This Privacy Policy defines the manner of collecting, processing, and storing personal data necessary for the provision of electronic services through the website www.shiper.pl (hereinafter: Service).
The administrator of users’ personal data is Asiston sp. z o.o.; ul. Nad Przyrwą 13; 35-234 Rzeszów; REGON: 061443359; NIP: 9212029007; KRS: 0000429107 (hereinafter: Administrator).
Personal data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR).
Data collected by the Administrator will be: – processed lawfully, – processed for specified purposes and not further processed in a manner incompatible with those purposes, – factually correct and adequate in relation to the purposes for which they are processed, – stored no longer than necessary to achieve the purpose of processing.
II. Purpose and Legal Basis for Data Processing
The Administrator processes personal data necessary for the provision and development of services offered through the Service and its specific functionalities.
Personal data will be processed for the following purposes: a. registration of an account, verification of the user’s identity, and implementation of the agreement for the provision of electronic services in accordance with the Act of 18 July 2002 on the provision of electronic services, particularly by providing the user with the ability to use their account – based on acceptance of the terms of the Regulations (Article 6(1)(b) of the GDPR); b. communication with the user to provide necessary information and build positive and reliable relations with them, which constitutes the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR); c. promotion of the Administrator’s own products and/or services as well as those of its Partners by sending electronic Marketing Information (newsletter) if the user has given consent to receive such notifications via email (Article 6(1)(a) of the GDPR); d. providing access to information about industry news directly related to the Administrator’s activities, if the user has given consent to receive such notifications via email (Article 6(1)(a) of the GDPR), e. for analytical and statistical purposes based on the legitimate interest of the Administrator in verifying user activity and preferences to optimize services and products as well as the functionalities of the Service (Article 6(1)(f) of the GDPR); f. potential establishment, investigation of claims, or defense against them based on the legitimate interest of the Administrator in protecting its rights (Article 6(1)(f) of the GDPR).
In each of the cases mentioned above (point 2), providing data is voluntary but necessary to conclude an agreement or use other functionalities of the Service.
III. Period of Personal Data Processing
Personal data will be processed for the period during which the person remains an active user of the Service (has a user account), and after that time for the period necessary to comply with legal regulations, pursue or defend against any claims, but not longer than 3 years from the date of termination of the agreement for the provision of electronic services.
Data processed based on consent will be processed until the consent is withdrawn, with the proviso that the withdrawal of this consent does not affect the legality of the processing carried out before such withdrawal.
IV. Information about Processing
Depending on the purpose of processing, personal data may be disclosed to: a. entities affiliated with the Administrator b. entities cooperating with the Administrator, c. subcontractors, especially entities providing and servicing selected IT systems and solutions, d. entities handling online payments, e. entities providing courier and postal services, f. law firms.
Personal data processed by the Administrator will not be/transferred outside the European Economic Area or to international organizations.
V. Rights of Data Subjects
The user of the Service has the right to: – access the content of their personal data – correct data – delete data – limit data processing – data portability – object to processing based on the legitimate interest of the administrator – withdraw consent at any time without affecting the lawfulness of processing based on that consent before its withdrawal
The user has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe that the processing violates their rights and freedoms.
In the data processing process, there is no automated decision-making, including profiling.
VI. Final Provisions
The Administrator reserves the right to make changes to this Privacy Policy while ensuring that the rights of users arising from this document will not be limited.
Any changes to the Privacy Policy will be communicated to the user through a notice available on the Service.