PRIVACY POLICY
- Definitions
- Administrator –The Primavega Vegetable-Producers Group Sp. z o.o. with its registered office at Wróblewo Osiedle 14, 09-152 Naruszewo.
- Personal Data – data which are or can be assigned to a person in any kind of way, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity, including device’s IP, location data and data collected using cookies or similar technology.
- Policy – this Privacy Policy.
- GDPR – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 in regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 /EC (Official Journal of the European Union L. 2016.119.1), General Data Protection Regulation.
- Website and/or Service – website ran by the administrator at https://primavega.com/
- User – every individual user accessing or using the Service as described in the Policy.
- Personal Data processing in relation to Service use
- Due to the use of the Service by the User the Administrator collects data to provide and maintain our Service, including to monitor the usage of our Service and User’s activity on the Website. Details of the rules and purposes of collecting and processing Personal Data while using the Service have been described below.
- Purposes and legal basis for processing data on the Website
SERVICE USE
- Personal Data of every Service user (including IP address or other data collected using cookies of similar technology) is processed by the Administrator for the following purposes:
- in order to electronically provide services in the scope of making the Website’s contents available to Users – the legal basis for data processing is the necessity of processing to perform the contract (art. 6 para. 1 letter b GDPR);
- analytical and statistical – based on the right for execution of the legitimate interests of the Administrator of Personal Data (art. 6 para. 1 letter f GDPR), in order to assess User’s satisfaction and determine the quality of the Administrator’s service;
- to establish, investigate or defend against claims in connection with conducting dispute proceedings – based on the right for execution of the legitimate interests of the Administrator of Personal Data (art. 6 para. 1 letter f GDPR);
- marketing purposes of the Administrator and other entities, in particular related to displaying behavioural advertising – the rules concerning the processing of Personal Data for marketing purposes are described in the MARKETING section below.
- User’s activity on the Website, including Personal Data, are recorded in system logs (special computer software used to collect and store chronological records containing information about events and activities concerning the IT system that is used to provide services by the Administrator). The information collected in the logs is processed primarily for the purposes related to the provision of services. The Administrator also processes the logs for technical and administrative purposes, to ensure the security and management of the IT system, as well as for analytical and statistical purposes – based on the right for execution of the legitimate interests of the Administrator of Personal Data (art. 6 para. 1 letter f GDPR).
NEWSLETTER
- The Administrator provides the newsletter service in compliance with the regulations to persons who have provided their e-mail address for this purpose. Providing data is required in order to provide the newsletter service, and failure to provide them or sending a request to delete data results in the inability to send it. This form of communication with the User may include profiling.
- Personal Data is processed:
- in order to provide the newsletter service – the legal basis for processing is the necessity of processing to perform the contract (art. 6 para. 1 letter b GDPR);
- when marketing content is sent to the User as part of the newsletter – the legal basis for processing, including using profiling, is the Administrator’s legitimate interest (art. 6 para. 1 letter f GDPR) in connection with the consent given to receive the newsletter;
- for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (art. 6 para. 1 letter b GDPR), consisting in conducting analyses of Users’ activity on the Website in order to improve the functionalities used;
- in order to possibly establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Administrator (art. 6 para. 1 letter b GDPR), consisting in the protection of his rights.
E-MAIL AND TRADITIONAL CORRESPONDENCE
- When personal data contained in such correspondence is addressed to the Administrator via e-mail or traditional correspondence unrelated to the services provided to the person or any other contract concluded with the person, the personal data contained in such correspondence is processed for the sole purpose of communication and resolution of the matter to which the correspondence relates.
- Personal Data is processed for the following purposes:
- communication and resolving the matter to which the correspondence relates – the legal basis for processing data is the legitimate interest of the Administrator (art. 6 para. 1 letter f GDPR) in carrying out correspondence addressed to it in connection with its business activities;
- determining or pursuing possible claims or defending against such claims by the Administrator – the legal basis for processing data is the legitimate interest of the Administrator (art. 6 para. 1 letter b GDPR), consisting in the protection of his rights.
- Marketing
- The Administrator processes Users’ Personal Data in order to carry out marketing activities, which may consist of:
- displaying marketing content to the User that corresponds to his interests (behavioural advertising).
- In order to carry out marketing activities, in some cases the Administrator may use profiling. This means that thanks to automatic data processing the Administrator assesses certain preferences in regard to Users for the analysis of their preferences or creating predictions for the future. This allows for a better adjustment of the displayed content to the individual preferences and interests of the User.
- The Administrator and his trusted partners process User’s Personal Data, including Data gathered by cookies or similar technology for marketing purposes related to displaying behavioural advertisement to the User (content that corresponds to the User’s interests). In such case Personal Data processing includes profiling.
- The Administrator processes Users’ Personal Data in order to carry out marketing activities, which may consist of:
- Social networks
- The Administrator processes the personal data of Users visiting the Administrator’s profile maintained on social networking sites (Facebook, YouTube, Instagram). These data are processed only in connection with the maintenance of the profile, including the purpose of informing Users about the Administrator’s activity and promoting various events, products and services. The legal basis for data processing is the legitimate interest of the Administrator (art. 6 para. 1 letter f GDPR), consisting in promoting its own brand.
- Cookies and similar technology
- The administrator uses service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services use cookies, storing information or accessing information already stored in the User’s telecommunications end device (computer, telephone, tablet, etc.). The use of cookies on the Website is not intended to identify Users. The Policy regulates data processing related to the use of own cookies.
- Cookies are small text files installed on the device of the User browsing the Website. Cookies collect data which facilitate the use of the Website – e.g. by remembering the User’s Website visits and performed activities.
NECESSARY COOKIES
- The Administrator uses necessary cookies in order to provide services to Users and maintain the Website’s functionality. Necessary cookies can only be installed by the Administrator via the Website.
- The legal basis for data processing in connection with the use of necessary cookies is the necessity of processing to perform the contract (art. 6 para. 1 letter b GDPR).
FUNCTIONAL AND ANALYTICAL COOKIES
- Functional cookies are used to remember and adapt the Website to User’s preferences, e.g. language preferences. Functional cookies may be installed by the Administrator and its partners via the Website.
- Analytical cookies make it possible to obtain information such as the number of visits and traffic sources on the Website. They are used to determine which pages are more and which are less popular, and to understand how Users navigate the site by keeping traffic statistics on the Website. Data is processed in order to improve Website’s performance. Data collected by these cookies are aggregated, therefore they are not intended to identify You. Analytical cookies may be installed by the Administrator and its partners via the Website.
- The legal basis for data processing Data in relations to using functional and analytical cookies by the Administrator is the agreement (art. 6 para. 1 letter a GDPR).
- Personal Data processing in relations to using functional and analytical cookies is subject to receiving User’s (separate) permission to use them via the cookie consent management platform. This consent may be withdrawn at any time via this platform.
MARKETING COOKIES
- Marketing cookies allow to match the displayed advertising content to User’s interests within the Website and outside of it. Information collected by cookies and User’s activity on other websites is used to build an interest profile. Marketing cookies may be installed by the Administrator and its partners via the Website.
- The legal basis for data processing Data in relations to using marketing cookies by the Administrator is the agreement (art. 6 para. 1 letter a GDPR).
- Personal Data processing in relations to using marketing cookies is subject to receiving User’s (separate) permission to use them via the cookie consent management platform. This consent may be withdrawn at any time via this platform.
- Analytical and marketing tools used by the Administrator’s partners
- The Administrator and its partners use various solutions and tools applied for analytical and marketing purposes. Basic information about these tools is provided below. Detailed information in this respect may however be found in the privacy policy of the relevant partner.
GOOGLE ANALYTICS
- Google Analytics cookies are files used by Google in order to analyse how Users use the Service to compile statistics and reports concerning the Service’s functioning. Google does not use the data collected to identify the User and does not combine this information in order to allow identification. Detailed information concerning the scope and principles of data collection in connection with this service may be found at: https://www.google.com/intl/pl/policies/privacy/partners.
FACEBOOK PIXEL
- Facebook pixel is a tool that allows the measuring the effectiveness of advertising campaigns carried out through Facebook. This tool allows advanced data analysis in order to optimise the Administrator’s activity, also with the use of other tools offered by Facebook. Detailed information about data processing by Facebook may be found at: https://pl-pl.facebook.com/help/443357099140264?helpref=about_content.
GOOGLE ADS
- Google ADS is a tool that allows the measuring of efectiveness of the Administrator’s advertising campaigns, including data such as e.g. keywords or unique users. Google ADS also allows displaying our ads to those who previously visited the Website. Detailed information about data processing by Google in connection with this service may be found at: https://policies.google.com/technologies/ads?hl=pl .
WTYCZKI SPOŁECZNOŚCIOWE
- The Service uses social media plugins (Facebook, LinkedIn, Instagram, YouTube). Plugins allow the User to share content published in the Service via the selected social networking services. The use of plugins in the Service causes the given social networking service to receive information about the Service’s use by the User and to be able to link it to the User’s profile maintained in that social networking service. The Administrator has no knowledge about the scope and purpose of data collection performed by social networking services. Detailed information on this subject may be found at:
Facebook: https://www.facebook.com/policy.php \
Google: https://privacy.google.com/take-control.html?categories_activeEl=sign-in
LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL
Twitter: https://twitter.com/en/privacy
- HotJar is a tool that allows the analysis of User’s Service activity, e.g. via surveys or satisfaction research and anonymous data gathering about clicking on certain Service elements. The tool does not allow User identification. Detailed information on this subject and the deactivation of User’s monitoring may be found at: https://www.hotjar.com/privacy
- Managing cookie settings
- The use of cookies for the purposes of collecting data via them, including to obtain access to data stored on the User’s device, requires the User’s consent. In the Service the Administrator receives User’s consent via the cookie management platform. The consent may be withdrawn at any time in accordance with the rules described below in 10.4.
- Consent is not required only in the case of those cookies whose use is necessary for the provision of telecommunication services (data transmission in order to show content). The Users have no possibility of rejecting those cookies if they want to access the Website.
- In order to receive marketing tailored to the User’s preferences, in addition to consenting to the installation of cookies via the cookie consent management platform it is necessary to maintain appropriate browser settings that allow storing cookies from the Service on the User’s end device.
- Withdrawal of consent to the collection of cookies on the Website is possible via the cookie consent management platform. The User can return to the banner by clicking the “Manage cookies” button available in the footer of each page of the Website.
- After displaying the banner, the User may withdraw consent by clicking „COOKIE SETTINGS”, then moving the slider under each cookie category and clicking „SAVE SETTINGS”.
- Revoking consent to cookie use is possible through browser settings. Detailed information on this subject may be found at:
- Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
- Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
- Opera: http://help.opera.com/Windows/12.10/pl/cookie.html/
- Safari: https://support.apple.com/kb/PH5042?locale=en-GB.
- The User may verify the status of their current privacy settings at any time in the browser used with the tools available at:
- In order to use the right to access personal data and demand them to be rectified, deleted, limited, transferred or object to their processing, and also the right to lodge a complaint or ask any questions regarding cookies, please contact us via e-mail sekretariat@primavega.com or by post using the address given above in this Privacy Policy.
- Personal Data processing period
- The period of data processing by the Administrator depends on the type of service provided and the purpose of the processing. In principle, data are processed for the period of provision of a service or performance of an order, until the evocation of granted consent or until an effective objection to processing of data in cases where the legal basis for the processing is the Admnistrator’s legitimate interest.
- The data processing period may be extended where processing is necessary for purposes of establishing or pursuing claims or defending against claims, and after such time only in the event and scope required by legal provisions. After the end of the data processing period data are irretrievably deleted or anonymised.
- USER RIGHTS
- Users have the rights to:
- access the information about personal data processing – on this basis, the Administrator shall provide the individual making the request the information about the data processing, including in particular the purposes and legal grounds for the processing, the scope of the data held, the entities to which the data are disclosed and the planned time of data erasure;
- obtain a copy of the data – on this basis, the Administrator shall provide a copy of the data processed concerning the individual making the request;
- rectification – the Administrator is obliged to rectify any inconsistencies or errors in the Personal Data processed and to complete it if it is incomplete;
- erase the data – on this basis, User may request the erasure of data the processing of which is no longer necessary for any of the purposes for which it was collected;
- restrict data processing– in the event of such a request, the Administrator ceases to carry out operations on the Personal Data – with the exception of those operations to which the data subject has given their consent and the storage of the data, in accordance with the retention rules adopted – or until the reasons for the restriction of the processing cease to exist (e.g. a decision is issued by a supervisory authority authorising further processing);
- data transfer – on this basis, to the extent that the data are processed by automated means in connection with a contract concluded or consent given, the Administrator issues the data provided by the User in a computer-readable format. It is also possible to request that this data be sent to another entity, provided that the technical capacity exists for this on the part of both the Administrator and the designated entity;
- object to the processing of data for marketing purposes – if need be, the User may object at any time to the processing of Personal Data for marketing purposes, without having to justify such an objection;
- object to the processing of data for other purposes – The User may object at any time – for reasons related to their particular situation – to the processing of Personal Data carried out on the basis of a legitimate interest of the Administrator (e.g. for property protection reasons); the objection in this respect should contain a justification;
- withdraw consent – if the data are processed on the basis of the given consent, the User has the right to withdraw it at any time, which does not affect the lawfulness of the processing carried out before the withdrawal;
- lodge a complaint – in the event that the processing of Personal Data is considered to be in breach of the provisions of the GDPR or other provisions relating to the protection of Personal Data, the data subject may lodge a complaint with the supervisory authority for the processing of Personal Data having jurisdiction over the User’s habitual place of residence, place of work or place where the alleged breach has been committed. In Poland, the supervisory authority is the President of Personal Data Protection Office.
- Users have the rights to:
- MAKING REQUESTS RELATED TO EXERCISING USER’S RIGHTS
- A request for the exercise of User’s rights can be made:
- in writing to the Administrator’s postal address;
- by e-mail: sekretariat@primavega.com.
- The request should, if possible, precisely state what it concerns, particularly:
- which right is to be exercised by the author of the request (e.g. the right to obtain a copy of the data, erase the data etc.);
- which processing the request refers to (e.g. use of a particular service, activity on a particular website, etc.)
- which processing purposes the request refers to (e.g. providing services purposes).
- If the Administrator is unable to identify the person on the basis of the request, it shall request additional information from the person making the request. The provision of such data is not mandatory, but failure to provide it shall result in the request’s rejection.
- The request can be made in person or through a proxy (e.g. family member). For reasons connected with data security, the Administrator encourages the use of a power of attorney in a form certified by a civil-law notary or an authorised legal counsel or attorney, which will speed up the verification process of the authenticity of the request.
- A response to the request should be provided within one month of receiving it. If the extension of the deadline is necessary, the Administrator shall inform the requesting person of the reasons.
- If the request has been addressed to the Administrator electronically, the response is provided in the same form unless the requesting person demanded the response in another form. Otherwise, the response is provided in writing. Where the timing of the request makes it impossible to provide the response in writing and the extent of the requesting person’s data processed by the Administrator enables electronic contact, the response is provided electronically.
- A request for the exercise of User’s rights can be made:
- Data recipients
- In connection with providing the services, Personal Data will be made available to third party entities, including in particular providers responsible for administration of IT systems, entities such marketing agencies (for marketing purposes) and entities related to the Administrator, including companies from its corporate group.
- In the case of obtaining the User’s consent his data may also be made available to other entities for their own purposes, including marketing purposes.
- The Administrator reserves the right to reveal selected information concerning the User to the proper authorities or third parties that demand the information in question to be made available pursuant to the relevant legal basis and in accordance with the regulations in force.
- Transfer of data outside the EEA
- The level of Personal data protection outside the European Economic Area (EEA) differs from the level guaranteed by European law. For this reason, the Administator transmits Personal data outside the EEA only when necessary, and only when the required level of protection is ensured, primarily through:
- cooperation with entities processing Personal Data in countries with respect to which a relevant decision of the European Commission has been issued establishing a sufficient level of Personal Data protection;
- using standard contractual clauses issued by the European Commission together with the required additional security measures; they provide Personal Data with the same protection as it is entitled to in the EU;
- using binding corporate regulations approved by the relevant supervisory body.
- The Administrator always informs of its intentions to transfer Personal data outside the EEA when they are collected.
- The level of Personal data protection outside the European Economic Area (EEA) differs from the level guaranteed by European law. For this reason, the Administator transmits Personal data outside the EEA only when necessary, and only when the required level of protection is ensured, primarily through:
- Personal Data security
- The Administrator performs risk analysis on an ongoing basis in order to ensure that Personal data are processed in a secure fashion, which in the first place ensures that only authorised persons have access to data and only in the scope that this is necessary for the performance of their tasks. The Administrator ensures that all operations using Personal data are registered and performed only by authorised employees and partners.
- The Administrator undertakes all necessary measures to ensure that its subcontractors and other collaborating entities guarantee the use of the necessary security measures in all cases where they process Personal data as mandated by the Administrator.
- Contact data
- Contact with the Administrator is available via e-mail sekretariat@primavega.com or postal address Wróblewo Osiedle 14, 09-152 Naruszewo.
- Changes to the Privacy Policy
- The policy is verified and updates on an ongoing basis whenever necessary.
- The current version of the Privacy Policy was adopted on and is in force from 19.10.2022.