Privacy and Cookies Policy

Personal Data Administrator Details: The administrator of your personal data is Cansped Sp. z o.o., located at Inżynierska 5, 20-484 Lublin. The company is registered in the National Court Register maintained by the LUBLIN-EAST DISTRICT COURT IN LUBLIN, BASED IN ŚWIDNIK, 6th COMMERCIAL DIVISION OF THE NATIONAL COURT REGISTER under the number KRS 0000299146, REGON 060332014, NIP PL9462544845. Contact with the Administrator regarding personal data protection is possible at the email address: cansped.lublin@gmail.com.

Personal data collected by the Administrator are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR.

Purposes and Bases for Processing Personal Data: The Administrator processes your personal data for various purposes and on various bases:

  1. To respond to inquiries about an offer, the Administrator processes such personal data as: email address and telephone number. The legal basis for processing data is Article 6(1)(b) of the GDPR, which allows the processing of personal data if they are necessary for the performance of a contract or for the initiation of actions aimed at concluding a contract. However, if you voluntarily provide other personal data in the content of the inquiry about the offer, for example: name and surname or residential address, the legal basis for processing these data is Article 6(1)(a) of the GDPR, which allows the processing of personal data of a person who has consented to the processing of their personal data.
  2. For analytical purposes, i.e., studying and analyzing activity on the website belonging to the Administrator at https://cansped.pl/, as well as administering this site, the Administrator processes such personal data as: date and time of the website visit, type of operating system, approximate location, type of internet browser used for browsing the site, time spent on the site, visited subpages, type and model of the device from which the site was visited – these data are automatically saved in so-called server logs, each time the Administrator’s site is used. The legal basis for data processing is Article 6(1)(f) of the GDPR, which allows the processing of personal data if in this way the personal data administrator realizes his legally justified interest, i.e., knowing the activity of customers on the website and administering this site.

Requirement to Provide Personal Data:

The provision of any personal data is voluntary and depends on your decision.

Right to Withdraw Consent:

If the processing of personal data is based on consent, you can withdraw this consent at any time.

If you would like to withdraw your consent to the processing of personal data, all you need to do is send an email directly to: cansped.lublin@gmail.com.

If your personal data was processed on the basis of consent, its withdrawal does not mean that the processing of personal data up to this point was illegal. Until the withdrawal of consent, the Administrator has the right to process your personal data and its revocation does not affect the legality of the processing carried out up to that point.

Automated Decision-Making and Profiling:

The Administrator does not make automated decisions, including based on profiling.

Recipients of Personal Data:

Your personal data may be transferred to entities processing data on behalf of the Administrator, e.g., companies providing IT services. Additionally, the appropriate legal regulation or decision of the competent authority may require your personal data to be transferred to other entities, but each such case of disclosing personal data is subjected to careful analysis by the Administrator.

Transfer of Personal Data to Third Countries:

The Administrator may transfer personal data to third countries, i.e., countries outside the European Economic Area. Your data may be transferred only to third countries or entities which have been recognized by the European Commission as providing an adequate level of data protection.

In the absence of a decision by the European Commission confirming an adequate level of protection referred to in Article 45(3) of the GDPR, your personal data may be transferred to a third country only on the basis of: binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the Polish supervisory authority and approved by the Commission, an approved code of conduct or an approved certification mechanism (Article 46 GDPR).

Period of Processing Personal Data:

The Administrator stores your personal data as long as it is necessary to achieve the purposes for which they were collected and as long as there is a legal basis for storing data. Personal data are processed for the period:

  • of the duration of the contract or until the expiry of claims under the contract or until the expiry of the obligation to store documents determined by legal provisions – in relation to personal data processed for the purpose of concluding and performing the contract;
  • until the withdrawal of consent or achievement of the processing purpose – in relation to personal data processed on the basis of consent;
  • until the effective opposition or achievement of the processing purpose – in relation to personal data processed on the basis of the legitimate interest of the administrator;
  • until they become outdated or lose their usefulness – in relation to personal data processed mainly for analytical purposes and administering the website.

Rights of Data Subjects: You have the right to:

  1. Access your personal data, meaning you have the right to obtain from the Administrator confirmation that they process your personal data. Moreover, you have the right to access these personal data, to obtain copies of them, as well as to obtain information about: the purposes of data processing, categories of processed data, recipients (or categories of recipients) of data, the planned period of data storage, and also about all rights that you are entitled to in connection with the processing of personal data by the Administrator.
  1. Correction of personal data, which means that you have the right to demand from the Administrator the immediate correction of your personal data that is incorrect, as well as the right to request the completion of incomplete personal data (including by providing an additional statement).
  2. Deletion of personal data (“the right to be forgotten”), this right applies to you if one of the following circumstances applies:
    • personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
    • you have withdrawn your consent on which the processing is based, and there is no other legal basis for data processing,
    • you have objected to the processing and there are no overriding legally justified bases for processing,
    • personal data were processed unlawfully,
    • personal data must be deleted in order to comply with a legal obligation provided for, to which the Administrator is subject. The Administrator may refuse to delete your personal data to the extent that processing is necessary:
    • for the exercise of the right to freedom of expression and information,
    • for compliance with a legal obligation to which the Administrator is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the administrator,
    • for reasons of public interest in the field of public health,
    • for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes,
    • for the establishment, pursuit or defense of claims.
  1. Restriction of personal data processing, which involves the possibility of requesting from the Administrator to restrict the processing in the following cases:
    • if you question the correctness of personal data – for a period allowing the Administrator to check the correctness of these data,
    • if the processing is contrary to the law, and you opposed the deletion of personal data, requesting instead to limit their use,
    • in a situation where the Administrator no longer needs personal data for processing purposes, but they are needed by you for the establishment, pursuit or defense of claims,
    • if you have objected to the processing of data – until it is determined whether legally justified bases on the Administrator’s side are superior to the bases of this objection.
  2. Objection to the processing of personal data – the right to object to the processing of personal data applies when the basis for the processing of these data is a legally justified interest of the administrator (Art. 6 (1) (f) of the GDPR). Therefore, at any time you have the right to object to the processing of personal data based on the legitimate interest of the Administrator in connection with your particular situation. However, in accordance with the regulations, the Administrator may refuse to consider the objection if he demonstrates that: there are legally justified bases for processing that are superior to your interests, rights, and freedoms or there are bases for the establishment, pursuit, or defense of claims.
  3. Transfer of personal data, which means that you have the right to receive your personal data in a structured, commonly used, machine-readable format, provided that the data is processed on the basis of consent or on the basis of a contract and at the same time the data processing is done in an automated way.

The listed rights are not absolute, and therefore in some situations, it may be possible to refuse their fulfillment (after analysis and exclusively in a situation where the refusal to consider the request is necessary). To exercise the rights referred to in the Privacy Policy, you can contact the Administrator by sending a message to the email address: cansped.lublin@gmail.com.

Right to lodge a complaint:
If you believe that personal data is processed in violation of applicable law, you can file a complaint with the President of the Personal Data Protection Office, Stawki 2, 00-193 Warsaw, Poland.

Information about Cookies:
The Administrator uses so-called cookies on its websites, i.e., short text information saved on a computer, phone, tablet, or other user device. They can be read by the Administrator’s system, as well as by the systems of other entities whose services the Administrator uses (e.g., Google). Cookies serve many functions on the website, such as:

  • providing security – cookies are used to authenticate users and prevent unauthorized use of the client panel. They serve to protect the user’s personal data from access by unauthorized persons;
  • affecting the processes and efficiency of using the website – cookies are used to ensure that the website works efficiently and that you can use the features available on it, which is possible, among other things, by remembering settings between subsequent visits to the site. They allow you to navigate the website and individual subpages smoothly;
  • session state – cookies often store information about how visitors use the website, e.g., which subpages they most often display. They also allow for the identification of errors displayed on some subpages. Cookies used to save the so-called session state help improve services and enhance browsing comfort;
  • creating statistics – cookies are used to analyze how users use the website (how many open the website, how long they stay on it, which content arouses the most interest, etc.). This allows the continuous improvement of the website and adapting its operation to user preferences. To track activity and create statistics, the Administrator uses Google tools, such as Google Analytics; in addition to reporting site usage statistics, the Google Analytics pixel can also be used, together with some of the cookies described above, to help display more relevant content to the user in Google services (e.g., in the Google search engine) and across the network. Internet browsers by default allow the use of cookies, however, each user can change the browser settings on their own device.

Final provisions:
In the scope not regulated by this Privacy Policy, the provisions regarding personal data protection apply.