1.1. User – the natural person whose personal data are processed by the Controller.
1.2. Personal Data – any information about an identified or identifiable individual, in particular identifiable on the basis of an identifier such as a name and surname, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.
1.3. GDPR – means the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons in relation to relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
2. Personal Data Controller
Who manages your Personal Data?
2.1. The Controller of your personal data is Cooling spółka z ograniczoną odpowiedzialnością (formerly: COOLING.PL Zdziech spółka jawna) with its registered office in Sokołów (05-806), ul. 24 Sokołowska Street, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XIV Commercial Department of the National Court Register under the number KRS: 0000970871, with the share capital amounting to 500,000 PLN, holding NIP no.: 5223020887, REGON no.: 3601744970 (hereinafter referred to as the “Controller”). Contact with the Controller is possible via e-mail address: firstname.lastname@example.org and by mail, directing correspondence to the address: Cooling sp. z o.o., 24 Sokołowska St., 05-806 Sokołów.
2.2. The Controller ensures that your Personal Data are:
2.2.1. processed lawfully, fairly and transparently;
2.2.2. collected for specified, explicit and legitimate purposes and not processed further in a way incompatible with those legitimate purposes;
2.2.3. substantively correct and adequate in relation to the purposes for which they are processed;
2.2.4. kept in a form which permits the identification of data subjects for no longer than is necessary to achieve the purpose of the processing;
2.2.5. processed in a manner that ensures adequate security of Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage.
3. Purposes of Personal Data processing and legal basis for processing
For what purposes and on what legal basis does the Controller process your Personal Data?
3.1. The Controller shall provide a possibility to contact them through electronic contact forms on the Controller’s websites. Using the forms requires providing Personal Data necessary to contact the User and respond to the inquiry. The User can also provide other data in order to facilitate the contact or handling of the inquiry. Providing data marked as obligatory is required in order to accept and service the inquiry, and failure to provide these data results in the lack of possibility to service the inquiry. Providing other data is voluntary. The provided Personal Data is processed in order to identify the sender and to handle their inquiry sent through the provided form – the legal basis for the processing is the necessity to process in order to perform the contract for the provision of services – Article 6(1)(b) of GDPR; with regard to data provided optionally, the legal basis for processing is consent – Article 6(1)(a) GDPR.
3.2. In the case that correspondence not related to the services provided to the sender or another agreement concluded with them is directed to the Controller via e-mail or traditional mail, the Personal Data contained in this correspondence is processed solely for the purpose of communication and resolution of the matter to which the correspondence relates. The legal basis for the processing is the legitimate interest of the Controller – Article 6(1)(f) GDPR, consisting of the correspondence addressed to them in connection with their business activities.
3.3. In the case of telephone contact with the Controller in matters not related to a concluded agreement or services provided, the Controller may require provision of Personal Data only if it is necessary for the handling of the matter which the contact concerns. In such a case, the legal basis is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in the need to resolve the matter reported related to his or her business activity.
3.4. The Controller has public profiles on the social media: YouTube, Facebook, Instagram, Messenger, Twitter, TikTok, LinkedIn, Twitch. Because of this, it processes the data that visitors to these profiles leave (including comments, likes, online identifiers). The Personal Data is processed to enable activity on the profiles in order to effectively run the profiles, by presenting users of the media with information about the Controller’s initiatives and other activities, and relating to promotion of various events, services and products, as well as for statistical and analytical purposes. The legal basis for the processing of Personal Data is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting of: promoting its own brand and improving the quality of services provided, if necessary – asserting claims and defense against claims. The above information does not apply to the processing of Personal Data by Administrators of the aforementioned social media.
3.5. In each case when we ask for your consent to process your Personal Data, providing this data is voluntary, but necessary in order to carry out the activity. Your consent may be withdrawn at any time, but this will not affect the lawfulness of the processing we perform before the withdrawal.
4. Recipients of Personal Data
To whom may Controller transfer your Personal Data?
4.1. Your Personal Data may be transferred to other entities cooperating with Controller, including:
4.1.1. to the entity providing website hosting;
4.1.2. to the companies providing IT infrastructure management and support (e.g., providers of information technology, cloud software, and providers of identity management, website hosting and management, data analytics, backup, security, etc.);
4.1.3. personal data protection consulting companies;
4.1.4. YouTube, Facebook, Instagram, Messenger, Twitter, TikTok, LinkedIn, Twitch;
4.1.5. we will also have to pass your Personal Data to other entities, including authorized government bodies, based on the applicable law or decision of a competent authority.
4.2. Your Personal Data may be transferred outside the European Union, but only for the purpose of providing the best possible service and only on the basis of an appropriate agreement between the Controller and that entity, including standard data protection clauses adopted by the European Commission. The Controller may also store Personal Data in a location that is subject to a different jurisdiction than the residence or registered seat of a specific User. The transfer of data to a third country may only take place if the conditions are met that guarantee an adequate level of data protection for natural persons, as guaranteed by the GDPR.
5. Personal Data Storage Period
How long will your Personal Data be stored?
5.1. The period of Personal Data processing by the Controller depends on the type of service provided and the purpose of processing. The period of Personal Data processing may also result from regulations when they constitute the basis for processing. In the case of processing Personal Data on the basis of the Controller’s legitimate interest, they are processed for a period enabling the implementation of this interest or until an effective objection to data processing is raised. If the processing is based on consent, Personal data is processed until it is withdrawn. When the basis for processing is the necessary to conclude and perform the contract, Personal data is processed until its termination.
6. Your rights
What rights do you have in ration to the processing of your Personal Data by the Controller?
6.1. The right to request access to Personal Data held by the Controller: at any time, you have the right to request information from the Controller about whether and which of your Personal Data we hold. The information we will provide you with is, in particular, the purposes of the processing, the scope of the Personal Data held, information about the recipients or categories of recipients to whom the Personal Data has been or will be disclosed, in particular recipients in third countries or international organizations, and, where possible, the intended period of retention of the Personal Data and, where this is not possible, the criteria for determining this period.
6.2. The right to request the Controller to rectify Personal Data: you have the right to request the Controller to promptly rectify your Personal Data that is inaccurate. Taking into account the purposes of the processing, you have the right to request the completion of incomplete Personal Data, including by providing an additional statement.
6.3. The right to request the Controller to delete Personal Data: you have the right to request the Controller to immediately delete your Personal Data if:
6.3.1. your Personal Data is no longer necessary for the purposes for which they were collected or otherwise processed;
6.3.2. your consent to process your Personal Data has been withdrawn and there is no other legal basis for processing;
6.3.3. you have objected to the processing of your Personal Data and there are no overriding legitimate grounds for the processing;
6.3.4. your Personal Data has been processed unlawfully;
6.3.5. your Personal Data must be deleted in order to comply with a legal obligation under the European Union or Member State law which the Controller is subject to.
6.4. The right to request the Controller to restrict processing of Personal Data: you have the right to request the Controller to restrict processing if:
6.4.1. you question the accuracy of the Personal Data – for a period which allows the Controller to verify the accuracy of the Personal Data;
6.4.2. the processing is unlawful and you object to the deletion of the Personal Data, requesting instead that its use is restricted;
6.4.3. the Controller no longer needs your Personal Data for the purposes of the processing, but you need it to establish, assert or defend your claims;
6.4.4. an objection has been made to the processing of Personal Data – until such time as it is determined whether the Controller’s legitimate grounds for objection override your grounds for objection.
6.5. The right to object to the processing of Personal Data: You have the right to object at any time to the processing of your Personal Data. The Controller shall no longer be permitted to process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defense of claims.
6.6. The right to transfer Personal Data: You have the right to receive your Personal Data in a commonly used machine-readable format that has been provided to the Controller, and you are entitled to have this Personal Data sent to another Controller without obstruction by the Controller if the processing is based on consent or on a contract and the processing is carried out by automated means. At the same time, you are entitled to request that your Personal Data be sent by the Controller directly to another Controller, as far as this is technically possible.
6.7. Right to withdraw consent to the processing of Personal Data: you have the right to withdraw your consent to the processing of your Personal Data at any time without affecting the lawfulness of the processing performed on the basis of your consent prior to its withdrawal.
6.8. The right to file a complaint with a supervisory authority: you have the right to file a complaint with a supervisory authority in particular in the Member State of your usual residence, your place of work or the place where the alleged breach occurred, if you believe that the processing of your Personal Data violates the GDPR. In Poland, the supervisory authority is the President of the Personal Data Protection Office.
6.10. The request shall be answered without undue delay, within one month after receipt of the request at the latest, including information on the action taken with regard to the request. If it is necessary to extend this deadline, the Controller shall, at the latest within one month of receipt of the request, inform the data subject about the extension of the deadline for processing the request and provide reasons for the delay, e.g. due to the complexity of the requests or the number of requests to be processed. The deadline may not be extended by more than two months. If the User’s request is not granted, the Controller shall, at the latest within one month after receipt of the request, provide information about the refusal to act on the request, the reasons for not acting, the possibility to file a complaint with a supervisory authority and to pursue remedies before a court of law.
7. Social Media
7.1. The Website uses social media: Facebook, Instagram and YouTube to provide information about the Controller’s activities. When the User clicks on a link to these social media sites posted on the Website (marked with a logo or a name), it enables the content of the website to be linked to the User’s profile on the respective site and to attribute the visit to the website to the User’s profile on the respective site. For more information on this topic:
7.1.1. Facebook – click here;
7.1.2. YouTube – click here;
7.1.3. Instagram – click here.
8.1. When you use our website, cookie files or cookies (small files, in particular – text files) are stored on your terminal device (computer, smartphone, tablet, etc.) containing information necessary for the proper use of the website. Thanks to cookies it is possible to collect statistical data of the website, which enables us to develop the website. The legal basis for the collection of data read from cookies is Article 6(1) a GDPR, i.e. your consent.
8.2. Cookies do not contain information that identifies you personally and cannot be used to identify you. These files are not in any way harmful to your device and do not change its settings or the settings of the software installed on it. Reading the content of these files is possible only through the server that created them.
8.3. When you use the website, we use two types of cookies: session cookies and permanent cookies. Session cookies are temporary files that are stored on your device until you close your browser. Permanent cookies are stored on your device for the time specified in the parameters of these cookies or until they are deleted by you.
9. Personal Data processed during a visit to the website
9.1. Your Personal Data is processed during your visit to the website in order to adapt its content to your preferences and to improve the browsing experience, to evaluate the use of the website and to improve it.
9.2. Depending on the purpose and the legal basis, we process the following Personal Data:
9.2.1. email address;
9.2.2. name and surname;
9.2.3. IP address;
9.2.4. browser type and version;
9.2.5. operating system;
9.2.6. date and duration of your visit;
9.2.8. the type of device used to access the URL;
9.2.9. browser settings.
9.3. The Controller uses Google Analytics and HotJar tools. Personal Data may also be used in advertising tools such as Google Ads, Facebook Ads (Facebook, Instagram, Messenger, Facebook partner networks) and to popularize the website on: YouTube, Facebook, Instagram, Messenger, Twitter, TikTok, LinkedIn, and Twitch.
9.4. The legal basis for the processing in the aforementioned scope is Article 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Controller or by a third party.
10. Cookies used
10.1. We use the following cookies:
10.1.2. statistical files – they make it possible for us to collect statistical information on how the website is used;
10.1.3. functional files – they allow remembering your settings and preferences.
11. No consent to save cookies