About us
The administrator of your personal data is Experto Crede Sp. z o.o. Sp.k., Łąkowa 11, 35-212 Rzeszów. As a responsible organisation that is aware that information has a certain value and is a resource that requires proper protection, we are committed to duly informing you on matters related to the processing of personal data, especially in view of the content of the new legislation on personal data protection, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("RODO"). Therefore, in this document we provide key information about the legal basis for processing personal data, how it is collected and used, as well as the rights of data subjects. Experto Crede Sp. z o.o. Sp.k. has appointed a Data Protection Officer who can be contacted at the e-mail address: office@expertocrede.eu. When processing personal data, we apply the provisions of data protection law. Personal data are obtained and processed in the manner and according to the principles set out in this Policy.
General provisions
In Experto Crede Sp. z o.o. Sp.k. we attach particular importance to protecting the privacy of our clients, contractors, employees and associates. One of its key aspects is the protection of the rights and freedoms of individuals in connection with the processing of their personal data. We make sure that the processing of your data takes place in accordance with the provisions of the General Data Protection Regulation 2016/679/EC (hereinafter: "RODO"), the Personal Data Protection Act, as well as specific provisions (contained, among others, in the Labour Law or the Accounting Act). Experto Crede Sp. z o.o. Sp.k. is a controller of personal data within the meaning of Art. 4 pt. 7 RODO, we also use the services of processors referred to in Art. 4 pt. 8 RODO - they process personal data on behalf of the controller (these are e.g. IT companies, law firms, security). Experto Crede Sp. z o.o. Sp.k. implements appropriate technical and organisational measures to ensure a degree of security corresponding to the possible risk of infringement of the rights or freedoms of natural persons with different probability of occurrence and seriousness of threat. Our personal data protection measures are based on adopted policies and procedures and regular training to improve the knowledge and competence of our employees and associates.
The joint controller of your personal data is a company within a group of companies:
- Experto Crede Sp. z o.o. Sp.k. (Łąkowa 11, 35-212 Rzeszów)
In order to maintain the security of the personal data processed by our companies, which are interconnected by capital, personal and organisational links, as well as to ensure the high quality of the services we offer, we have adopted a data co-management model. The joint controllers ensure strict compliance with the applicable legislation on user privacy and the protection of personal data. The joint controllers provide sufficient guarantees for the implementation of appropriate technical and organisational measures to ensure that the processing meets the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter the "RODO") and protects the rights of data subjects. The companies have the same Privacy Policy in place. Based on it, we administer personal data in compliance with the law, including, in particular, data protection regulations and security requirements. Each Joint Controller is jointly and severally liable for any breaches in data processing. The data subject may bring his or her claims to the chosen Joint Controller, who will be obliged to remedy the damage, even if it was caused by another Joint Controller.
What we use your personal data for
- Conclusion and performance of the contract of carriage on the basis of the provision of Article 38(1) and (2) and Article 50 of the Act of 15 November 1984 Transport Law or the provision of Article 6 and 7 of the Convention on the Contract for the International Carriage of Goods by Road and Article 6(1)(b) and (f) of the RODO,
- Fulfilment of a legal obligation incumbent on the controller - Article 6(1)(c) of the DPA Carrying out marketing activities using electronic communications Article 6(1)(a) of the DPA,
- Safeguarding claims - Article 6(1)(f) of the DPA and taking action in connection with the debt recovery process,
- Establishing contact on the basis of Article 6(1)(f) RODO as a legitimate interest pursued by the controller (email, contact forms),
- Handling of the complaints process - Article 6(1)(b) and (c),
- Legitimate legitimate interest of the controller - Article 6(1)(f) RODO.
We share your data with third parties with your consent or when we are obliged to do so by law. We do not make automated decisions in relation to your personal data.
On what terms and on what basis we process your data
We take care to protect the interests of data subjects and, in particular, ensure that the data:
- processed lawfully, fairly and in a manner transparent to the data subject;
- collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
- adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- correct and updated as necessary. We take steps to ensure that personal data which is inaccurate in the light of the purposes of its processing is promptly deleted or rectified;
- kept in a form which permits identification of the data subject for no longer than is necessary for the purposes of the processing;
- processed in a manner that ensures adequate security of personal data, including protection against unauthorised or unlawful processing and accidental loss or destruction.
We normally process your data on the basis of your consent, which can be withdrawn at any time. Another case is where the processing of your data is necessary for the performance of a contract to which you are a party or to take action at your request, even before the conclusion of the contract. In some situations, processing is necessary for the fulfilment of a legal obligation incumbent on us as a controller. Such obligations arise, for example, under employment law or the Accounting Act. Processing may also be necessary for purposes arising from our legitimate interests, an example of which is the assertion of claims from our business activities.
What rights you have
We take appropriate measures to provide you with all relevant information in a concise, clear, understandable and easily accessible form and to conduct all communications with you regarding the processing of your personal data in connection with the exercise of your right to:
- information provided when personal data is collected;
- information provided on request - about whether data is being processed and other matters set out in Article 15 RODO, including the right to a copy of the data;
- rectification of data;
- being forgotten;
- limitation of processing;
- data portability;
- Objections;
- not to be subject to a decision based solely on automated processing (including profiling);
- information about a data breach.
In addition, if your personal data is processed on the basis of consent, you have the right to withdraw it. Consent may be withdrawn at any time, which does not affect the lawfulness of the processing carried out before the withdrawal. To contact us regarding the exercise of the right in question, please contact us via: Email address: office@expertocrede.eu Address for correspondence: Łąkowa 11, 35-212 Rzeszów. The security of your data is a priority for us, however, if you consider that by processing your personal data we are violating the provisions of RODO, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.
How we will contact you
We provide information in writing or by other means, including electronically where appropriate. If you request it, we may provide the information orally, provided that we can confirm your identity by other means. If you communicate your request electronically, where possible the information will also be provided electronically unless you indicate to us another preferred form of communication.
Within what timeframe we will comply with your request
We endeavour to provide information promptly - in principle within one month of receipt of the request. If necessary, this deadline may be extended by a further two months due to the complexity of the request. However, in any case, we will inform you within one month of receipt of the request about the action taken and (where applicable) about the extension of the deadline, stating the reason for such delay.
Subcontractors/processors
We may transfer your personal data to companies or other trustworthy business partners who provide services on our behalf, for example to provide technical support, to assess the suitability of a website for marketing purposes or to otherwise provide a service. Where we work with entities that process personal data on our behalf, we only use such processors that provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the RODO and protects the rights of data subjects. We check in detail the entities to whom we entrust the processing of your data. We enter into detailed contracts with them, and we carry out periodic checks on the compliance of the processing operations with the content of such contracts and the law. Your personal data may also be received by: a. entities and authorities authorised to process personal data on the basis of legal provisions, banks in the event of the need to conduct settlements, b. institutions providing funding for the purpose of performance of a contract concluded with the Administrator, c. entities cooperating in marketing campaigns, d. entities providing transport and loading services, e. customs agencies, f. platforms for the exchange of information between carriers, g. entities and bodies authorised to process personal data h. entities providing software supply, i. entities providing IT services, j. law firms, k. Facebook owner under the non-amendable rules regarding data specified by Facebook available at https://www.facebook.com/about/privacy. The personal data you provide may be shared with entities based outside the European Economic Area (EEA), i.e. in third countries. For these countries, no decision has been issued by the European Commission recognising that these countries provide an adequate level of protection within the meaning of European data protection legislation.
How we take care of the processing of your data
To meet the requirements of the law, we have developed detailed procedures covering issues such as:
- data protection by design and data protection by default;
- data protection impact assessment;
- notification of infringements;
- keeping a register of data processing activities;
- data retention;
- the exercise of data subjects' rights.
We regularly review and update our documentation in order to be able to demonstrate compliance with the requirements of the law in accordance with the principle of accountability formulated in the RODO, but also with a view to the interests of data subjects, we strive to incorporate best market practices.
Data retention
We keep personal data in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed. After such a period, we either anonymise (de-identify the data) or delete the data. In the retention procedure, we ensure that the retention period of personal data is limited to a strict minimum. We determine the period of data processing in the first instance on the basis of legal provisions (e.g. retention time for employee records, accounting documents), as well as the legitimate interest of the controller (e.g. marketing activities). The retention policy covers both data processed in paper and electronic form.
Mandates
We shall ensure that any person acting under our authority and having access to your personal data shall only process it on our instructions, unless otherwise required by Union or Member State law.
Cookies
Policy on the use of cookies by the Website. a) Cookies are IT data, in particular text files, which are stored in the Service User's terminal equipment and are intended for use on the Website. Cookies usually contain the name of the website from which they originate, the time of storing them on the terminal equipment and a unique number. b) The entity placing and accessing cookies on the terminal equipment of a User of the Website is the owner of the Website. c) The mechanism of cookies is not used to obtain any information about the users of the Website or to track their navigation. Cookies used on the site do not store any personal data or other information collected from users and are used for statistical purposes. d) By default, the web browsing software (browser) allows cookies on the User's device on which it is running. In most cases, you can configure the software yourself in this respect, including, among other things, forcing the automatic blocking of cookies. The configuration of the handling of cookies can be found in the settings of the software (web browser). Please note that the setting of limitations in relation to the handling of cookies may affect the operation of certain functionalities of the website. "e) Cookies are used to adjust the content of the Website to User preferences and to optimise the use of the Website; in particular, these files allow the Service User's device to be recognised and the Website to be properly displayed, adjusted to his/her individual needs; to create statistics which help understand how Website Users use the Website, which makes it possible to improve its structure and content; to maintain the Website User session (after logging in), thanks to which a User does not have to re-enter his/her login and password on each subpage of the Website; f) There are two basic types of cookies used on the Website: "session cookies" and "persistent cookies". "Session" cookies are temporary files that are stored on the User's terminal equipment until the User logs out, leaves the website or switches off the software (web browser). "Persistent" cookies are stored in the User's terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the User. g) The following types of cookies are used within the Service:
- necessary" cookies to enable the use of services available on the Website, e.g. authentication cookies used for services requiring authentication on the Website;
- cookies used for security purposes, e.g. used to detect misuse of the Website's authentication facilities; ◦ "performance" cookies, enabling the collection of information on how the Website's pages are used
- "functional" cookies, which make it possible to "remember" the User's selected settings and to personalise the User's interface, e.g. with regard to the chosen language or region of origin of the User, the font size, the design of the website, etc.
Links to other pages on the website
The owner of the website informs that the website contains links to other websites. The owner of the website recommends that you read the privacy policies applicable there, as he/she is not responsible for them.
Security of user data on the Website
A description of the technical and organisational security measures is contained in the Security (Data Protection) Policy of the service owner. In particular, the following safeguards are applied:
- the data automatically downloaded by the server are secured through an authentication mechanism for access to the service;
- data collected from users during the registration process is secured by SSL protocol and by means of an authentication mechanism for access to the site;
- access to the administration of the service is done using an authentication mechanism.