Nuts.

General Data Protection Regulation

Annex 1.

Information clause

 

Dear Sir or Madam, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), we present you with information regarding the use of your personal data.

Who is the administrator of your personal data?

The administrator of your personal data is ST Trading sp. z o.o. registered at ul. Św. Mikołaja 1, Swadzim NIP: 9291954400, REGON: 380548120, KRS: 0000737131 (hereinafter referred to as the Company or Administrator).

How to contact us to obtain information about your personal data?

You can contact the Administrator in writing by traditional mail to the address provided above or by e-mail at: biuro@sttrading.com.pl

How do we ensure the security of your personal data?

We provide all means of physical, technical and organizational protection of personal data against their accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use or access, in accordance with all applicable regulations.

We have appointed a Data Protection Officer/Coordinator, (name and surname) who can be contacted at: rodo@sttrading.com.pl

 

What is the purpose and legal basis for processing your personal data?

 

We process personal data for the purpose of:

 

 

Area

 Purpose of processing and legal basis

 
Activities aimed at concluding and implementing the contract and conducting business:

 

 • conclusion and implementation of the contract (including for contact purposes, settlements and payments necessary for its implementation) or taking actions at your request in order to conclude it (Article 6(1)(b) of the GDPR) or contacting the contractor’s employees in order to performance of the contract (Article 6(1)(f) of the GDPR – the legitimate interest is the performance of the contract),

• archiving data after the implementation of the contract (pursuant to Article 6(1)(c) of the GDPR in connection with legal provisions and pursuant to Article 6(1)(f)

GDPR for data stored in archives and backup copies – the legitimate interest is to pursue claims or protect against such claims and to ensure data integrity).

• after-sales service, in particular the consideration and implementation of complaints or other claims, conducting the debt collection process (Article 6(1)(f) of the GDPR – the legitimate interest is the investigation and defense against claims),

• fulfillment of legal obligations arising from running a business, including: from the provisions of tax or civil law, e.g. in the field of accounting and taxes (Article 6(1)(c) of the GDPR).

Providing data is a contractual requirement and/or condition for concluding a contract, it is voluntary but necessary for the conclusion and implementation of the contract. Some processing activities as part of the implementation of the contract are regulated by law, their provision is necessary for the implementation of the contract.

 
Contact and correspondence, including electronically (e-mail and via the contact form on the website)

 

 • responding to a question asked or a message sent, based on consent (Article 6, paragraph 1, letter a of the GDPR),

• sending information, including marketing content, if you have given your consent (pursuant to Article 6(1)(a) of the GDPR),

• responding to an inquiry regarding an offer or responding to an offer sent to us and carrying out the activities you requested (pursuant to Article 6 paragraph 1 letter b of the GDPR),

• for the purpose of conducting correspondence in connection with the implementation of legal provisions, e.g. in the course of complaint proceedings or in exercising rights arising from the GDPR, e.g. the right to access data (Article 6, paragraph 1, letter c of the GDPR).

Providing data is voluntary, but necessary to respond, deliver the requested content or fulfill your requests. In some cases, providing data may be a legal requirement, e.g. when we are required to verify the applicant before providing data. Consent can be withdrawn at any time by submitting a request through the same communication channel. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
Other processing based on consent

 

 in each access to the content of the consent (Article 6(1)(a) or Article 9(2)(a) of the GDPR). Providing data is required, but necessary to achieve the purposes specified in the consent. Consent may be withdrawn immediately in a manner available to the Administrator when obtaining consent. Withdrawal of consent does not affect compliance with the law that was issued before its withdrawal.

 
Website delivery

 

 • researching user preferences and behavior on the Website using cookie technology, creating statistics on Website users and using them to adapt/improve the service (Article 6(1)(a) of the GDPR)

• creating a user profile and sending personalized advertising (Article 6(1)(a) of the GDPR),

• technical provision of content, maintenance and technical support of the service, ensuring the security of the service, preventing fraud and removing errors, adapting the service to the needs of users (Article 6(1)(f) of the GDPR).

• conducting online chat conversations using software installed on the website based on your consent (Article 6(1)(a) of the GDPR) or in order to take actions you requested before concluding the contract (Article 6(1)(a) letter b GDPR).

The provision of data is voluntary, but necessary to achieve the above-mentioned purposes. Details on the principles of data processing on our website, including the cookie policy, can be found in the Privacy Policy.

 
Newsletter • sending an information bulletin containing marketing content to your e-mail address, based on your consent (Article 6(1)(a) of the GDPR).

 
Marketing ·    Google Ads
Social media • response to a question or message sent, based on consent, i.e. art. 6 section 1 letter GDPR,

• sending information, including marketing content, if you have consented to it, based on art. 6 section 1 letter a GDPR,

• response to an inquiry regarding the offer or response to the offer sent to us and the implementation of the activities you have requested, based on art. 6 section 1 letter b GDPR,

• creating a user profile and sending personalized advertising (Article 6(1)(a) of the GDPR).

The provision of data is voluntary, but necessary to achieve the above-mentioned purposes.

To some extent, so-called joint control takes place between us and the providers of social media platforms. This means that, together with the providers of these platforms, we are responsible for your personal data and you can exercise your rights under the GDPR against each of the administrators. Details on the principles of data processing in social media can be found in the privacy policies of individual websites:

Polityka ochrony prywatności LinkedIn
Recruitments • conducting the current recruitment process (pursuant to Art. 6(1)(c) of the GDPR, including in connection with the provisions of Art. 22 (1) par. 1 and Art. 229 of the Labor Code and implementing acts and pursuant to Art. 6(1)(a) of the GDPR and Article 9(2)(a) of the GDPR) and, based on your consent, also in subsequent recruitment of employees,

• providing information on the progress of the ongoing recruitment process – based on your consent (Article 6(1)(a) of the GDPR).

Providing data is voluntary, but necessary to participate in recruitment to the extent specified by law.
Other justification based on the legitimate interests of the Administrator

 

 Your personal data is or may be processed also on the basis of Art. 6 section 1 letter f) of the GDPR if processing is necessary for the following purposes arising from the legitimate interests pursued by the Administrator:

• internal administration and work organization, including internal supervision and reporting (legitimate interest is to ensure optimal functioning of the enterprise),

• ensuring the security of IT networks and processes (the legitimate interest is the protection of persons and property).

 

 

What rights do you have in relation to the data concerning you that we process?

 

You have the right to request from the Administrator: access to your personal data and to receive a copy thereof; rectification (correction) of your personal data; deletion of your personal data in a situation where the processing does not take place in order to fulfil an obligation resulting from a legal provision; restriction of the processing of your personal data; transfer of your personal data; filing a complaint with the President of the Office for Personal Data Protection (contact details on the office’s website at www.uodo.gov.pl) in the event that you consider that the processing of personal data violates the provisions of the GDPR.

You also have the right to object at any time to the processing of personal data based on art. 6 sec. 1 letter f) of the GDPR. If you object to the processing of personal data for purposes resulting from legitimate interests pursued by the Administrator, your personal data will not be processed by us for this purpose.

The reason for this objection must be your special situation, therefore when submitting the application please indicate this special situation. Upon receipt of your objection, we will cease processing your data for the purpose or purposes to which you have objected, unless we demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or if we demonstrate grounds for establishing, pursuing or defending against claims.

To exercise the above-mentioned rights, contact the Administrator or the designated Data Protection Officer. Contact details are provided above.

Who may be the recipient of your personal data?

We only share your personal data with entities that allow us to guarantee high quality of service. These are primarily: Headquarters in Turkey ATATÜRK ORGANİZE SANAYİ BÖLGESİ 10007 SK, 35570 ÇİĞLİ/ İZMİR companies providing accounting and office software (including Microsoft), companies providing IT or service services, a hosting company, website plugin providers, courier and/or postal companies, an accounting office, a bank, companies providing marketing services. In the event of appropriate consent, these will also include: Google Ireland Ltd. Data is processed on the basis of an agreement with us and only on our instructions. We do not share your data with any external entities for their own use – only for the implementation of the tasks specified above. All partners who process your personal data ensure data security and fulfill all obligations in the field of personal data protection. We also share your personal data with authorized employees of the Company who, on behalf of the Administrator, perform tasks related to the processing of your data.

What are the rules for transferring your personal data outside the EEA?

Except in cases where you have given your consent, your personal data is not transferred to recipients in third countries, i.e. outside the European Economic Area (EEA) or to international organizations.

In the event of giving your consent, your personal data may be or will be made available to Google Ireland Limited, and primarily to the company’s Headquarters in Turkey. In accordance with the transnational nature of data flow within these Services, your data is transferred outside the EEA, including to countries for which the European Commission has not determined an adequate level of protection.

Data protection in the case of Google Ireland Limited is ensured by an appropriate certificate, on the basis of which the European Commission has determined, in accordance with Article 45 of the GDPR, that they provide an adequate level of protection. In other cases, protection is primarily provided by the use of Standard Contractual Clauses with appropriate security measures (including data encryption). More information about data processing on these Services can be found in the privacy policies of the Services. Data is transferred only on the basis of your express consent.

Polityka ochrony prywatności LinkedIn

Your personal data is processed in this way for marketing purposes (we use marketing tools and cookies and social plugins on our website) and to maintain communication with the customer (social media – Facebook). Data is transferred only on the basis of your express consent.

How long do we store your personal data?

We store your personal data only for the time necessary to achieve the purposes for which the data was collected (e.g. the period of validity/performance of the contract) or for the period specified by law. In relation to data processed on the basis of consent – until its withdrawal. In the case of processing for the purpose of answering a question – for 1 year from the end of correspondence. In other cases, this will be the limitation period for claims or other periods provided for by law.

How can we make decisions based on your personal data?

Based on your personal data, we can perform profiling and make automated decisions (on displaying an advertisement), referred to in art. 22 sec. 1 and 4 of the GDPR. This takes place in the following systems: website www.doit.biz.pl and fanpage on Facebook. Profiling is performed for the purpose of marketing our own services. You have the right to appeal against such a decision by communicating your position to us through the above-mentioned communication channels.

 

 

ANNEX 2.

 

Privacy Policy

This Privacy Policy applies to our website, which is located at the url address: https://www.sttrading.com.pl (Website). You will learn from it, first of all, what are the principles of processing information about you by us. We also explain, among other things, how we protect your data and how we use cookies within the Service.

 

  1. I. Operator (general information)

The Service Operator and at the same time the administrator of personal data that you voluntarily provide to us on the Service is ST Trading sp. z o.o. . Our full contact details and information on the processing of personal data can be found at …pl (you should provide the address of the page with the information clause ANNEX 1)

If you have questions or need to contact us, you can write to the e-mail address: biuro@sttrading.com.pl

As part of our Service, we provide various services. Some of them use the information you provide. These services are:

  1. handling inquiries via the contact form,
  2. implementation of ordered services,
  3. presentation of the offer or information.

 

 

  1. To obtain information about users and their behavior, we use the following methods:
  2. users voluntarily provide us with data through forms that they enter into our system,
  3. we use cookies that are saved on users’ end devices.
  4. we may also use tracking scripts or plug-ins.

 

III. We take care of the protection of your data and use various methods to ensure its security. Here are some of them:

  1. the places where you log in and enter personal data are protected by an SSL certificate. This means that the personal data and login details you enter on our site are encrypted on your computer and can only be read on our target server.,
  2. the personal data stored in our database is encrypted in such a way that only we, as the operator, have the key to read it. Thanks to this, your data is protected, even if the database is stolen from our server,
  3. user passwords are stored in hashed form. The hashing function works only in one direction, which means that it cannot be reversed. This is currently a standard security measure for storing user passwords,
  4. in our service we use two-factor authentication as an additional form of protection for logging into the Service,
  5. we regularly change our administrative passwords,
  6. we regularly create backup copies to protect data,
  7. an important element of data protection is the regular updating of the software we use to process personal data. This includes regular updates of programming components.

 

  1. Hosting

The website is hosted (technically maintained) on servers ……………………………………

  1. Additional information on how your personal data is used

In some situations, we may transfer your personal data to other recipients if this is necessary to perform the contract with you or to fulfill our obligations. Here are the groups of recipients:

  1. Hosting company that technically maintains our website,
  2. Couriers and postal operators who deliver the products you ordered,
  3. Companies providing marketing services to us,
  4. Authorized employees and associates who need access to data in order to achieve the purposes of the website.
  5. Data storage period

Your personal data will be processed by us only for the period necessary to perform specific tasks in accordance with applicable law (e.g. accounting). In the case of cookies, the data processing periods are presented in the “Expiration” table in the cookie section. In the case of marketing data, we will not store it for longer than 3 years.

VII. Profiling and automated decisions

In some cases, we take action that involves automated decision-making, including profiling, in order to provide services in accordance with the concluded agreement and for marketing purposes (e.g., delivering advertisements).

VIII. Information in forms

Our service collects information that you provide voluntarily (including personal data, if provided). We may save information about your connection parameters, such as connection time and IP address. In some cases, in order to facilitate linking data from a form with the e-mail address of the user who completes it, we may save appropriate information. In such a case, the user’s e-mail address may appear in the URL of the page containing the form. Data provided in forms is processed in accordance with the function of the given form, e.g., to handle a service request, sales contact, service registration, etc. Each form is appropriately described to clearly indicate what it is for.

 

  1. Administrator Logs (System Logs)

In order to manage our website, we may record information on user behavior. This data is used to administer the website.

  1. Essential Marketing Techniques
  2. To analyze traffic on our website, we use the Google Analytics tool (Google Inc. based in the USA). As part of this tool, we transfer personal data to Google Inc., but it is anonymized. This service is based on the use of cookies on the user’s device. As for user preferences collected by the Google advertising network, the user can view and edit this information on cookies using the tool: …………………………………….
  3. We use remarketing techniques that allow us to match advertisements to user behavior on our website. This may suggest that the user’s personal data is used for tracking, but in practice we do not transfer any personal data to advertisers. The technical condition for these activities is that cookies are enabled.
  4. We use a solution that monitors user behavior by creating heat maps and recording behavior on the website. This information is anonymized before being sent to the service operator, so the operator does not know which specific individuals are covered by it. In particular, passwords or other personal data are not recorded.

 

  1. We use a solution that automates the operation of our service in relation to users, for example, we can send the user an e-mail after visiting a specific subpage if they have agreed to receive commercial correspondence from us.

 

  1. Information about cookies:

 

Our service uses cookies (list of cookies). Using our service is tantamount to expressing consent to the processing of personal data, including in cookies.

Cookies (so-called “cookies”) are computer data, in particular text files, which are stored on the end device of the Service User and are intended for using the websites of the Service. Cookies usually contain the name of the website from which they originate, the time of their storage on the end device and a unique number.

The Service Operator and trusted partners are responsible for placing cookies on the user’s device and obtaining access to them. Cookies are used for the following purposes:

  1. Maintaining the user’s session on the website (after logging in), so that the user does not have to re-enter their login and password on each subpage.
  2. Implementing the purposes described earlier in the “Important marketing techniques” section.

We use two basic types of cookies on our website:

  1. “session cookies”. “Session” files are temporary and stored on the user’s device until the user logs out, leaves the website or turns off the software (web browser).
  2. “persistent cookies”. “Persistent” files are stored on the user’s device for a specified period of time or until the user deletes them.

The web browser usually allows cookies to be stored on the user’s device by default. Users of our website can change these settings. The web browser also allows cookies to be deleted. It is also possible automatically blocking cookies. Detailed information on this subject can be found in the help or documentation of the web browser.

Restrictions on cookies may affect some functionalities available on the pages of our service.

Cookies placed on the device of the user of our service may also be used by entities cooperating with us, in particular companies: Google (Google Inc. based in the USA), Linkedin Corp. (based in the USA),

 

Cookies key Supplier Cookie type Expiry Description
APISID Google marketing 6 month up to 10 years Creating a profile of a site visitor’s interests and displaying relevant advertising. This cookie works by uniquely identifying a user’s browser and device.
SID, HSID Google functional 2 years Authenticating users, preventing unauthorized use of login credentials, and protecting user data from unauthorized persons.

 

XII. Managing cookies – how to express and withdraw consent in practice?

 

We enable the management of cookie consents using a special window that appears when the website is launched. Consents can be managed at any time by clicking the appropriate link on our website or by clicking this link: ………………….. (a link to managing cookie consents should be provided).

If the user does not want to receive cookies, they can also change their browser settings. We reserve that disabling the support of cookies necessary for authentication processes, security, and maintaining user preferences may make it difficult, and in extreme cases may prevent the use of websites.

To manage cookie settings, select the web browser you are using from the list below and follow the instructions:

  • Edge
  • Internet Explorer
  • Chrome
  • Safari