What is GDPR?
GDPR, the General Data Protection Regulation, is a legal act issued by the European Parliament and the Council of the European Union on April 27, 2016. It concerns the protection of individuals with regard to the processing of personal data and the free movement of such data, and repeals Directive 95/46/EC (General Data Protection Regulation). It is a legal framework that establishes rules for the processing of personal data across the entire European Union and has been in effect since May 25, 2018.
#Definitions
- Service Provider - Wojciech Guziak Chmurka.pl is a company based in Krakow (Tax Identification Number: 7722366375, National Business Registry Number: 360957383), with its registered office located at Rynek Glowny 28, 31-010 Krakow, Poland. The company specializes in selling electronic services through its website available at https://otshosting.pl.
- Client - a natural person/legal entity or a registered company in the Service Transactional System of the Service Provider.
- Transactional System - a distinct part of the Service Provider's website available at https://otshosting.pl, allowing for the management of services and payment processing.
- Personal Data - data that allows the identification of a natural person. A natural person who can be identified is one whose identity can be determined directly or indirectly.
- Data Processing - an operation or set of operations performed on personal data, whether automated or manual. Data processing includes activities such as collecting, recording, transmitting, archiving, storing, retrieving, reviewing, using, combining, etc.
- Data Controller - a natural or legal person, public authority, agency, or other entity that determines the purposes and means of processing personal data.
- Data Processor - a natural or legal person, public authority, agency, or other entity that processes personal data on behalf of the data controller.
In this case, the Service Provider is both the data controller and the data processor for your data.
The Service Provider acts as the data controller when determining the purposes and means of processing your data, such as when collecting the necessary data to create an account, issue an invoice, contact the technical or sales department, etc. We also act as the data controller for our employees' data.
As a data processor, the Service Provider processes personal data on behalf of the data controller (the Client), but the data remains the property of the data controller.
Who is the data controller of your personal data?
The data controller of your personal data is the Service Provider - Wojciech Guziak Chmurka.pl, with its registered office in Krakow.
How can you contact us to obtain more information about the processing of your personal data?
Regarding the protection of your personal data and the exercise of your rights, you can contact us via Email: [email protected] or in writing at the address: Wojciech Guziak Chmurka.pl, Rynek Główny 28, 31-010 Krakow.
Where do we get your data from?
We received your data from you during the account registration and payment processing in the Transactional System.
What are the purposes and legal bases for processing your personal data by the Service Provider?
We may process your personal data because it is necessary for the performance of the contract with you related to your registration in our Transactional System. The purposes are as follows:
- To register your account based on your consent (Article 6(1)(a) of the GDPR).
- To conclude a service agreement based on your interest in our offer (Article 6(1)(b) of the GDPR).
- To perform and based on the service agreement concluded with you (Article 6(1)(b) and (c) of the GDPR).
- For archiving (evidence) purposes to secure information in case of a legal need to demonstrate facts, which is our legitimate interest (Article 6(1)(f) of the GDPR).
- For possible establishment, exercise, or defense against legal claims, which is our legitimate interest (Article 6(1)(f) of the GDPR).
- To handle the requests you address to us (Article 6(1)(b) of the GDPR).
- To contact you for the purposes related to the request handling (Article 6(1)(b) of the GDPR).
Additionally, legal provisions may require us to process your data for tax and accounting purposes.
We also process your personal data for the following legitimate interests of the Service Provider:
- Monitoring your activity and that of other users, including domain name searches.
- Conducting marketing activities, including direct marketing of our services.
- Contacting you, including for permitted marketing actions, through available communication channels, particularly, and with your consent - via email and telephone.
- Providing payment services.
- Ensuring the security of services we provide to you electronically, including enforcing the internal rules of the Service Provider and preventing fraud and abuse, as well as ensuring traffic security.
- Handling your requests addressed, in particular, to the user service department and through the contact form when they are not directly related to the performance of the agreement.
- Debt collection; conducting court, arbitration, and mediation proceedings.
- Data storage for archival purposes and ensuring accountability (demonstrating fulfillment of our obligations under the law).
What categories of your data do we process?
We will process the following categories of your data:
- Basic identifying data.
- Data assigned by public authorities.
- Electronic identifying data.
- Residential data.
Who are the recipients of your data?
We may disclose your personal data to the following categories of entities:
- Subcontractors of our services.
- Entities authorized to obtain data based on applicable law, e.g., courts or law enforcement authorities - only if they request it based on an appropriate legal basis.
- The company we entrusted with conducting accounting matters for our company.
Is it necessary to provide us with your personal data?
Providing your data is:
- A condition for the conclusion and performance of the agreement.
- Voluntary.
If, for any reason, you do not provide your personal data, we will not be able to conclude an agreement with you, and as a result, you will not be able to use the services of the Service Provider.
If required by law, we may require you to provide other data necessary, e.g., for accounting or tax reasons. Outside of these cases, providing your data is voluntary.
You may withdraw your consent to the processing of personal data at any time, in the same way as you gave it. We will process your personal data until you withdraw your consent.
What if you do not provide us with your data?
- We may refuse to conclude an agreement.
- We may claim damages or refuse to provide our services.
How long do we store your data?
We store your personal data for the period of negotiation of the agreement, the duration of the agreement concluded with you, and after its termination for the purposes of:
- Pursuing claims related to the performance of the agreement.
- Fulfilling obligations arising from legal provisions, in particular, tax and accounting obligations.
- Preventing abuse and fraud.
- Statistical and archival purposes.
- For a maximum of 5 years from the date of the completion of the agreement.
We store your personal data for marketing purposes for the duration of the agreement or until you object to such processing, depending on which of these events occurs first.
In the case of loyalty programs, contests, and promotional activities in which you may participate, we will process your data for the duration of these events and the period of settling award delivery.
What are your rights?
We guarantee the fulfillment of all your rights arising from the General Data Protection Regulation (GDPR), including the right of access, rectification, and erasure of your data, restriction of their processing, the right to data portability, not to be subject to automated decision-making, including profiling, and the right to object to the processing of your personal data.
In summary, you have the right:
-
To access your personal data and obtain a copy of it.
-
To correct (rectify) your data.
-
To delete data. If you believe that there is no basis for us to process your data, you can request their deletion.
-
To limit data processing. You may request us to restrict the processing of your personal data solely to their storage or the performance of actions agreed with you if you believe we have incorrect data about you or we process it without a legal basis; or you do not want us to delete them because you need them to establish, investigate, or defend claims: or during the time you object to the processing of data.
-
To object to the processing of data. You have the right to object to the processing of your data based on legitimate interests. In that case, you must indicate your specific situation that, in your opinion, justifies us stopping the processing objected to. We will cease processing your data for these purposes unless we demonstrate that the grounds for processing your data are superior to your rights or that your data is necessary for us to establish, investigate, or defend claims.
-
To data portability. You have the right to receive from us, in a structured, commonly used, and machine-readable format (e.g., CSV format), your personal data concerning you that you have provided to us based on an agreement or your consent. You can also instruct us to send this data directly to another entity.
-
To file a complaint with a supervisory authority. If you believe that we process your data unlawfully, you can file a complaint about it with the relevant supervisory authority.
-
To withdraw consent to the processing of personal data. At any time, you have the right to withdraw consent to the processing of those personal data that we process based on your consent. Withdrawal of consent will not affect the lawfulness of the processing carried out based on your consent before its withdrawal.
Details on how to exercise your rights can be found on our website at https://otshosting.pl/tos. To exercise your rights, send a request to the email address: [email protected].
Do we transfer your data to third countries or international organizations?
Your personal data will be transferred outside the European Economic Area to Google LLC, Enom LLC, and GoDaddy Operating Company LLC, based on appropriate legal safeguards, which are standard contractual clauses for the protection of personal data approved by the European Commission.
Do we process your personal data automatically (including profiling) in a way that affects your rights?
Your personal data will be processed in an automated manner (including profiling); however, this will not result in any legal effects concerning you or similarly significantly affect your situation.
The profiling of personal data by the Service Provider involves processing your data (including in an automated manner) by using them to evaluate certain information about you, especially for analysis or forecasting personal preferences and interests.