Privacy Policy

Privacy Policy of the Website

www.asmpoland.pl

  1. GENERAL PROVISIONS

    1. The controller of personal data collected through the website www.asmpoland.pl is ASM POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ registered in the entrepreneurs’ register by the competent court under the KRS number: 0000999137, share capital: 5,000.00 PLN, place of business: UL. WAŁY PIASTOWSKIE 1 / 1508, 80-855 GDAŃSK, delivery address: UL. WAŁY PIASTOWSKIE 1 / 1508, 80-855 GDAŃSK, NIP: 8971913500, REGON: 8971913500, email address: office@asmpoland.pl, hereinafter referred to as the “Controller.”
    2. Personal data collected by the Controller through the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and the Personal Data Protection Act of 10 May 2018.

  2. TYPES OF PERSONAL DATA PROCESSED, PURPOSE, AND SCOPE OF DATA COLLECTION

    1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data through the website www.asmpoland.pl in the following cases:
      1. When a user uses the contact form. Personal data is processed on the basis of Article 6(1)(f) of the GDPR as a legitimate interest of the Controller.
      2. When a user subscribes to the Newsletter for the purpose of receiving commercial information electronically. Personal data is processed after separate consent is given, based on Article 6(1)(a) of the GDPR.
    2. TYPES OF PERSONAL DATA PROCESSED. The Controller processes the following categories of user personal data:
      1. First name and last name,
      2. Address (residence),
      3. Email address,
      4. Phone number,
      5. NIP (Tax Identification Number).
    3. RETENTION PERIOD FOR PERSONAL DATA. User personal data is stored by the Controller:
      1. In the case where the processing of data is necessary for the performance of a contract, for as long as necessary to perform the contract, and thereafter for a period corresponding to the statute of limitations. If a specific provision does not specify otherwise, the limitation period is six years, and for claims related to periodic services and business activities – three years.
      2. In the case where the processing of data is based on consent, for as long as the consent is not revoked, and after revocation of consent, for a period corresponding to the statute of limitations for claims that the Controller may raise or that may be raised against the Controller. If a specific provision does not specify otherwise, the limitation period is six years, and for claims related to periodic services and business activities – three years.
    4. During the use of the website, additional information may be collected, including: the IP address assigned to the user’s computer or the external IP address of the Internet service provider, domain name, type of browser, access time, and operating system type.
    5. Navigation data may also be collected, including information about links and references that users decide to click on or other actions taken on the website. The legal basis for such activities is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) in facilitating the use of electronically provided services and improving their functionality.
    6. Providing personal data by the user is voluntary.
    7. Personal data will also be processed in an automated manner for profiling purposes, provided the user consents based on Article 6(1)(a) of the GDPR. Profiling may involve assigning a profile to a specific individual to make decisions, analyze, or predict preferences, behaviors, and attitudes.
    8. The Controller takes special care to protect the interests of data subjects, ensuring that the data collected are:
      1. Processed lawfully,
      2. Collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes,
      3. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed, and stored in a form that allows identification of data subjects for no longer than necessary to achieve the processing purpose.

  3. SHARING OF PERSONAL DATA

    1. User personal data is transferred to service providers used by the Controller for the operation of the website. Depending on contractual arrangements and circumstances, service providers receiving personal data either comply with the Controller’s instructions regarding the purposes and methods of data processing (data processors) or independently determine the purposes and methods of their processing (controllers).
    2. User personal data is stored exclusively within the European Economic Area (EEA).

  4. RIGHT TO CONTROL, ACCESS TO OWN DATA, AND THEIR CORRECTION

    1. The data subject has the right to access their personal data and the right to rectify, delete, restrict processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. The legal basis for the user’s requests are as follows:
      1. Access to data – Article 15 of the GDPR,
      2. Rectification of data – Article 16 of the GDPR,
      3. Erasure of data (the right to be forgotten) – Article 17 of the GDPR,
      4. Restriction of processing – Article 18 of the GDPR,
      5. Data portability – Article 20 of the GDPR,
      6. Objection – Article 21 of the GDPR,
      7. Withdrawal of consent – Article 7(3) of the GDPR.
    2. To exercise the rights described in point 2, the data subject can send a relevant email to: office@asmpoland.pl.
    3. If, due to the complexity of the request or the number of requests, the Controller cannot fulfill the request within one month from its receipt, the Controller will fulfill it within the next two months, informing the user in advance within one month from receiving the request of the intended extension of the deadline and the reasons for it.
    4. If the data subject finds that the processing of personal data violates the provisions of the GDPR, they have the right to lodge a complaint with the President of the Office for Personal Data Protection.

  5. COOKIES

    1. The Controller’s website uses cookies.
    2. Installing “cookies” is necessary for the proper provision of services on the website. “Cookies” contain information necessary for the proper functioning of the site and also allow for the development of general statistics of website visits.
    3. Within the website, the following types of “cookies” are used: session and persistent.
      1. “Session” cookies are temporary files that are stored on the user’s end device until logging out (leaving the website).
      2. “Persistent” cookies are stored on the user’s end device for the time specified in the parameters of “cookies” or until they are deleted by the user.
    4. The Controller uses its own cookies to better understand how users interact with the website’s content. The cookies gather information about how the user uses the website, the type of site from which the user was redirected, and the number of visits and the time of the user’s visit to the website. This information does not record specific personal data of the user but is used to compile statistics on the use of the website.
    5. The user has the right to decide on access to “cookies” files on their computer by selecting them in the browser window. Detailed information on the possibilities and methods of handling “cookies” files is available in the software settings (web browser).

  6. FINAL PROVISIONS

    1. The Controller employs technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data protected, in particular, it secures data against unauthorized access, takeover by an unauthorized person, processing in violation of applicable regulations, as well as change, loss, damage, or destruction.
    2. The Controller provides appropriate technical measures to prevent the acquisition and modification of personal data by unauthorized persons during electronic transmission.
    3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant Polish law shall apply.