version dated: 27/11/2020
See also: Information on specific risks related to the use of electronic services.
Entry
This Privacy Policy constitutes an integral part of the Regulations for the provision of electronic services of the Gettgebox Platform and, together with the Regulations, defines the conditions under which the Operator collects and processes Users' personal data when providing Services constituting the functionalities of the Platform. The definitions contained in the Regulations apply accordingly to this Privacy Policy. Lack of acceptance of this Privacy Policy is tantamount to the inability to use the Platform.
We respect the privacy of Platform Users and make every effort to ensure that the entrusted personal data is processed in accordance with applicable Polish and European law, including the Act of 10 May 2018 on the protection of personal data, Regulation (EU) 2016/679 of the European Parliament and of the Council. of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "GDPR") and the Act of 16 July 2004. Telecommunications law. We also make sure that your personal data is secured as much as possible - for this purpose we use, among others: secure communication encryption protocol (SSL).
Below we present the principles of processing your personal data, from which you will learn in particular:
- Who is the Personal Data Administrator and how can you contact him,
- What data do we process,
For what purposes and on what legal basis do we process your personal data, - Who do we share data with,
- How long we process data,
- What rights do you have as Users and personal data subjects?
Please read the document carefully before using the Getthebox Platform.
Personal Data Administrator
- The administrator of the personal data provided by you during registration and editing of the User Account, as well as when using the Platform, is the owner of the Platform - Kampo Przemysław Kędzierski with its registered office in Zębowice 33i, 59-411 Paszowice, NIP 6951438816, REGON 391077790 (hereinafter also referred to as the "Operator" ).
- Contact with the Administrator is possible via e-mail: biuro@getthebox.eu, contact form available on the website www.getthebox.eu, and by post:
Address for written correspondence
Kampo Przemysław Kędzierski
Zębowice 33i
59-411 Paszowice
Type of personal data processed
The Administrator may collect and process the following data regarding Users:
Data provided directly by Users
The Administrator processes personal data that is provided or made available by Users as part of using the Platform. In particular, this concerns identification data used for registration and login, transaction data used to process payments and data included in Advertisements published by Users during their activity on the Portal, including geolocation data that is used to post and accept Advertisements, rate others Users and receiving the Newsletter.
Providing some data is necessary to use all functionalities of the Platform (e.g. telephone number for accepting Parcels by Drivers and a link to PayPal.Me), providing other data is optional (e.g. a detailed description of the Parcel) and does not affect the ability to use the Platform, however, it may affect the perception of other Platform Users forming the community (e.g. failure to complete some data in the "Your profile" tab may affect the subjective assessment of the User's credibility).
In the case of using paid functionalities of the Platform - when making payments via PayPal.Me, the Administrator receives the User's data, i.e. name and surname, residential address, and other information provided by you, including details of the implementation of individual Services, e.g. Parcel Transport.
Using the "Newsletter" Service requires providing an e-mail address and consent to receiving commercial information and electronic means.
Data we collect automaticallyIn connection with the User's registration via the Facebook social networking site, the Administrator receives access to the following personal data of the User (name, surname, photo) posted on the User's Facebook account, in accordance with the terms and provisions applicable on this website.
The Administrator does not automatically collect any information except information contained in Cookies. The information collected in this way is used solely for the purposes of administering the Platform, identifying possible security threats, examining User traffic within the Platform and for statistical purposes and providing better quality Services.
Cookies (so-called "cookies") are IT data, in particular text files, which are stored on the User's end device and are intended for using websites. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number.
The entity that places Cookies on the User's end device and obtains access to them is the Platform Operator and the entities indicated in the chapter "Entities sharing personal data".
Cookies are used for the following purposes:
-
adapting the content of the Platform's website to the User's preferences and optimizing the use of the Platform via the website;
-
creating statistics that help understand how Users use the Platform, which allows improving its structure and content;
-
maintaining the session of Platform Users (after logging in), thanks to which the User does not have to enter the login and password each time;
In order to adapt the Platform to the individual needs and interests of Users, the Platform uses the so-called Cookies, i.e. information saved by the Platform's server on the computer of the Mobile Device, which the Platform can read each time the service is used.
The platform uses two basic types of cookies: "session" and "persistent". "Session" cookies are temporary files that are stored on the User's end device until logging out, leaving the website or turning off the software (web browser); "Permanent" Cookies are stored on the User's end device for the time specified in the Cookies parameters or until they are deleted by the User. The Platform also uses "necessary" Cookies that enable the use of the Platform, e.g. authentication Cookies used for services requiring authentication and Cookies used to ensure security, e.g. used to detect authentication abuses within the services provided;
Detailed information on the possibilities and methods of handling Cookies is available in the web browser settings. The User may consent to the use of Cookies using browser settings, and may also opt out of Cookies by selecting the appropriate settings on the web browser. Disabling the option to accept Cookies may cause difficulties or even prevent the use of the Platform.
Purposes of personal data processing
The personal data provided by you is used only for the proper provision of the Services you use within the Platform. In particular, the data you provide is used to register and log in, post and accept Advertisements, as well as contact you (sending system information about changes in the functioning of the Platform, changes to the Regulations and Privacy Policy, Newsletter, response to complaints and asked questions).
Your personal data will not be used by the Administrator or third parties for marketing purposes unless you give your consent. You can unsubscribe from receiving marketing information at any time.
Data collected automatically will be used only for technical purposes related to the administration of the Platform and to analyze your behavior in order to provide better quality Services. This data is obtained by the server in an automated manner. On their basis, research and analyzes will also be carried out to monitor the level of security applied against unauthorized access to personal data, improve the Platform and develop new functionalities and adapt the Services to your needs and convenience (e.g. personalizing the content in the Services, easier search).
Legal basis for processing
We process your personal data on the basis of:
- contract for the provision of electronic services, which we conclude with you together with the registration of the Account - to the extent necessary to register the User Account and use the Platform;
- User's consent - in the scope of the User's personal data, the provision of which is not necessary to use the Platform, but which may be made available (e.g. in order to build credibility among other Users of the Platform, or to better determine the Sender or Recipient), and also to provide content marketing by the Administrator on behalf of third parties or directly by third parties. Consent is voluntary, which means that the lack of consent will not deprive the User of access to the Platform and the Services provided through it; consent may be limited or changed (withdrawn or re-granted) at any time.
- legally justified interests of the Administrator - in order to improve the Platform and develop new functionalities and adapt the Services to the needs and convenience of Users (e.g. personalization of content in the Services, easier search), as well as to conduct marketing and promotion of own Services,
- other legal bases arising from applicable legal provisions.
Entities sharing personal data
The personal data provided by you will be made available to a limited extent to other Users forming the Platform community in connection with the process of sending and receiving Parcels after establishing a relationship to the extent necessary to perform the Transport.
In addition, your personal data may be made available:
- if it is necessary in connection with the use of the services of a third party, in order to perform any contracts that may be concluded with the User, in order to facilitate or extend the provision of our Services (e.g. to process payments via PayPal.Me);
- entities that operate the Platform together with the Administrator, including: IT service providers;
- to third parties for marketing purposes based on your voluntary consent;
- state authorities and institutions authorized to do so in cases expressly indicated by law at their request;
- legal successors of the Administrator or purchasers of the enterprise in the event of sale of the enterprise;
each time on the basis of an agreement entrusting the processing of personal data while maintaining the principles of confidentiality and information security.
Personal data storage period
User data will be processed until the basis for their processing exists:
- if the data is necessary to perform the contract - for the duration of its performance and until the expiry of the limitation period for claims under this contract against the Operator and in mutual relations between Users, and in the event of blocking or forced deletion of the Account, the User's data will be stored for a period of ___ years, to prevent circumvention of the rules and regulations applicable to the use of our Platforms;
- in the event of consent being granted, until it is withdrawn, limited or other actions of the User limit this consent; withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
- if the basis for data processing is the legitimate interest of the Administrator - until the User submits an effective objection.
Anonymized data may be stored for an indefinite period of time as auxiliary material used to administer the Platform. The information contained therein is not disclosed to anyone other than persons authorized to administer the server and the Administrator's network. This data does not contain any features identifying Users.
User Rights
The user has the right to access his or her personal data, the right to rectify it, the right to limit processing, the right to delete data, the right to object to processing and the right to transfer data.
The User may exercise these rights at any time after logging in to the User Account in the "Your profile" tab. Deleting personal data that was or is currently necessary for registration (data marked with an asterisk) is possible only by deleting the User Account, as these data are necessary to provide the Services.
Submitting a request to delete this data will result in deletion of the Account. All information regarding the implementation of the above. you will obtain your rights by contacting the Administrator.
The User also has the right to lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office (ul. Stawki 2, 00-964 Warsaw).
Rights of the data subject
Pursuant to the GDPR, you have the right to:
- request access to your personal data;
- request rectification of your personal data;
- request the deletion of your personal data;
- requests to limit the processing of personal data;
- object to the processing of personal data;
- request the transfer of personal data.
The personal data administrator shall, without undue delay - and in any case within one month of receiving the request - provide you with information about the actions taken in connection with your request. If necessary, the monthly deadline may be extended by another two months due to the complexity of the request or the number of requests.
In any case, the Personal Data Controller will inform you about such extension within one month of receiving the request, stating the reasons for the delay.
The right to access personal data (Article 15 of the GDPR)
You have the right to obtain information from the Personal Data Administrator whether your personal data is being processed.
If the Administrator processes your personal data, you have the right to:
- access to personal data;
- obtain information about the purposes of processing, categories of personal data processed, about the recipients or categories of recipients of this data, the planned period of storage of your data or about the criteria for determining this period, about your rights under the GDPR and the right to lodge a complaint with the supervisory authority, about the source of these data on automated decision-making, including profiling, and on the safeguards used in connection with the transfer of this data outside the European Union;
- obtain a copy of your personal data.
If you want to request access to your personal data, please submit your request to: biuro@kampo.com.pl
The right to rectify personal data (Article 16 of the GDPR)
If your personal data is incorrect, you have the right to request the Administrator to immediately correct your personal data.
You also have the right to request that the Administrator supplement your personal data.
If you want to request the correction or supplementation of your personal data, please submit your request to: biuro@kampo.com.pl
The right to delete personal data, the so-called “right to be forgotten” (Article 17 of the GDPR)
You have the right to request that the Personal Data Administrator delete your personal data when:
- Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- you have withdrawn specific consent, to the extent that personal data were processed based on your consent;
- Your personal data was processed unlawfully;
- you have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing of personal data is related to direct marketing;
- you have objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for purposes arising from the legitimate interests pursued by the Personal Data Administrator or a third party.
Despite submitting a request to delete personal data, the Personal Data Administrator may further process your data in order to establish, pursue or defend claims, of which you will be informed.
If you want to request the deletion of your personal data, please submit your request to: biuro@kampo.com.pl
The right to request restriction of the processing of personal data (Article 18 of the GDPR)
You have the right to request restriction of the processing of your personal data when:
- you question the accuracy of your personal data - the Personal Data Administrator will limit the processing of your personal data for a period of time enabling the accuracy of these data to be checked;
- when the processing of your data is unlawful and instead of deleting your personal data, you request the restriction of the processing of your personal data;
- Your personal data is no longer necessary for the purposes of processing, but it is needed to establish, pursue or defend your claims;
- when you have raised an objection to the processing of your personal data - until it is determined whether the legitimate interests of the Personal Data Administrator override the grounds indicated in your objection.
If you want to request the restriction of the processing of your personal data, please submit your request to: biuro@kampo.com.pl
The right to object to the processing of personal data (Article 21 of the GDPR)
You have the right to object at any time to the processing of your personal data, including profiling, in connection with:
- processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of the legitimate interests pursued by the Personal Data Administrator or a third party;
- processing for direct marketing purposes.
If you want to object to the processing of your personal data, please submit your request to: biuro@kampo.com.pl
The right to request the transfer of personal data (Article 20 of the GDPR)
You have the right to receive your personal data from the Administrator in a structured, commonly used, machine-readable format and to send it to another personal data administrator.
You can also request that the Personal Data Administrator send your personal data directly to another administrator (if technically possible).
If you want to request the transfer of your personal data, please submit your request to: biuro@kampo.com.pl
Security
To protect your data and guarantee the confidentiality and integrity of your personal data, as well as the method of processing it, we apply internal policies and standards as well as appropriate technical and organizational measures (policies and procedures, IT security measures, etc.).
Changes
The Privacy Policy may be amended at any time to maintain its compliance with any changes to the law and to reflect how personal data is processed within the Platform.
The latest version of the document is always available in the Application and on the website www.gettebox.eu.