I. Data Protection Officer
We hereby kindly inform you that the appointed Data Protection Officer is Malformation Franke, conducting business activity on the basis of the entry in the Central Register and Information on Economic Activity, as a company named „MotoFocus Małgorzata Franke”, business address ul. Za Dębami 3, 05-075 Warszawa, with Tax ID no.: 5251049153, contact with Data Protection Officer — e-mail address: firstname.lastname@example.org, hereinafter called „DPO”.
DPO provides access to the website, available at www.en.motofocus.eu (hereinafter called: „Website”) and the DPO manages this website.
II. Purposes and legal bases of the processing of personal data of Website users
|Purpose of data processing||The data we collect||Legal basis|
|Your use of our Website||
||The legal basis for data processing is art. 6 section 1 letter b of GDPR, which permits personal data processing, if the processing is necessary for the performance of a contract or undertaking activities aiming at contract conclusion.|
|Receiving Push notifications||
||The legal basis for data processing is art. 6 section 1 letter a of GDPR, which permits to process personal data on the basis of voluntarily granted consent (when visiting the website for the first time you are asked for consent to receive push notifications).|
|Receiving commercial information||
||The legal basis for data processing is art. 6 section 1 letter a of GDPR, which permits to process personal data on the basis of voluntarily granted consent (when visiting the website for the first time you are asked for consent to receive newsletter).|
||The legal basis for data processing is art. 6 section 1 letter a of GDPR, which permits to process personal data on the basis of voluntarily granted consent (you grant your consent when you leave a comment).|
|Contact with you||
||The legal basis for data processing is art. 6 section 1 letter f of GDPR, which permits to implement our legitimate interest, which is, in this case, the provision of efficient and effective communication between Personal Data DPO and Users.|
||The legal basis for data processing is art. 6 section 1 letter f of GDPR, which permits for personal data processing, if the processing is necessary for the performance of a contract or undertaking activities aiming at contract conclusion and secondly art. 6 section 1 letter C of GDPR, which permits for personal data processing of the processing is necessary for the DPO
to fulfil the obligations under legal regulations.
|Receiving personalized advertisements||
||The legal basis for data processing is art. 6 section 1 letter f of GDPR, which permits for personal data processing, if this way the DPO fulfils the legitimate interest (in this case, the legitimate interest of the DPO is the marketing purpose).|
||The legal basis for data processing is art. 6 section 1 letter f of GDPR, which permits for personal data processing, if this way the DPO fulfils the legitimate interest (in this case, the legitimate interest of the DPO is to learn about the activity of website users).|
|Fulfilment of duties in the scope of personal data protection||
||The legal basis for data processing is art. 6 section 1 letter f of GDPR, which permits for personal data processing, if the processing is necessary for the performance of duties of the DPO under the legal regulations and secondly art. 6 section 1 letter f of GDPR, which permits for personal data processing of the processing is necessary for the DPO to perform legitimate interest and the interest is to acquire knowledge on people who execute their rights under GDPR.|
|Determination, investigation or defence against claims||
||The legal basis for data processing is art. 6 section 1 letter f of GDPR, which permits for personal data processing, if this way the DPO fulfils the legitimate interest (in this case, the legitimate interest of the DPO is to determine, investigate or defend against the claims of Users and the third parties).|
|Archiving and evidence-related purpose||
||The legal basis for data processing is art. 6 section 1 letter f of GDPR, which permits for personal data processing, if this way the DPO fulfils the legitimate interest (in this case, the legitimate interest of the DPO is to hold personal data allowing to prove the fact connected with the website use).|
III. Cookies files
- Cookies and localStorage fulfil numerous functions for the Website, mostly helpful, which we attempt to describe below (if the information is insufficient, please contact us):
- providing security — for User’s personal data protection against the unauthorized access. For this purpose we use the following cookies:
- bp_user-role – for limiting access of a user to certain webpages, such as back office, account page, etc.
- bp_user-registered – used for the determination which users may acquire access to private websites. It is the functional cookie file.
- bp_ut_session – for limiting access of a user to certain webpages, such as back office, account page, etc.
- impact on the processes and efficiency of Website — cookie files and other technologies used for efficient functioning of the Website and using the available functions, which is possible, among other, owing to saving your settings between the subsequent visits to the Website. They allow for efficient use of the Website and the selected subpages. For this purpose we use the following cookies:
- Gdyn – Gemius sets this cookie file to disable frequent display of the survey used for research purposes to the Internet users.
- session status — cookie files and other technologies collect information on users visiting Website, for instance, which subpages they display most frequently. They also allow for the identification of errors displayed on certain subpages. Cookie files are used for recording the so-called “session status”, which helps to improve and increase comfort of using the Website. For this purpose we use the following cookies:
- PHPSESSID – for storing and identification of the user’s unique session ID for the purposes of user’s session management on the website. This session-related file is removed after closing all the windows of a browser.
- creating statistics — cookies and other technologies used for the analysis of the way how Users use the Website (how many users view the page, how long they stay on the Website, which content arises most interest, etc.). It allows for continual improvement and adjustment of the website for the preferences of users. In order to track the activity and create statistics we benefit from Google tools such as Google Analytics, which is described in detail in point V. For the purpose of creating statistic we use the following cookie files:
- _ga – installed by Google Analytics, calculates data concerning visits, sessions and campaigns, and also tracks the webpage use for the purposes of website analytical report. Cookie file stores information anonymously and assigns randomly generated number for the purposes of identifying unique visitors.
- _gid – installed by Google Analytics, _grid cookie file stores information on how the website viewer uses the website, at the same time creates the analytical report concerning the
performance of the website. Certain data, collected in this file, is the number of viewers, their source and websites visited by them anonymously.
- _gat_gtag_UA_5062136_27 – installed by Google for the purposes of users differentiation.
- connected with advertisement – we use the following cookie files for this purpose:
- Gtest – Gtest cookie file is the part of Gemius platform for market research, for creating statistics concerning the use of the website.
- display of videos from YouTube and Vimeo — for the purposes of setting videos from YouTube and Vimeo on the Website we use cookie files sent by these internet services. Cookie files are uploaded at the moment of video playback. If you do not want to receive these cookies, do not initiate the playback of video on the Website.
- Cookies classified as “other”:
- GAD – file from AdOcean for managing advertising campaigns.
- providing security — for User’s personal data protection against the unauthorized access. For this purpose we use the following cookies:
- As we respect the autonomy of the Website users, we feel obliged to inform you in advance that disabling or limiting cookie files, removal of data connected with localStorage, can cause substantially serious problems with the use of the Website, for example, in the form of longer period of Website upload, limitation of website functionality, etc.
IV. Web Push Technology
- The Website DPO, in order to inform you about essential information and events, uses WebPush technology.
- Web Push is the technology allowing for one-way communication with you in real time, using your own internet browser. The browser will send you short text notifications displayed on the screen of the device that you use.
- When visiting the Website for the first time we ask for the consent to use Web Push technology (push notifications). On your approval to receive notifications, your browser assigns the unique ID for you, so the notifications can be sent to you.
- Blocking push notifications is possible only via the change of settings in your browser.
V. Website users activity analysis
- DPO, for analytical purposes as well as for the purposes of improving the quality of the provided services, uses the IT tools delivered by external providers, and- as a consequence- the following tools are used:
- Google Analytics — in order to collect data on users visiting the Website;
- AdOcean — for the purpose of analysing the recipients of advertisements on the Website;
- Facebook Pixel — for sending personalized advertisements via Facebook taking into account users’ behaviour on the Website;
- HotJar — in order to collect analytical data on users visiting the Website;
- The use of the afore-mentioned tools takes place upon your consent, expressed when visiting the Website for the first time.
- Data collected as a result of using the aforementioned tools is used, among other, to monitor the activity of Website users, to determine the target groups of advertisement recipients or to analyse the effectiveness of the advertisement. These tools equip allow users, for instance, to view personalized advertisements.
- Information collected in connection with Facebook Pixel plug is anonymous. However, we inform that Facebook can connect the information collected on the Website with other information about you, collected in connection with your use of Facebook and use the collected information for marketing purposes (for more information see: https://www.facebook.com/privacy/explanation). DPO has no influence on such possible actions by Facebook.
- If you are convinced that we should not process your personal data using the listed tools, you may withdraw your consent, at any time, or block data collection for such purposes.
- In order to disable Google Analytics, it is necessary to download and install special browser Add-on, available at: https://tools.google.com/dlpage/gaoptout?hl=pl&fbclid=IwAR3H667DTSlA7u3Q7M4oVGr2aXiecyE6lE9bCdTJEKJv1-sByqjuU5c6aU .
- At any time you can restore the functions of the specific tools via granting your consents again.
VI. The right to opt-out
- If personal data processing is based on the consent, your can opt-out at any time- upon your discretion.
- If you want to opt-out from personal data processing, you can sent e-mail to the DPO to the following address: email@example.com .
- If your personal data processing took place on the basis of your consent, opting-put does not cause the personal data processing illegal to this date. In other words, to the time of opting-out we are entitled to process your personal data and opting-out does not have impact on the conformity with the rules of current data processing,
VII. Obligation to provide personal data
- The provision of personal data is voluntary and depends on your decision. However, the provision of certain personal data is necessary to meet your expectations in the scope of using the Website.
- If you leave comment- provision of your personal data is necessary to implement your demands connected with services rendered by us.
- If you contact us in any matter connected with the Website or services rendered by us, the provision of your contact details may be necessary to answer your questions.
- If the requirement to provide personal data results from legal regulations, then the provision of data is your obligation.
VIII. Automated decisions and profiling
Your personal data is not used by us for the purposes of automated decision making, with impact on your legal status or cause similar essential effects in relation to you.
IX. Recipients of the personal data
- As most of the entrepreneurs, we benefit from the assistance of other entities, and it mostly entails the necessity to transfer personal data. As a result, when required, we can transfer your personal data to our subcontractors, hosting company, mailing services provider, lawyers, owners of social medial, IT services and software providers and other entities, whose goods or services are necessary for us to render services via the Website.
- Apart from that we may, for instance, on the basis of the proper legal regulation or the decision of the proper body, transfer your personal data also to other entities, public or private. As a result, it is extremely difficult to foresee who can apply for access to personal data. However, we can assure that each demand for access to personal data is thoroughly and comprehensively analysed by us, in order to avoid transfer of personal data to the unauthorized person.
X. Transfer of personal data to the third parties
- As most businesses, we use various popular services and technologies, offered by the entities such as Microsoft or Goggle. These companies have their headquarters outside the European Union, as a result, in view of GPDR, they are regarded as the third parties.
- GPDR introduces certain limitations in personal data transfer to the third parties, because- as a rule- the European regulations are not applied and personal data protection of the EU citizens may turn out to be insufficient. As a consequence, each DPO is obliged to determine the legal basis for such data transfer.
- On our part we assure that when using services and technology we transfer personal data exclusively to the entities in the United States and exclusively to those which joined the Privacy Shield program, on the basis of the executive decision of the European Commission dated 12th July 2016- read more at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfersoutside-eu/eu-us-privacy-shield_pl (the website of the European Commission). The entities which joined the Privacy Shield program guarantee that they observe the high standards of personal data protection, such as the standards valid and binding for the European Union and, as a result, their services and technology in the process of personal data protection is in accordance with the regulations in force.
- At any time we shall provide additional explanations with reference to the personal data transfer, when this matter arises your anxiety
XI. Period of data processing
- In accordance with regulations in force we do not process your personal details “endlessly”, but for the time necessary in order to achieve the set target. After this period, your personal data shall be irreversibly removed or deleted.
- As far as the specific periods of personal data protection are concerned, we kindly inform you that the personal data are processed for the period of:
- using the Service — with relation to personal data processed with reference to use the functionality of the Website;
- 3 year or 6 years + 1 year— with reference to personal data processed for the purposes of determining, recovery or defending claims; the selection of 3 or 6 years depends on whether both parties are business enterprises or not;
- limitation period — with reference to data processed for this purpose;
- comment publication — with reference to data processed in connection with leaving comments on the Website;
- to the time of lodging appeal or execution of the processing target -with reference to the personal data processing on the basis of legal legitimate interest of PDO;
- to the time of update or loss of functionality, however no longer than 2 years- with reference to personal data processed for Website processing aim
- 3. Periods in years we count to the end of the year, in which we process personal data, in order to facilitate the process of removing or deleting personal data. Individual counting of period for each service would entail the essential organization and technical difficulties, as well as the substantial financial input. As a result the determination of the date of removal or deletion of personal data allows to manage the process more efficiently.
- Of course, in case of your, e.g. benefiting from the right to forget, issue of the specific administrative decision or the requirement stemming directly from the regulation relating to the removal of personal data, can take place in the period earlier than the period specified in section 2. Every matter is considered individually by the DPO.
- The additional year connected with the processing of personal data collected for the purposes of performing the contract is based on the grounds that you can, hypothetically, lodge a compliant a moment before the expiry of the limitation period, and the claim may be delivered with substantial delay or you can specify the limiting period incorrectly for your claim.
XII. Data subjects’ right
- We hereby kindly inform you that you have the right to:
- access your personal data;
- correct your personal data;
- remove your personal data;
- limit the processing of your personal data;
- object against personal data processing;
- transfer your personal data.
- We respect your rights relating to personal data protection and we make efforts to facilitate their realization to the highest possible extent.
- We hereby specify that the listed entitlements are not absolute by nature, as a result, in certain situations we can lawfully refuse the fulfilment of your claim. Nevertheless, when we refuse the acceptance of your claim, we do it after thorough analysis and merely in the situation when the refusal is absolutely necessary.
- As far as the right to lodge appeal is concerned, each time you are entitled to appeal in connection with personal data processing on the basis of the legitimate interest of DPO in connection with your particular situation. It must be born in mind, however, that in accordance with regulations in force, we can consider the complaint if we indicate that:
- The existence of legitimate interest for data processing, superior to your own interests, freedom regulations or there are the foundations for determining, investing or defending claims.
- Ceasing to use the Website, removal of consent, lodging complaint or demand of immediate removal of personal data is not an automatic process and it does not mean that at the moment of lodging complaint we shall stop processing you personal data in case of all the purposes for which we collected your personal data. It may turn out that we cease to process your personal data for one purpose, but we still continue their processing for the remaining purposes, as presented in point III.
XIII. Right to lodge a complaint
If you believe that your personal data is processed unlawfully, you have the right to lodge complaint to the President of the Personal Data Protection Office.
XIV. Final provisions