Privacy policy
PERSONAL DATA PROTECTION POLICY
CLICO Spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered office in Cracow, adress: Oleandry 2 Street, 30-063 Cracow, registered in the District Court for Kraków-Śródmieście in Cracow, XI Commercial Divison of the National Court Register under KRS number: 0000107000, tax identification number (NIP): 6770009678, share capital: 51.000,00 PLN.
1.The controller of personal data (hereinafter: „Controller”) is CLICO Spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered office in Cracow, adress: Oleandry 2 Street, 30-063 Cracow, registered in the District Court for Kraków-Śródmieście in Cracow, XI Commercial Divison of the National Court Register under KRS number: 0000107000, tax identification number (NIP): 6770009678, share capital: 51.000,00 PLN.
2.Personal data are processed in accordance with Polish Personal Data Protection Act of 10 May 2018 as well as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”).
3. The Controller collects and processes personal data that are necessary for the provision of services, registration at the Clico Partner Portal, as well as for marketing, statistical and reporting purposes.
4. The Controller collects the following personal data: name, surname, telephone number, e-mail address.
5. The Controller collects and processes personal data that are necessary for the provision of services, as well as for marketing, reporting and statistical purposes. In particular, the Controller collects personal data for the purpose of:
1. preparation and presentation of an offer,
2. registration at the Clico Partner Portal,
3. direct marketing of the Controller’s as well as third parties products and services,
4. making statistics and analysis,
5. exercising the rights or fulfillment of the obligations resulting from the applicable law, in particular invoicing,
6. performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract,
7. legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
6. The Controller collects personal data of clients during:
a). the registration process through its website,
b). the registration process by phone or email,
c). the registration process in writing, before the commence of the training/conference or other event organized by the Controller or during such event.
7. The Controller shall implement appropriate technical and organisational measures, in accordance with the applicable legal provisions, in order to ensure maximum protection of personal data of clients.
Personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including for preventing unauthorised access to or use of personal data and the equipment used for the processing. The Controller grants appropriate authorisations to persons having access to personal data. In order to maintain security and to prevent processing in infringement of legal provisions, the Controller should evaluate the risks inherent in the processing and implement measures to mitigate those risks. Those measures should ensure an appropriate level of security, including confidentiality, taking into account the state of the art. In assessing data security risk, the Controller gives consideration to the risks that are presented by personal data processing, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed which may in particular lead to physical, material or non-material damage.
8. Clients have the right to request from the Controller access to, rectification, erasure of personal data, restriction of processing concerning the data subject or to object to processing as well as the right to data portability, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. For this purpose, the request shall be sent to the e-mail address: ado@clico.pl or submitted by phone to the number +48123783700 x.1121 or by post to the following address: Oleandry 2, postcode: 30-063 Cracow (Kraków). The Controller responds to the requests of data subjects without undue delay, and in any event within one month of receipt of the request, and if the Controller does not take action on the request of the data subject, the Controller shall provide a reason for refusal within that period. The response shall be provided in the form in which the person has provided his/her request.
9. The Controller is responsible for ensuring that clients are informed about the processing of their personal data in accordance with the principle of transparency. The Controller shall ensure that any information and communication relating to the processing of those personal data be easily accessible and easy to understand, and that clear and plain language be used. In particular, the Controller informs the data subjects about the identity of the Controller and the purposes of processing. The Controller indicates all information necessary to ensure fair and transparent processing, taking into account the specific circumstances and context in which the personal data are processed. This information may be provided in electronic form, for example via a website. The Controller informs the data subjects whether they are obliged to provide their personal data and about the consequences of not providing it. The information in relation to the processing of personal data relating to the data subject should be given to him or her at the time of collection from the data subject.
10. The Controller ensures that the personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, and their storage period shall be limited to the strict minimum.
11. In order to prevent the storage of personal data for a longer period than is necessary, the Controller shall conduct the periodic review once a year. As a result of periodic review and ongoing management of personal data, the Controller takes actions to rectify or erase personal data that is incorrect or that is processed without legitimate grounds.
12. Processing of personal data is based on the consent of the data subject concerned or other legitimate basis, laid down by law, including the necessity for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The consent shall be freely given, specific and precise indication.
13. If the processing is necessary for compliance with a legal obligation to which the Controller is subject, or is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, the basis for the processing shall be laid down by European Union law or the law of the Republic of Poland.
14. The Controller shall maintain and update a Record of Processing Activities. In the Record of Processing Activities the Controller indicates what personal data, from which entity, for what purpose, for how long, in what location, by what means of protection are processed. Moreover, in the Record of Processing Activities, the Controller indicates who has access to personal data and on what basis they are being transferred data to third parties.
15. The Controller indicates which legitimate interests pursued by the Company justify sending personal data within a group of undertakings for internal administrative purposes. This also applies to the processing of personal data of clients or employees.
16. In the case of processing for archiving or statistical purposes and further processing of personal data, the Controller determines whether the processing complies with the law and the original processing purposes. In this case, the Controller should take into account, inter alia: any link between those purposes and the purposes of the intended further processing; the context in which the personal data have been collected, in particular the reasonable expectations of data subjects based on their relationship with the Controller as to their further use; the nature of the personal data; the consequences of the intended further processing for data subjects; and the existence of appropriate safeguards in both the original and intended further processing operations.
17. Where personal data can be legitimately disclosed to another recipient, the data subject should be informed when the personal data are first disclosed to the recipient. Where the Controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the Controller shall provide the data subject prior to that further processing with information on that other purpose and other necessary information.
18. In any event, transfers of personal data to third countries may only be carried out in full compliance with GDPR. The Controller shall ensure that the terms of contracts with third countries contain standard personal data protection clauses adopted in the European Union.
19. The Controller shall cooperate with the competent supervisory authorities in relation to all actions aimed at ensuring compliance with the law on the protection of personal data. The Controller is obliged to cooperate with the supervisory authority and, at its request, provide it with the Record of Processing Activities to enable monitoring the processing operations. The Controller shall notify the supervisory bodies in accordance with the applicable legal provisions, in particular GDPR.
20. The controller should communicate to the data subject a personal data breach, without undue delay, where that personal data breach is likely to result in a high risk to the rights and freedoms of the natural person in order to allow him or her to take the necessary precautions. The communication should describe the nature of the personal data breach as well as recommendations for the natural person concerned to mitigate potential adverse effects. Such communications to data subjects should be made as soon as reasonably feasible and in close cooperation with the supervisory authority, respecting guidance provided by it or by other relevant authorities.
21. The Controller undertakes the necessary actions to implement the appropriate provisions in agreements with third countries and cooperating entities to ensure the safety of personal data processing. For this purpose, the Controller periodically verifies the applicable contractual provisions and indicates applicable clauses that meet the requirements of the law.
22. The Controller reserves the right to amend this Personal Data Protection Policy at any time.
23. Any questions or concerns regarding the Personal Data Protection Policy may be directed to the address: ado@clico.pl.
24. This document has been approved by the resolution of the Management Board of the Company of May 24, 2018 and is effective from May 25, 2018.
CLICO SP. Z O.O. (LLC) COOKIES POLICY
1. CLICO Spółka z ograniczoną odpowiedzialnością (limited liability company) with its registered office in Cracow, adress: Oleandry 2 Street, 30-063 Cracow, registered in the District Court for Kraków-Śródmieście in Cracow, XI Commercial Divison of the National Court Register under KRS number: 0000107000, tax identification number (NIP): 6770009678, share capital: 51.000,00 PLN (hereinafter: “Clico Sp. z o.o.”) informs that it uses cookies files on www.clico.pl website (herinafter: “Website”).
2. Cookies files (so-called "cookies") are computer data, in particular text files, which are stored on the Website user's device and are intended for use of the Website's contents. Cookies usually contain the name of the website from which they originate, their storage period on the device and a unique number.
3. Cookies are used to:
1) adjust the content of the Website pages to the user's preferences and to optimise the use of Website; in particular, these files allow to recognize the Website user's device and properly display the Website pages, adjusted to her/his individual needs,
2) conduct statistics that help us understand how Website users use it, which allows improving their structure and content,
3) provide data to third parties and redirect users of third party services, including social networks.
4. The cookies used by Clico Sp. z o.o. do not contain any personal data of Website users.
5. The user who visits the Website for the first time is asked to agree upon the installation of cookies, which are activated only upon such consent.
This process is carried out using the banner displayed on the main page of the Website, pursuant to which further browsing of a given page is tantamount to the user agreeing on installing cookies on her/his device. Such consent may be withdrawn at any time by changing the settings of your browser so as to prevent the storage of cookies without incurring costs other than the transmission costs at standard rates. The user can set the browser to accept saving cookies only after the consent is given. Clico Sp. z o.o. informs that the withdrawal of consent to saving and processing of data by using cookies is effective only on the computer and for the browser in which the relevant settings have been chosen.
6. Website users may change their cookies settings at any time. These settings can be changed in particular so as to block the automatic handling of cookies in the web browser's settings or to inform about their every allocation in the user's device. Detailed information about the possibility and methods of handling cookies are available in the software (browser) settings.
7. The user may change the conditions of storing or receiving cookies by changing the settings in the web browser: Internet Explorer, Mozilla Firefox, Chrome, Safari.