The administrator of personal data is Goldpoint Dorota Kasprzak – Sabik, st. Marokańska 1S, 03-977 Warsaw, NIP: 5221364370, tel. +48 502 236 069, e-mail: [email protected]
Principles of data collection
While browsing the pages of the website, statistical data concerning visits are collected, e.g. data of the search engine and inquiries which directed the user to the website, information about time spent on the website, number of pages viewed, time spent on particular pages. This is information that allows you to customize the service to the needs of users and display the desired content.
The administrator also collects data provided directly by the user, e.g. via e-mail or telephone conversation.
Principles of data use
The data collected automatically is used for statistical purposes and to adjust the content to the users’ preferences, but also to support their purchases in the online shop.
Information on data processing in accordance with article 13 of the Collective Labour Agreement
Goldpoint Dorota Kasprzak – Sabik, st. Marokańska 1S, 03-977 Warsaw, NIP: 5221364370, tel. +48 502 236 069, e-mail: [email protected]
Rights of the data subject
In connection with the processing of personal data, any natural person has the right to request: access to personal data, rectification, erasure, restriction of personal data processing, transfer, object to the processing of personal data in accordance with the principles set out in Articles 15-22 of the AROC.
Each person has the right to lodge a complaint with the President of the Office for Personal Data Protection against the manner of data processing by the Administrator.
Purposes and grounds for data processing
– Users of the dorotagoldpoint.com website: The basis for processing personal data of users is their consent, expressed in an informed manner by means of contact with the Administrator or by means of software settings installed on the device used by the User or the configuration of the service itself (Article 6.1.a of RODO), as well as the legitimate interest of the Administrator in conducting business contacts (Article 6.1.f of RODO). Processing takes place in order to make contact, including the presentation of an offer for services, at the user’s request.
– Customers and contractors: The processing is necessary for the performance of the contract or to take action at the customer’s request prior to the conclusion of the contract, as well as to fulfil the legal obligation of the Administrator, in particular in relation to the provisions of the Income Tax and Value Added Tax Act. Some data may also be processed on the basis of voluntary consent, e.g. in order to enable faster contact. In case of the necessity to pursue claims, including debt collection, the basis for processing is the legally justified interest of the Administrator (Article 6(1)(a), (b), (c), (f) RODO).
– Job Candidates – data will be processed for recruitment purposes, on the basis of the provisions of the Labour Code, as well as on the basis of a voluntarily expressed consent to the extent exceeding the required provisions, which the candidate will provide voluntarily with the application (Article 6(1)(a), (c) RODO).
– Fanpage Users (https://www.facebook.com/DGofficials/) – data will be processed in order to contact, answer questions, submit an offer on the basis of voluntary consent, which is a conscious action in the form of sending a message, as well as a legally justified interest of the Administrator in ensuring business continuity (which is a prerequisite legalizing processing under Article 6(1)(a), (f) of the RODO).
– Users of the online store – data will be processed on the basis of a contract for the provision of electronic services concluded with the Administrator in connection with the creation of an account on the Website (Article 6(1)(b) RODO).
Right to withdraw consent
Any person whose data are processed by the Administrator has the right to withdraw consent at any time without affecting the processing that took place until the withdrawal of consent.
Obligation or voluntariness to provide data and the consequences of not providing data
Entry of data by:
– The user of the website is voluntary. Failure to provide data or incomplete data may make it difficult or impossible to contact and provide answers to questions asked.
– Customer/contractor in the scope of data necessary to conclude a contract is a requirement of the Civil Code, failure to provide them will result in the inability to effectively conclude a contract, data necessary to issue an invoice is an obligation arising from the tax law, their failure to provide will result in the inability to settle accounts; contact data is voluntary, and their failure to provide may hinder or slow down mutual business relations.
– A candidate for employment is an obligation under labor law to the extent that it is necessary to perform work for a given position, failure to provide data will prevent participation in the recruitment process; in the scope of additional data provided on the their consent, it is not necessary to provide them, and failure to provide them will not affect the course of the recruitment process.
– Fanpage User (https://www.facebook.com/DGofficials/) providing contact details is voluntary, and failure to provide them will result in limiting correspondence on Facebook.
– User of the online store – failure to provide data necessary to set up an account will prevent the use of the service.
Information on entities to whom the data may be disclosed
The administrator may share the data:
– Users – entities ensuring proper service of the service, including those ensuring security of the sent data. The data will also be made available to entities providing cookies and similar technologies installed on the Website (detailed rules of making them available are described in the further part of the policy).
– Customers and contractors – banks, insurance companies, subcontractors, postal and courier operators, payment operators.
– Fanpage Users – Facebook and its partners on the terms set out below.
– Online shop users – entities providing proper shop service, including ensuring the security of sent data. Data will also be made available to entities providing cookies and similar technologies installed on the Website (detailed rules of making them available are described in the further part of the policy).
Information on the transfer of data to third countries
In connection with the use of Facebook, your data will be transferred outside the EU. Facebook Inc. has acceded to the EU-US Privacy Shield Agreement and the Swiss-US Privacy Shield Agreement (collectively, the “Privacy Shield Agreement”) with the US Department of Commerce with respect to the collection and processing of personal data from advertisers, customers or business partners in the EU, and in the event that a Swiss data controller uses Facebook to process data, also in Switzerland, (collectively, the “Partners”) in connection with Facebook products and services in separate terms and conditions. For more information on the Privacy Shield program, please visit www.privacyshield.gov
Facebook observes the principles of the Privacy Shield (as defined in each of the following sections) in the following areas of activity (hereinafter collectively referred to as “Partner Services”):
– Advertising options and measuring tools: Facebook offers advertising options and measurement tools and through such services may collect personal information from Partners outside the network (data controllers), which data is first processed by Facebook Ireland and then processed by Facebook Inc. This information includes elements such as contact information and information about experiences or interactions with Partners and their products, services and advertisements. For more information on Facebook’s advertising options and measurement tools, please see the “Facebook Advertising Information” and “Data Policy” pages. Facebook uses the personal data provided by the Partners to provide the services of the Partners in accordance with the terms and conditions of the respective service or, in the absence thereof, in accordance with the guidelines of the Partners. Facebook cooperates with the Partners in order to provide users with the right choice options in accordance with the Privacy Shield principles.
Within the framework of the rights granted to it and in accordance with the obligations assumed within the Privacy Shield, Facebook will cooperate with the Partners in order to provide users with access to their own personal data, which Facebook holds on behalf of its Partners. Facebook will also take reasonable steps to enable individuals, whether directly or in conjunction with the Affiliates, to correct, modify or delete personal information that is inaccurate.
Facebook may transfer your data to entities within the Facebook group of companies and to third parties, including service providers and other partners. In accordance with the terms of the Privacy Shield, Facebook is liable for the processing of personal data by such third parties in violation of the terms of the Privacy Shield, unless Facebook was not responsible for the event that led to the alleged damage.
Personal data provided to Facebook by the Partners may be subject to disclosure requirements in accordance with requests from legal institutions and in the following areas other judicial and administrative procedures, e.g. subpoenas, orders or provisions. For more information, see “How do we respond to subpoenas and injunctions and prevent harm?
The U.S. Federal Trade Commission has the authority to monitor Facebook’s compliance with the Privacy Shield rules and to enforce them.
You can resolve any certification-related dispute with Facebook through TRUSTe, a U.S.-based alternative dispute resolution service. You can contact TRUSTe through its website. Where applicable, the Agreement on a Privacy Shield may provide for the right to invoke binding arbitration to resolve disputes that cannot be otherwise resolved as described in Annex I to the Privacy Shield Rules of each Agreement. In addition, under the Privacy Shield Arrangements, the Senior Coordinator of the U.S. Department of State acts as a spokesperson to streamline the processing of petitioners’ requests for the following access to data transferred (respectively) from the EU and Switzerland to the US for national security reasons.
In connection with the use of the Service and the Website, the Administrator will share the data of users of Yandex Oy Limited Company – Moreenikatu 6, 04600 Mantsala, Finland (“Yandex”) and its partners. Data may be made available outside the EEA, but under a contract with the Administrator based on standard contractual clauses, Yandex warrants that the data will be processed in accordance with the requirements of the RODO regulations, including the exercise of the rights of data subjects.
The service is used to analyze the use of the website or mobile application by its users. For this purpose, Yandex will collect User Data on the technical characteristics and performance of website users or mobile application users on the basis of page views or mobile application usage. The data will be evaluated by the processing software in order to generate reports, including, but not limited to, information about the time spent on the website or mobile application, approximate geographical origin, the origin of the user’s traffic, output pages and the course of use.
Data collected: Data collected from page views or mobile application usage about the technical characteristics and activities of users of the website or mobile application. This applies in particular to information about time spent on a website or mobile application and interaction with a website or mobile application, as well as the IP address of website or mobile application users and information about cookies.
Yandex’s data processing policy: https://metrica.yandex.com/about/info/data-policy/
Duration of data retention
– Users: personal data of users who contact us about the possibility of providing services until the end of the contact and the expiration of possible claims, however, no longer than 3 years.
– Clients/contractors: until the end of the contract, and then for the period specified in the applicable provisions of law in connection with the administrator’s obligations in terms of archiving documents and tax settlements.
– Fanpage Users: until the withdrawal of the consent or removal of the Facebook account.
– Users of the online store – until the removal of the account or termination of the contract for the provision of services by electronic means.
– Service users may use the opt-out option to delete information stored by Yandex https://yandex.com/support/metrica/general/opt-out.html
The user can disable cookies in the browser settings. They will not affect the browsing of the content available on the site.
The website uses the following cookies:
Session cookies: are stored on the User Device and remain there until the end of the browser session. The stored information is then permanently deleted from the memory devices. The mechanism of session cookies does not allow to collect any personal data or any confidential information from the User Device.
Persistent cookies: are stored on the User Device and remain there until they are deleted. The end of a browser session or the disabling of the Device does not cause their removal from the User Device. The mechanism of permanent cookies does not allow to collect any personal data or any confidential information from the User Device.
Links to other websites. You can delete cookies in your browser settings, but also by using the opt-out mechanism for Yandex cookies: https://yandex.com/support/metrica/general/opt-out.html