The purpose of this Policy is to inform users of the Spectis.pl website (Website) (Users) about the purposes and legal basis for the processing of personal data on the Website, as well as the manner in which they are used and the rights Users have in relation to this. The personal data administrator (Administrator) protects the privacy of the Users and ensures the security of the data they provide. The Administrator observes the principles of personal data processing and applies technical and organisational measures to ensure the protection of personal data and its lawful processing. The Users' personal data is processed each time based on the applicable legal regulations, including in particular the Telecommunications Law and the Regulation of the European Parliament and of the Council on the protection of natural persons in relation to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (RODO). Personal data may be processed in the Users' Cookies according to the principles set out in the Cookies Policy.

Who is the administrator of personal data?

The administrator of personal data is Spectis Trade Bartłomiej Bartnik with headquarters in ul. A9, No. 23, 32-086 Węgrzce, NIP: 865-250-21-40. Contact address: info@spectis.pl.

Users whose personal data are processed may also contact the Administrator in any way they prefer, orally or in writing.

Purposes and legal bases for the processing of personal data:

• communication via the Service's contact form:
  personal data is processed for the legitimate interests of the Administrator (Article 6(1)(f) RODO). The Administrator's legitimate interest is communication with the person requesting a response from the Administrator, in particular servicing the User, answering the User's questions. Communication may be difficult to categorise for several reasons. The provision of personal data is voluntary, but may be necessary to receive a response from the Administrator
• communication via the contact details provided on the Website:
  personal data is processed for the legitimate interests of the Administrator (Article 6(1)(f) RODO). The legitimate interest of the Administrator is communication with the person requesting the Administrator to respond, in particular, servicing the User, answering the User's questions. Communication may be difficult to categorise for several reasons. The provision of personal data is voluntary, but may be necessary to receive a response from the Administrator.
• the investigation and defence of claims, prevention of fraud, conducting statistics and analysis, ensuring the security of the ICT environment, applying internal control systems::
  personal data is processed for the legitimate interests of the Administrator (Article 6(1)(f) RODO). The legitimate interest of the Administrator is to be able to undertake the aforementioned activities.
• installation and use of Cookies on the User's device:
  the purposes and legal basis for the processing of personal data in Cookies are defined in detail in the Cookies Policy.

Recipients of personal data:

Users' data will not be made available to other third parties, unless it becomes necessary and the User gives his/her consent or obligation to do so, or the possibility of making the data available arises from mandatory legal provisions, a final court decision or a final decision of a competent authority. The Website may contain links to other websites. The Administrator shall not be held liable for the processing of personal data in connection with the use of such websites by the User. The User, after navigating to other websites, should first familiarise himself/herself with their privacy policies and personal data protection procedures. The Administrator does not transfer personal data to third countries outside the EEA or international organisations.

What is profiling, and is the data on the Service profiled?

Profiling consists of any automated processing of personal data which makes it possible to evaluate personal factors of an individual and, in particular, to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements of the data subject - insofar as it produces legal effects concerning the data subject or a similar manner significantly affects the data subject. Data on the Service is not profiled. If, in connection with the development of the Website, personal data were to be subject to profiling, the Administrator will inform Users of this, and profiling will take place in accordance with the relevant regulations in this regard. In the event of profiling, the Administrator will implement appropriate measures to protect the rights, freedoms and legitimate interests of the Users, including the possibility of human intervention on the part of the Administrator, as well as the possibility of expressing one's position and challenging the decision.

What rights do Users have?

Users have the right of access to the content of their personal data and the right to rectification, erasure, restriction of processing, as well as the right to data portability. The User also has the right to object to the processing of personal data, in particular with regard to profiling. For this purpose, the User may contact the Administrator at the following email address: info@spectis.pl. The User may also contact the Administrator in any other way he or she chooses, including orally or in writing. The User has the right to lodge a complaint with the President of the Office for Personal Data Protection if he/she consider that the processing of personal data concerning them violates mandatory provisions of law.

How does the Administrator protect personal data?

The Administrator protects Users' data against unauthorised access, disclosure, alteration and destruction. In particular, the Administrator uses data encryption, physical security measures and verification in IT systems. The Administrator also uses anti-virus software and firewalls. Only authorised persons, obliged to maintain confidentiality, as well as subcontractors who have concluded personal data processing entrustment agreements with the Administrator, may have access to the Users' data.

For what period is personal data processed?

Users' data are processed for the duration of their use of the Website. In the case of the processing of personal data in connection with:

• communication via the contact form of the Website – personal data will be processed for the period necessary to respond to the User, complete the User's service or until the User raises an effective objection;
• communication via the contact details provided on the Website – personal data will be processed for the period necessary to provide the User with an answer, to complete the User service or until the User raises an effective objection;
• investigation and defence against claims, prevention of fraud, conducting statistics and analyses, ensuring security of the IT environment, application of internal control systems – personal data will be processed for the period justified by the nature of the aforementioned activities, legal regulations or until the User raises an effective objection;
• installation and use of Cookies on the User's device – personal data will be processed for a period in accordance with the Cookies Policy

Where the period for processing personal data on one legal basis has expired, this does not mean that personal data cannot be processed on another legal basis. Once the processing period has expired and all processing grounds have fallen away, the personal data is either permanently deleted or anonymised.

Entry into force and amendments to the Privacy Policy:

The Privacy Policy and its amendments are effective from the moment they are published on the Website.

To ensure that the Privacy Policy meets the current requirements imposed by law, the Administrator reserves the right to amend the Privacy Policy. The User shall be informed of the changes in the Service.