Zásady ochrany osobních údajů
I. Rules and Regulations for Site Responsibility as the entity that manages and operates the sites.
- The websites are administered by Menlo Electric S.A.
- Menlo Electric S.A. is the author of the content and graphic works contained on the websites.
- The Site and all of its components are protected by applicable law, in particular by the Act on Copyright and Related Rights of 04.02.1994.
- The authors of the graphic works and content posted do not agree to their publication or modification in any way (publications, publications, presentations, websites and in any other way included in the Law on the Protection of Copyright) without their written consent.
- The user has the right to use all of the content published on the websites, provided that the copyright is not violated. No part of the site may be used for commercial purposes without the prior consent of the site owner.
- Neither the website owner nor the authors shall be liable for any moral or financial loss suffered as a result of the use of the content found on the websites.
- Websites use „cookies“ to identify your browser when you use the site. Cookies do not collect any personal data. The data collected, such as the user’s browser type, time spent on the site, etc., are used for statistical analysis of individual sites.
- Trade offer presented on the website does not constitute an offer within the meaning of the Civil Code art. 66 § 1 and other relevant legal provisions. Each page is for information purposes only.
II. Protection of Personal Data
- Personal data shall be processed by Menlo Electric S.A. in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: RODO), as well as on the basis of other regulations governing the protection of personal data.
- Personal data collected by means of all kinds of forms on the Administrator’s website, including information such as: name and surname, contact phone number, e-mail address, are used only to identify the Client, establish business contact with them, provide the Client with materials prepared by the Administrator, provide a valuation of services rendered by the Administrator, conduct business negotiations with the Client and possibly sign and perform a contract.
- Personal data collected by means of all kinds of forms on the Administrator’s websites are processed on the basis of the consent of a person (Article 6(1)(a) of the RODO), and also on the basis of Article 6(1)(b) of the RODO, i.e. their processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
- Consent for the processing of personal data may be withdrawn by the Administrator’s Customers at any time. Withdrawal of consent for data processing has no effect on the lawfulness of data processing carried out by the Administrator on the basis of consent before its withdrawal.
- Withdrawal of consent can be made by sending by you to the e-mail address: email@example.com , an appropriate statement.
- Categories of recipients to whom the personal data of the Administrator’s clients may be disclosed are: employees, associates of the Administrator, accounting office, law firms, national debt registers.
- Menlo Electric S.A. processes its Clients‘ personal data with the use of computer systems and software ensuring the highest level of security of processing such personal data (such as, among others, encryption and anonymisation of transmitted information, cyclical changes of system access passwords). The Administrator processes the personal data of its Customers outside the IT system with the use of technical and organisational measures ensuring the highest level of security of personal data processing.
- The data subject shall have the right to access the content of his/her data and to rectify, erase (the right to be forgotten), restrict the processing thereof, the right to data portability, the right to withdraw consent to the processing thereof at any time without affecting the legality of the processing performed on the basis of consent prior to its withdrawal.
- The data subject has the right to object to the processing of their data by the Controller. The objection should be submitted to the following address: firstname.lastname@example.org.
- If the data subject believes that the processing of his/her personal data by the Controller violates the provisions of the Regulation for the Protection of Personal Data, he/she has the right to lodge a complaint with the Inspector General for Personal Data Protection, who will be replaced by the President of the Office for Personal Data Protection once the Regulation for the Protection of Personal Data comes into force.
III. Duty of transparent communication between the Controller and the data subject (Article 12 RODO)
- The controller shall, in a concise, clear, intelligible and easily accessible form, in clear and plain language – in particular where the information is addressed to a child – provide the data subject with all the information referred to in Articles 13 and 14 of the RODO and shall conduct all communications with him/her pursuant to Articles 15 to 22 and 34 of the RODO. The information shall be given in writing or by other means, including, where appropriate, by electronic means. If the data subject so requests, the information may be given orally, as long as the identity of the data subject is confirmed by other means.
- If the Controller has reasonable doubt as to the identity of the natural person submitting the request referred to in Articles 15 to 21 of the RODO, the Controller may request additional information necessary to confirm the identity of the data subject.
IV. Obligations of the Personal Data Controller when processing personal data
- Data protection by design and data protection by default – In order to comply with this obligation, the Controller has implemented appropriate technical and organisational measures, such as pseudonymisation, designed to effectively implement data protection principles, such as data minimisation, and to give the processing the necessary safeguards to protect the rights of data subjects as far as possible.
- Entrustment of data for processing under a written contract – The controller shall only use the services of such processors that provide sufficient guarantees to implement appropriate technical and organisational measures to protect the rights of data subjects.
- Recording of processing operations. The controller shall be obliged to keep the Register of personal data processing activities. The controller shall make the Register available at the request of the supervisory authority.
- Security of processing. Menlo Electric S.A. has implemented and applies the following technical and organisational measures to minimise the risk of a personal data breach:
1. pseudonymisation and encryption of personal data;
2. ability to ensure confidentiality, integrity, availability and resilience of processing systems and services at all times;
3. ability to quickly restore availability of and access to personal data in the event of a physical or technical incident;
4. regular testing, measuring and evaluating the effectiveness of technical and organisational measures to ensure the security of processing.
In assessing the adequacy of security, the Controller shall take into account in particular the risks involved in the processing, in particular those arising from the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or unauthorised access to personal data transmitted, stored or otherwise processed.
- Notification of a personal data breach to the supervisory authority. In case of a personal data breach, the controller shall, without undue delay after the breach has been identified, notify the personal data breach to the supervisory authority, unless the breach is unlikely to result in a risk of violation of the rights or freedoms of natural persons. Where the personal data breach is likely to result in a high risk of infringement of the rights or freedoms of natural persons, the controller shall without undue delay notify the data subject of such breach.
- Conducting a data protection impact assessment. Where a given type of processing – in particular with the use of new technologies – by its nature, scope, context and purposes is likely to result in a high risk of harming the rights or freedoms of natural persons, the Controller shall be obliged to carry out, prior to the commencement of processing, an assessment of the effects of the intended processing operations on the protection of personal data.
- Prior consultation Where a data protection impact assessment indicates that the processing would result in a high risk where the controller does not take measures to minimise that risk, the controller shall consult the supervisory authority on the possibilities and means of the processing prior to the processing.
V. Processing of data of minors
- In principle, all Menlo Electric S.A. activities are addressed to adults who can make decisions or influence their decision-making. If legal guardians of a minor obtain information that the minor has filled in a form available on websites belonging to the Administrator, they should contact the Administrator in order to have the data removed from the database, or to withdraw their consent by sending an appropriate e-mail to: email@example.com.
VI. The rights of users of Menlo Electric S.A. websites.
- is entitled to obtain confirmation from the Controller as to whether or not personal data relating to him or her is being processed and, if this is the case, is entitled to access and a range of information (Article 15 RODO),
- has the right to request from the Administrator the immediate rectification of personal data concerning him/her which are incorrect (Article 16 RODO),
- has the right to request the Administrator to immediately erase personal data concerning him/her in the circumstances specified (Article 17 of the RODO),
- has the right to request the Controller to restrict data processing in the cases specified (Article 18 of the DPA),
- has the right to receive in a structured, commonly used and machine-readable format the personal data concerning him or her which the Controller has provided,
- has the right, in the cases mentioned, to transfer this personal data to another controller without hindrance from the controller to whom the data was supplied (Article 20 RODO),
- has the right to object to the processing of personal data concerning him/her (Article 21 RODO),
- has the right not to be subject to a decision which is based solely on automated processing of his/her personal data, including profiling (Article 22 RODO).