Loftmill shall make every effort in order to respect the right to privacy, in particular ensuring the personal data protection, taking any appropriate organizational and technical measures in order to prevent any intrusion into the privacy by a third person. Any actions taken by Loftmill are at the level corresponding to the applicable provisions of law, in particular the Regulation of the European Parliament and of the Council No. 2016/679 of 27 April 2016 year on protection of individuals with regard to the processing of personal data and free movement of such data as well as repeal of the Directive No. 95/46/EC (The General Data Protection Regulation), the Personal Data Protection Act of 10 May 2018 year (The Official Journal of Laws of 2018 year, item 1000, as amended) – hereinafter referred to as the „GDPR”.
The Controller of any personal data collected by means of Loftmill is Loftmill Spółka z o.o.. The personal data controller appointed the Inspector for Protection of Personal Data (email: email@example.com).
The Controller processes the personal data, in particular in order to submit a response for any inquiry of a data subject, conclude and perform the service provision agreement, provide the services by the Controller in electronic form, correspond by email in any other lawfully justified matters, manage and protect its information system, analyze the Controller’s websites tracking statistics (including any social networks). The services provided electronically through an online inquiry form – any correspondence content as well as information on the contact shall be processed within the necessary period required for fixing of a given user’s matter, including submission of the marketing information on the selected services. The data shall be processed in order to provide the online inquiry form service in electronic form (the Art. 6 section 1 letter b of the GDPR). Within the scope of submission of the commercial (trade) information in electronic form or the direct marketing provided through the telephone terminal equipment, the data shall be processed on the basis of a consent given and expressed by a clear confirming action (the Art. 6 section 1 letter a in connection with the Art. 4 item 11 of the GDPR), which means completion of any appropriate field for entering of an email address or a phone number. The Controller shall process the personal data solely in compliance with the limits of the applicable law. The legal basis of the data processing is a consent for processing or an inquiry sent by email (prior to conclusion of the agreement), performance of the agreement as well as the period of limitations due to performance of the agreement and the legal obligation imposed on the Controller.
Any personal data included in the online inquiry form shall be revealed solely to entities processing the data for the benefit of the Controller on the basis of the personal data processing agreement, entities providing the hosting or maintenance services in relation to the websites, IT and marketing services, as well as any employees and collaborators, however to the necessary extent.
The personal data may be also transferred to any authorized bodies, entities or institutions in any cases justified by the applicable provisions of law.
In order to improve the quality of the services, the Controller shall process the statistical data related to usage of the online inquiry form and for this purpose it shall use the statistical data supplied by cookies file or other similar technologies. Such a data shall be processed pursuant to the Art. 6 section 1 latter f of the GDPR in order to legitimate interests of the Controller which means facilitation of using of the services, improvement of the quality and functionality of the provided services, and such a data processing shall not affect the rights and freedom of the users. Such a data shall be processed as a part of the current operations of the Controller, however not longer than 60 days of receiving of the information. After this time the Controller may process the general statistical data excluding any information on individual users. The user shall have the full right to refuse to record cookies on its computer. Each browser offers the possibility of refusing of cookies. The Controller shall not be reliable for the content of cookies sent by any other websites to which the links are located on rise.pl websites.
The Controller shall analyze access logs with the User IP number information. The information obtained in such a manner shall be used for administrating of the website and primarily for the statistical analysis of the Users.
The Users of Loftmill may have a direct email contact through the correspondence addresses available on the websites. Simultaneously, Loftmill guarantees that the addresses collected in such a manner shall not be used for communication with the Users for purpose other than determined by it.
Loftmill shall not send a mass not-ordered correspondence, in particular with an advertising content. Loftmill hereby supports any and all actions in order to reduce the spread of spam in Internet. Any email data obtained as a result of subscription of the newsletter shall be used solely in order to send any information on any new services, advertisings (promotions), new partners and changes in our company. The email list subscribers have the possibility to cancel the subscription of electronic letters distributed by Loftmill.
The personal data shall be also processed if it is necessary in order to protect the interest of a data subject or other natural person and/or if it is necessary for purposes arising out of the justified by law businesses conducted by the Controller, excluding any situations in which the interests or fundamental rights and freedoms of the data subject override these businesses. The justified by law interest is, inter alia, protection of IT systems of the Controller and analysis of the websites tracking statistics (including any social networks).
The recipients of the transferred data, except the Controller, shall or may be any entities providing the services related to the websites (Internet) analysis, hosting services providers, etc. The data may be also transferred, to the justified and necessary extent, due to the nature of a given contract or service – to any entities providing the following services for the Controller: bookkeeping, IT, archiving (backup), HR, legal, marketing services as well as to any employers and representatives, etc. An access to the data may be also given to a legal successor of the Controller.
It may be necessary to transfer the personal data to any third country in a manner and on the terms as specified by the applicable law. It may be provided if, inter alia, a given service provided electronically is carried out by means of any servers located in any third country, in particular if it is necessary for performance of an agreement binding and connecting parties. However, such a transfer shall be completed only if the State of destination provides within its territory an adequate level of protection for personal data.
As a part of the current activity of the Controller, the provided to it personal data may be also transferred to any servers located within the territory of the United States of America during transferring any files, inter alia, by means of OneDrive, Dropbox, Google Drive, office.com, etc. These services hold any and all required safety certificates.
A person who supplied its personal data shall have the right to access, rectify and erase such a data, to obtain a copy of the data, to limit processing of the data, to require transferring of such a data to any other Controller, to refuse any other processing of the personal data as well as to withdraw the consent for processing of the personal data at any moment. The consent withdrawal shall not affect the compliance with the right of processing which was executed on the grounds of the consent prior to withdrawal of such a consent. In order to execute the mentioned above rights, a data subject shall contact with the Controller and notify it which right and to what extent it intends to execute.
The data subject shall be entitled to lodge a complaint with the Supervisory Body which in Poland is the President of the Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych) with its office in Warsaw. In any case, the data subject may also contact directly with the Inspector for Protection of Personal Data for the Controller.