: ul. Fort Służew 1b / 10 Fort 8, 02-787 Warszawa, entered into the register of entrepreneurs of the National Court Register kept by the District Court in Warsaw, Commercial Department of the National Court Register, under KRS number: 0000604168, NIP number: 5213723972, REGON number: 363798130. In accordance with GDPR regulations, the website owner is also the Personal Data Administrator of the website users ("Administrator").
- The website gathers information about website users and their behavior in the following way:
- the website automatically collects information that is contained in cookies.
- through data entered voluntarily by website users, in the forms available on the website pages.
- by automatic collection of web server logs by the hosting operator.
- Cookie files (so-called "cookies") are IT data, in particular text files, which are stored on the website user's end device and are intended for using the website's pages. Cookies usually contain the name of the website from which they originate, their storage time on the end device and a unique number.
- During a visit to the website, data of website users may be collected automatically, relating to a given user's visit to the website, including, among others, IP address, type of web browser, domain name, number of page views, type of operating system, visits, screen resolution, number of screen colors, addresses of websites from which the website was accessed, time of using the website. These data are not personal data, nor do they allow the identification of the person using the website.
- The entity that places cookies on the website user's end device and obtains access to them is the website owner.
- Cookies are used to:
- adjusting the content of the website pages to the website user's preferences and optimizing the use of websites; in particular, these files allow to recognize the website user's device and properly display the website, tailored to his individual needs,
- creating statistics that help understand how website users use websites, which allows improving their structure and content,
- maintaining the website user's session (after logging in), thanks to which he does not have to re-enter his login and password on every subpage of the website.
- The website uses the following types of cookies:
- "Necessary" cookies, enabling the use of services available on the website, e.g. authentication cookies,
- cookies used to ensure security, e.g. used to detect abuse,
- "Performance" cookies, used to obtain information on the use of the website pages by website users,
- "Advertising" cookies, enabling the website users to provide advertising content more tailored to their interests,
- "Functional" cookies, enabling "remembering" the settings selected by the website user and adapting the website to the website user, eg in terms of the selected language.
- The website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files stored on the end device until they leave the website, log out by the website user or turn off the software (web browser). Persistent cookies are stored on the website user's end device for the time specified in the cookie file parameters or until they are deleted by the website user.
- In the majority of cases, the software used for browsing websites by default allows cookies to be stored on the website user's end device. Website users have the option of changing cookie settings at any time they choose. These settings can be changed in the options of the web browser (software), inter alia, in a way that prevents the automatic handling of cookies or forces the website user to be informed whenever cookies are placed on their device. Detailed information on the possibilities and ways of handling cookies is available in the web browser settings.
- Cookies placed on the website user's end device may also be used by advertisers and partners cooperating with the website owner.
- Processing of personal data, information about forms
- Personal data of website users may be processed by the Administrator:
- if the website user agrees to it in the forms posted on the website, in order to take actions to which these forms relate (Article 6 (1) (a) of the GDPR) or
- when processing is necessary for the performance of a contract to which the website user is a party (Article 6 (l) (b) of the GDPR), if the website enables the conclusion of a contract between the Administrator and the website user.
- As part of the website, personal data is processed only voluntarily by website users. The administrator processes personal data of website users only to the extent necessary for the purposes set out in point 1 lit. a and b above and for the period necessary to achieve these purposes, or until the website user withdraws their consent. Failure to provide data by the website user may, in some situations, result in the inability to achieve the purposes for which the provision of data is necessary.
- The following personal data of the website user may be collected as part of the forms posted on the website or in order to perform contracts that can be concluded as part of the website: name, surname, address, e-mail address, telephone number, login, password.
- The data contained in the forms, provided to the Administrator by the website user, may be transferred by the Administrator to third parties cooperating with the Administrator in connection with the implementation of the goals set out in point 1 lit. a and b above.
- The data provided in the forms on the website are processed for purposes resulting from the function of a specific form, in addition, they may be used by the Administrator also for archival and statistical purposes. The consent of the data subject is expressed by checking the appropriate window in the form.
- The website user, if the website has such functionalities, by checking the appropriate window in the registration form, may refuse or consent to receive commercial information by means of electronic communication, in accordance with the Act of 18 July 2002 on the provision of electronic services ( Journal of Laws of 2002, No. 144, item 1024, as amended). If the website user has consented to receive commercial information by means of electronic communication, he has the right to withdraw such consent at any time. The exercise of the right to withdraw consent to receive commercial information is carried out by sending an appropriate request by e-mail to the address of the website owner, including the name and surname of the website user.
- The data provided in the forms may be transferred to entities that technically provide certain services - in particular, this applies to the transfer of information about the owner of a registered domain to entities that are Internet domain operators (in particular the Scientific and Academic Computer Network jbr - NASK), payment services or other entities, with which the Administrator cooperates in this respect.
- Personal data of website users are stored in a database in which technical and organizational measures have been applied to ensure the protection of the processed data in accordance with the requirements set out in the relevant regulations.
- In order to prevent the re-registration of persons whose participation in the website has been terminated due to the unauthorized use of the website's services, the Administrator may refuse to delete personal data necessary to block the possibility of re-registration. The legal basis for the refusal is Art. 19 paragraph 2 point 3 in connection with Art. 21 sec. 1 of the Act of July 18, 2002 on the provision of electronic services (ie of October 15, 2013, Journal of Laws of 2013, item 1422). The Administrator's refusal to delete personal data of website users may also occur in other cases provided for by law.
- In cases provided for by law, the Administrator may disclose some of the personal data of website users to third parties for purposes related to the protection of third party rights.
- Service users' rights regarding their personal data Pursuant to Art. 15 - 22 GDPR, each website user has the following rights:
- The right to access data (Article 15 of the GDPR)The data subject is entitled to obtain from the Administrator confirmation as to whether personal data concerning him or her are being processed, and if so, access to them. According to Art. The administrator will provide the data subject with a copy of the personal data undergoing processing.
- The right to rectify data (Article 16 of the GDPR)The data subject has the right to request the Administrator to immediately correct incorrect personal data concerning him.
- The right to delete data ("right to be forgotten") (Article 17 of the GDPR)The data subject has the right to request the Administrator to immediately delete his personal data, and the Administrator is obliged to delete personal data without undue delay if one of the following circumstances occurs:
- personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- the data subject has withdrawn the consent on which the processing is based
- the data subject objects to the processing pursuant to Art. 21 sec. 1 against processing and there are no overriding legitimate grounds for processing
- Right to restriction of processing (Article 18 of the GDPR)The data subject has the right to request the Administrator to limit processing in the following cases:
- When data is incorrect - on time to correct it
- The data subject has objected to the processing pursuant to Art. 21 sec. 1 against processing - until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for objection of the data subject.
- The processing is unlawful and the data subject opposes the deletion of personal data and requests the restriction of their use instead.
- 5. The right to data portability (art. 20 GDPR)The data subject has the right to receive, in a structured, commonly used, machine-readable format, personal data concerning him, which he provided to the Administrator, and has the right to send this personal data to another administrator without any obstacles from the Administrator to whom this personal data was provided. The data subject has the right to request that the personal data be sent by the Administrator directly to another administrator, if technically possible. The law referred to in this section may not adversely affect the rights and freedoms of others.
- 6. Right to object (Art. 21 GDPR)If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing. .
The implementation of the above rights of website users may take place against payment in cases where applicable law provides for it.
In the event of a breach of the above rights or the website user finding that his personal data is being processed by the Administrator contrary to applicable law, the website user has the right to lodge a complaint with the supervisory body.
- Server logs
- In accordance with the accepted practice of most websites, the website operator stores http queries directed to the website operator's server (information about some behaviors of website users are subject to logging in the server layer). The browsed resources are identified by URL addresses. The exact list of information stored in the web server log files is as follows:
- public IP address of the computer from which the inquiry came,
- name of the client's station - identification performed by the http protocol, if possible,
- website user name provided in the authorization (login) process,
- time of receipt of the inquiry,
- http response code,
- the number of bytes sent by the server,
- URL address of the page previously visited by the website user (referrer link) - if the website was accessed via a link,
- information about the website user's web browser,
- information about errors that occurred during the execution of the http transaction.
The above data is not associated with specific people browsing the pages available on the website. In order to ensure the highest quality of the website, the website operator occasionally analyzes log files to determine which pages within the website are most frequently visited, which web browsers are used, whether the website structure is error-free, etc.
- The logs collected by the operator are stored for an indefinite period as auxiliary material used for the proper administration of the website. The information contained therein will not be disclosed to any entities other than the operator or entities related to the operator personally, by capital or contractually. Based on the information contained in these files, statistics may be generated to help in administering the website. Summaries containing such statistics do not contain features that identify website visitors.