I. Data controller
The administrator of personal data processed for marketing purposes and newsletter subscribers is Heracles Piotr Opaliński, ul. Orańska 35 lok. U-4, 81-533 Gdynia, Poland, NIP: PL5862059175, REGON: 221056943.
Subscribers can contact the administrator:
1. by mail at the following address: Heracles Piotr Opaliński, ul. Orańska 35 lok. U-4, 81-533 Gdynia, Poland
2. at the e-mail address: firstname.lastname@example.org
II. Purposes, legal bases and time of data processing
1. The administrator processes the e-mail addresses of newsletter subscribers in order to perform the ordered newsletter service, provided electronically on the basis of the regulations available at https://wellgun.shop/polityka-prywatnosci/. The administrator processes the data:
the e-mail address provided;
the date of subscription;
information about sending newsletters.
3. These data are processed in accordance with Art. 6 sec. 1 lit. b GDPR in order to provide the newsletter service.
1. In order to deal with complaints, the service provider processes the personal data of subscribers submitting complaints, in particular e-mail address, name, content of the complaint, circumstances of the event giving rise to the complaint, information obtained in the course of considering the complaint, including explaining the event giving rise to it. In the course of considering the complaint, the service provider may process a number of other information, including the user’s name and surname, information about the subscriber’s use of the newsletter service, cookies or other similar technologies, information about devices.
2. These data are processed in accordance with Art. 6 sec. 1 lit. b GDPR in order to provide the newsletter service, i.e. contract for the provision of electronic services, in accordance with the regulations, and are processed for the time necessary to consider the complaint and not longer than for a year after the complaint procedure is completed for archiving purposes in accordance with the Accounting Act in the event of the need to defend against any claims against the service provider in accordance with the information provided below.
Explanatory proceedings, pursuing claims
1. In the event of undertaking an investigation regarding a possible breach of the provisions of the regulations or legal provisions, principles of social coexistence or good manners, the administrator may process the personal data of certain subscribers until the end of the pending proceedings and until the expiry of the statute of limitations for the administrator’s claims against the subscriber, which is usually 3 years, but in special cases provided for by law may be longer.
2. The data will then be processed, including made available in accordance with art. 6 sec. 1 lit. f GDPR, i.e. in the legitimate interest of the administrator consisting in pursuing his claims against the user. The legitimate interest of the controller will then override the rights and freedoms of the subscriber. III. Recipients of subscriber data The administrator discloses the personal data of subscribers only to processors under the concluded contracts for entrusting the processing of personal data for the purpose of providing services to the administrator, e.g. hosting and operating the Website, IT services, marketing and PR services, legal or advisory services.
III. Sending personal data to third countries
Personal data will not be processed in third countries.
IV. Rights of persons whose personal data concern
1. Every data subject has the right to:
access – obtaining confirmation from the administrator whether or not personal data is being processed. If data about a person is processed, he is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data has been or will be disclosed, about the period of data storage or the criteria for determining them, on the right to request rectification, deletion or limitation of the processing of personal data due to the data subject, and to object to such processing (Article 15 of the GDPR);
to receive a copy of the data – to obtain a copy of the data subject to processing, the first copy being free of charge, and the administrator may charge a reasonable fee for subsequent copies, resulting from administrative costs (Article 15 (3) of the GDPR);
for rectification – requesting rectification of incorrect personal data concerning her or supplementing incomplete data (Article 16 of the GDPR);
to delete data – request to delete their personal data, if the administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR);
to limit processing – requests to limit the processing of personal data (Article 18 of the GDPR), when:
a) the data subject questions the accuracy of the personal data – for a period enabling the controller to check the accuracy of the data,
b) the processing is unlawful and the data subject opposes their removal, requesting the restriction of their use,
c) the controller no longer needs these data, but they are needed by the data subject to establish, assert or defend claims,
d) the data subject has objected to the processing – pending verification whether the legitimate grounds of the controller override those of the data subject;
to transfer data – to receive in a structured, commonly used machine-readable format personal data concerning him, which he provided to the administrator, and request to send these data to another administrator, if the data is processed on the basis of the consent of the data subject or a contract with it and if the data is processed in an automated manner (Article 20 of the GDPR);
to object – to object to the processing of her personal data for the legitimate purposes of the administrator, for reasons related to her particular situation, including profiling. Then the controller assesses the existence of valid, legitimate grounds for processing that override the interests, rights and freedoms of data subjects, or the grounds for establishing, investigating or defending claims. If, according to the assessment, the interests of the data subject override those of the controller, the controller will be obliged to stop processing the data for these purposes (Article 21 of the GDPR).
2. In order to exercise the above-mentioned rights, the data subject should contact the administrator using the provided contact details and inform him which right and to what extent he wants to exercise.
V. President of the Personal Data Protection Office
The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its seat in Warsaw, which can be contacted in the following way:
by post: ul. Stawki 2, 00-193 Warsaw;
via an electronic inbox available at: https://www.uodo.gov.pl/pl/p/kontakt;
by phone: (22) 531 03 00.
VII. Legal acts
1. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (Journal Official Journal of the European Union L 2016 No. 119, p. 1);
2. Art. 74 sec. 2 point 6 of the Accounting Act of September 29, 1994 (i.e. Journal of Laws of 2018, item 395 as amended).