Privacy policy
On behalf of MENLO ELECTRIC S.A., we hereby inform that the protection of your personal data is very important to us and we care about the privacy of everyone who uses our services.
Pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), as of 25 May 2018 we would like to inform you about issues concerning the processing of personal data.
Definitions
I. Basic Information
Who is the Controller of your data?
The Data Controller is MENLO ELECTRIC SPÓŁKA AKCYJNA with its registered office in Warsaw (02-675), ul. Wołoska 5. The Controller has appointed a Data Protection Officer.
In matters related to the processing of personal data, the Controller can be contacted:
- electronically, via e-mail: iod@menloelectric.com.
- by post, at the following address: MENLO ELECTRIC S.A., ul. Wołoska 5, 02-675 Warsaw.
II. Processing of User Data
What User Data does the Controller process?
- The Controller may obtain and process , among others, the following types of Data and other information concerning Users:
- name and surname;
- e-mail address;
- phone number;
- address information;
- data of the employer or the entity the User cooperates with;
- User location data;
- information about the history of the User’s activity on the Portal;
- information stored in Cookie Files;
- information about the devices used to use the Portal, including IP numbers and identification numbers of the devices used by the User.
- The Controller can also obtain other Data from the User in connection with the use of the Portal.
For what purpose and on what basis does the Controller process the Data?
- The Data made available by Users may be processed by the Controller:
- in order to comply with legal obligations of the Controller – in particular within the scope of administrative and tax law (Art. 6 section 1 letter c GDPR);
- in order to initiate contact with the User in connection with the User’s expression of such a wish through the contact form (Art. 6 section 1 letter a GDPR);
- for marketing purposes carried out through the Controller’s newsletter, sent to the e-mail address indicated by the User (Art. 6 section 1 letter a GDPR);
- for marketing purposes pursued in the interest of the Controller, the Data may be used in connection with the promotion of the Controller’s services and products (Art. 6 section 1 letter f GDPR);
- for analytical purposes related to the monitoring of operation and development of the Portal, in particular through the collection of statistical data, testing and introduction of new functionalities (Art. 6 section 1 letter f GDPR);
- for the purpose of establishment, investigation of or defence against claims related to operation of the Portal and in connection with the performed sale (Art. 6 section 1 letter f GDPR);
- The scope of the actually processed Data may vary depending on the method of individual use of the Portal by Users.
How long will the Data be processed?
- The Data will be processed for the period necessary for achievement of the purposes of the processing, but no longer than:
- in order to comply with legal obligations of the Controller – for the period resulting from the applicable regulations;
- for marketing purposes and in connection with the initiation of contact by the User – until the User raises a legitimate objection to this form of processing or withdraws the given consent;
- for purposes related to the monitoring of operation and development of the Portal as well as services offered by the Controller – until the User raises a legitimate objection to this form of processing;
- for the purpose of establishment, investigation of or defence against claims related to operation of the Portal and provision of other services by the Controller – until the end of the limitation period of possible claims;
To which entities does the Controller transfer the Data?
- The Controller may transfer the Data to third parties, in particular:
- to competent state authorities – within the scope specified in generally binding legal regulations;
- to entities affiliated with the Controller;
- to entities operating ICT systems of the Controller (i.e. hosting companies, IT service providers);
- to entities providing services within the scope of: legal assistance, human resources, accounting, tax consultancy or other advisory services for the Controller;
- to entities carrying out marketing activities on behalf of the Controller;
- to other entities with whom the Controller cooperates in order to ensure the functioning of the Portal.
- The Company will make the Data available only to the extent necessary for the proper performance of obligations by the third party.
- The Portal may contain references (“links”) leading to websites managed by third parties, independent of the Controller (e.g. social networks). The processing of the Data on such websites is carried out on the terms and conditions specified by the third parties. The Controller is not liable for the processing of the Data by such third parties.
III. Transfer of the Data outside the EEA
Will personal data be transferred outside the EEA?
- The Controller transfers the Data outside the EEA, including to countries for which the European Commission has not issued a decision as referred to in Art. 45 section 1 GDPR.
- The Controller takes measures required under GDPR to ensure an adequate level of protection for the Data processed outside the EEA. In particular, the Controller applies standard contractual clauses for the transfer of the Data, as approved by the European Commission. Details concerning the Controller’s actions with regard to data protection can be obtained by contacting the Controller in the manner specified in § 1 of the Policy.
IV. Profiling
Will the Controller profile the Users?
- Users may be subject to profiling.
- Profiling can be used to:
- improve the Portal’s functionality;
- suggest settings (e.g. language, localisation settings);
- present personalised offers, promotions and recommendations.
Automated decision making
The Controller will not use the Data and other information for the purpose of automated (i.e. without human intervention) decision-making regarding Users.
V. Cookie Files
Cookie Files
- The Portal uses Cookie Files.
- The use of Cookie Files is necessary for the correct functioning of the Portal.
- The Controller also uses Cookie Files for statistical and marketing purposes – but only if the User gives their consent to this.
- In most cases, web browsers allow to specify detailed rules for saving and storing Cookie Files. Each User can independently modify the settings of the browser they use in order to determine own rules for storing Cookie Files.
Purpose of using Cookie Files
The Controller uses Cookie Files:
- to ensure the proper functioning of the Portal and to adapt the way it is displayed to the parameters of the User’s device;
- to adapt the content of the Portal to the needs of Users, including the region from which the User is establishing a connection;
- for statistical purposes and to monitor the activity of visits on the Portal;
- to test the correct functioning of all functions used on the Portal for the purpose of their continuous improvement.
Types of Cookie Files used on the Portal:
Necessary Cookie Files | ||
Name | Use of Cookie Files | Storage period |
^PHPSESSID | User session | Session |
^PrestaShop | User session | Session |
cc_cookie | Cookie for cookie consent settings. | 180 days |
apc_popup_session | Cookie for popup settings. | Session |
Statistical Cookie Files | ||
_fbp | It is used to distinguish and track unique users. | 3 months |
^_gali | a cookie file used by Google Analytics to determine which links on the website are clicked on. | 12 months |
_ga | Registers a unique identifier used to generate statistical data on how the user uses the site. | 12 hours |
_gid | Registers a unique identifier used to generate statistical data on how the user uses the site. | 12 hours |
^_gcl | Cookie files which store information about campaigns in Google Ads. | 3 months |
^_gat | Used to distinguish between users. | 10 minutes |
Marketing Cookie Files | ||
_fbp | It is used to distinguish and track unique users. | 3 months |
^_gali | A cookie file used by Google Analytics to determine which links on the website are clicked on. | 12 months |
_ga | Registers a unique identifier used to generate statistical data on how the user uses the site. | 12 hours |
_gid | Registers a unique identifier used to generate statistical data on how the user uses the site. | 12 hours |
^_gcl | Cookie files which store information about campaigns in Google Ads. | 3 months |
^_gat | Used to distinguish between users. | 10 min |
Storage period of Cookie Files
Session Cookie Files | Temporary files, stored until the User leaves the Portal, closes the web browser or deletes the cookie files. |
Permanent Cookie Files | Cookie files stored for the time specified in their parameters (indicated above) or until they are deleted by the User. |
VI. Users’ rights
Is the provision of the Data voluntary?
The provision of the Data is voluntary and is not based on statutory obligations.
Data modification
- The user has the right to:
- obtain information about the Data currently being processed;
- modify (including to rectify and amend) the Data;
- limit the scope of the processing of the Data;
- obtain Data from the Controller for the purpose of transferring the Data to another entity;
- Users have the right to obtain a copy of the Data currently being processed. The Controller makes the Data available in an electronic form, in a commonly used data storage format. At the request of the User or the Partner, the Controller may transfer data stored in such a manner to another designated entity.
Withdrawal of the consent to Data processing
The User has the right to withdraw any consents given for the processing of the Data. Withdrawal of the consent may involve a restriction or discontinuation of provision of services by the Controller.
Objection
The User, the Partner and the Employee who are data subjects have the right to object at any time to the processing of the Data based on Article 6 section 1 or f GDPR, including profiling.
Effective expression of an objection may result in the blocking of the possiblity to use of the Portal.
Data removal
The Controller deletes the Data when the following circumstances occur:
- The Data are no longer necessary for the purposes for which they were collected or otherwise processed;
- The User or the Partner has withdrawn the consent on which the processing is based on pursuant to Art. 6 section 1 letter a GDPR and there is no other legal basis for the processing;
- a legitimate objection has been lodged against the processing of the Data;
- the Data were processed unlawfully;
- the Data must be deleted in order to comply with a legal obligation provided for in the EU or Member State law to which the Controller is subject.
Complaint to the Controller and to PDPO
If the Processing violates the provisions of GDPR, the User may lodge a complaint with the Controller or with the supervisory authority – the President of the Personal Data Protection Office.
Exercise of rights
The rights in relation to the processing of the Data may be exercised by contacting the Controller in the manner determined in § 1 of the Policy.