version date 30 July 2021
The administrator of the Website and, at the same time, the Controller of personal data of persons using the Website („hereinafter referred to as „Users”) is Przemysław Doliwa, ul. Brzask 21/1, 60-369 Poznań, Poland (hereinafter referred to as the „Controller”). Correspondence address: ul. Brzask 21/1, 60-369 Poznań, Poland; email address: firstname.lastname@example.org.
Ways and purposes of personal data processing
Using the Website involves the processing of User’s personal data for the following purposes:
Contacting the Controller – for this purpose, User provides their email address, name, surname, and other data contained in the message. Providing an email address is voluntary, but necessary to contact the Controller via email. In this case, personal data is processed in order to contact the User, and the basis for processing is the User’s consent resulting from the initiation of contact (Article 6 (1) (a) of the GDPR). The data will also be processed after contacting the Controller. The legal basis for such processing is the legitimate purpose of archiving correspondence for the purpose of documenting its course in the future (Article 6 (1) (f) of the GDPR).
Survey for Users downloading the application from the Website – for this purpose, the User provides their name, surname, e-mail address, industry, and country of origin. Providing this data is voluntary, but necessary to download the application. In this case, personal data is processed on the basis of Article 6 (1) (f) of the GDPR, i.e., the Controller's legitimate interest in collecting information about who and for what purpose uses the application, and consequently examining the possibility of improving the quality of services provided.
Setting up and maintenance of a User account – for this purpose, the Controller processes personal data provided by the User in the registration form, i.e. name, email address and password and in the account settings, i.e. telephone number, nickname. The legal basis is Article 6 (1) (b) of the GDPR, i.e., performance of a contract for the provision of services.
Settlement of paid services – for this purpose the Controller processes personal data provided by the User through the account, such as: name and surname, company name, tax identification number, correspondence address and payment card details – pursuant to art. 106e section 3 of the Act of March 11, 2004 on tax on goods and services and Article 6 (1) (c) of the GDPR, in order to fulfill the legal obligation incumbent on ADO, in the form of the obligation to issue a VAT invoice, as well as Article 6 (1) (b) of the GDPR in order to perform the contract for the provision of services.
Complaint handling – for this purpose, the Controller may process some personal data provided by the User, as well as data on the use of services that are the cause of the complaint or questions, data contained in the documents attached to the complaint or questions – pursuant to Article 6 (1) lit. b GDPR, in order to fulfill the obligation to consider the complaint, as well as Article 6 (1) (f) GDPR, i.e. the legitimate interest of the Controller, consisting in improving the quality of the Services and building positive relationships with Users;
Managing the forum https://discuss.rhinonature.com – in order to set up an account on the forum, the User is obliged to fill in the form and provide an email address, name/nickname and password. Providing this data is voluntary, but necessary to add content to the forum. The data provided when adding content on the forum is used to publish it, and the legal basis for their processing is the User's consent resulting from the addition of content (Article 6 (1) (a) of the GDPR). The data will be processed as long as the posts are displayed on the forum unless the User deletes the post earlier.
Cookies on the Website – on the basis of User’s consent (Article 6 (1) (a) GDPR)
Analyzing data collected automatically when using the Website – in this case, personal data is processed on the basis of the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR).
Processing for archival and evidence purposes, for the purposes of securing information that may be used to prove facts – this is a legitimate interest of the Controller (Article 6 (1) (f) of the GDPR).
Confirmation of the performance of the Controller’s obligations and pursuit of claims or defense against claims that may be directed against the Controller, as well as for the purpose of preventing or detecting fraud – based on the Controller’s legitimate interest, which is the protection of rights, confirmation of the performance of obligations and obtaining due remuneration from Users (Article 6 (1) (f) of the GDPR).
Sending the Newsletter – pursuant to Article 6 (1) (a) GDPR, i.e. the User’s consent granted before subscribing to the Newsletter, and for the purpose of implementing direct marketing addressed to Users, pursuant to Article 6 (1) (f) GDPR, i.e. the legitimate interest of the Controller.
Personal data is not processed for the purpose of automated decision making without the express consent of the Users.
Personal data sharing
Personal data may be transferred to the following entities whose services are used by the Controller in order to run the Website and to provide services through it:
home.pl S.A. (ul. Zbożowa 4, 70-653 Szczecin, Poland, KRS 0000431335);
Internet traffic monitors:
Google LLC. (1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA);
Merchant of record:
Paddle.com Inc (3811, Ditmars Blvd, #1071 Astoria, NY 11105-1803 USA).
The purpose and scope of data collection and their further processing and use by service providers referred to in clause 1, as well as the possibility of contact and the User’s rights in this regard and the possibility of making settings that ensure privacy protection are described in the privacy policies of those service providers.
Period of personal data storage
Personal data will be kept for the period necessary for the purpose for which they were collected, but not longer than 10 years from the date of collection of such data.
User’s rights in connection with the processing of personal data
According to the GDPR, the User has the following rights in connection with the processing of their personal data:
The right to be informed how personal data is processed;
The right to access and rectify personal data;
The right to delete personal data; The Controller may refuse to delete data for which there is a basis for their further processing (e.g., fulfillment of a legal obligation or pursuing claims or defense against claims that may be directed against the Controller);
The right to request the restriction of the processing of personal data;
The right to object to the processing of personal data, if the basis for processing is the Controller's legitimate interest or performance of tasks in the public interest;
The right to withdraw consent if personal data were processed on the basis of the User's consent;
The right to transfer personal data.
All the above rights can be exercised by contacting the Controller via e-mail. Requests will be implemented without undue delay, not later than within 30 days from the date of receipt of the request. Within this period, the Controller will answer or inform about a possible extension of the deadline and explain the reasons. If the Controller has doubts as to whether a specific request was made by an authorized person, he may ask a few additional questions to verify the identity of the applicant.
Cookies are digital data, in particular small text information, saved and stored on devices (e.g., computer, tablet, smartphone) through which the User uses the Website’s pages.
Cookies used by the Controller are safe for Users’ devices. In particular, it is not possible for viruses or other unwanted software or malware to enter Users’ devices this way. Cookies allow us to identify the software used by the User and individually adjust the functionality of the Website. Cookies usually contain the name of the domain they come from, the storage time on the device and the assigned value.
Types of Cookies and their purpose
The Website uses three types of Cookies:
Own Cookies - used to ensure the proper operation of the Website.
Google Analytics and Google Search Console – tools provided by Google LLC, used to create statistics, and analyze them in order to optimize the Website. They automatically collect information about the User’s use of the Website. The information collected in this way is most often transferred to a Google server in the United States and stored there. Due to the IP anonymization activated by the Controller, the User’s IP address is shortened before forwarding. Only in exceptional cases is the full IP address sent to a Google server in the United States and shortened there. The anonymized IP address provided by the User’s browser is, as a rule, not combined with other Google data. Due to the fact that Google LLC is based in the USA and uses technical infrastructure located in the USA, it uses the model contractual clauses approved by the European Commission to ensure an adequate level of personal data protection required by the GDPR. In order to prevent the collection of data collected by this type of Cookies by Google, as well as the processing of this data by Google, the User may install a browser plug-in at: https://tools.google.com/dlpage/gaoptout. Details related to data processing as part of Google Analytics are available at https://support.google.com/analytics/answer/6004245;
Paddle.com – Paddle.com provides sales and payment services on the Website. Technologies used for this purpose by Paddle.com are compliant with the GDPR and used only for internal use. Users' data is not shared with third parties and is not used for any purposes other than those necessary for the proper handling of the sales and payment process. For more information, please visit https://paddle.com/gdpr/ and https://paddle.com/privacy/.
The User may independently and at any time change the settings for Cookies, specifying the conditions for their storage and access to the User’s device via Cookies. Changes to the settings referred to in the previous sentence can be made by the User using the settings of their web browser. These settings can be changed in particular in such a way as to block the automatic handling of Cookies, or to inform about them each time Cookies are placed on the User’s device. Detailed information on the possibilities and methods of handling cookies is available in browser settings.
Using the Website involves sending inquiries to the server on which the Website pages are stored. Each query directed to the server is saved in the server logs. Logs include User’s IP address, server date and time, information about the web browser and the User’s operating system. Logs are saved and stored on the server. The data stored in the server logs are not associated with specific Users and are not used by the Controller to identify Users. The server logs are only auxiliary material used to administer the Website and their content is not disclosed to anyone except those authorized to administer the server.
In order to subscribe to the Newsletter, the User provides the Controller with the following personal data: email address, name, surname, via the subscription form available on the Website. Providing this personal data is voluntary, but necessary to subscribe to the Newsletter.
The Controller provides a form on the Website in order to enable Users to contact the Controller.
In order to send a message via the form, User provides the Controller with the following personal data: email address, first name, surname, which is entered into the appropriate fields of the contact form.
Security and personal data protection authority
The Controller guarantees the confidentiality of all personal data provided to him. The Controller ensures that all security and personal data protection measures required by law are taken. Personal data is collected with due diligence and adequately protected against access by unauthorized persons.
If you believe that the Controller is processing personal data unlawfully, you can file a complaint with the competent authority, which is the President of the Personal Data Protection Office of Poland (Prezes Urzędu Ochrony Danych Osobowych).