PRIVACY Privacy Policy | Cookies | GDPR
General provisions
The data controller of personal data collected through the website https://vaculife.com is the company operating under the name Investspace Sp.z o.o., with its registered office at Rybnicka 1 Street, 43-180 Orzesze (Silesia), Poland. Its tax identification number (NIP) is 6423049353. The Company is registered in the National Court Register (KRS) under the number 0000309467 with the District Court for the City of Katowice – East, 8th Commercial Department of the National Court Register, Lompy 14, 40-040 Katowice. E-mail address: privacy(at)vaculife.com.
Hereinafter, we will refer to the Company as the „Data Controller.”
Personal data collected by the Data Controller through the Website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and the Act of May 10, 2018 on the Protection of Personal Data.
Types of personal data processed,
scope and purposes of data collection
Purpose of processing and legal basis: The Data Controller processes personal data through the Website in the following cases
- the user sends a product request through a form on the site. Personal data are processed on the basis of separate consent in accordance with Article 6(1)(a) of the GDPR.
- the user subscribes to the newsletter in order to receive commercial information by electronic means. Personal data will be processed on the basis of separate consent pursuant to Article 6(1)(a) of the GDPR.
Type of personal data processed: The controller processes the following categories of your personal data:
- e-mail address,
- the first name, surname or name of the company/organisation given by the user,
- the telephone number provided by the user.
Period of archiving of personal data: Your personal data is stored by the Data Controller:
- where the processing is based on the performance of a contract, for as long as is necessary for the performance of the contract and thereafter for a period corresponding to the period of limitation of claims. The limitation period is six years, and three years for claims for periodic performance and claims related to the conduct of business.
- where processing is based on consent, for as long as consent is not revoked, and thereafter for a period of time corresponding to the limitation period for claims that may be raised against the Controller. The limitation period is six years, and for claims for periodic benefits and claims related to the conduct of a business activity – three years.
When using the website, additional information may be collected, in particular: the IP address assigned to your computer or the external IP address of your internet provider, domain name, browser type, access time, operating system type.
Navigation data may also be collected from users, such as information about links clicked or actions taken on the website. The legal basis for such activities is the Data Controller’s legitimate interest (Article 6(1)(f) GDPR) in facilitating the use of electronically provided services and improving the functionality of such services.
The provision of personal data by the user is voluntary.
Personal data will also be processed by automated means in the form of profiling, provided that you have given your consent pursuant to Article 6(1)(a) of the GDPR. The consequence of profiling will be the assignment of a profile to a person in order to make decisions concerning him or her or to analyse or predict his or her preferences, behaviour and attitudes.
The Data Controller shall take special care to protect the interests of the data subjects and, in particular, shall ensure that the data it collects are:
- processed lawfully,
- collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes,
- substantively correct and adequate in relation to the purposes for which they are processed and kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of the processing.
Sharing personal data
The User’s personal data will be transferred to the service providers used by the Data Controller for the operation of the Website. The service providers to whom personal data is transferred are, depending on the contractual arrangements and circumstances, either subject to the instructions of the Data Controller as to the purposes and means of processing such data (processors) or determine the purposes and means of processing themselves (controllers).
Your personal data is stored exclusively in the European Economic Area (EEA).
The right to control, access and correct their own data:
The data subject has the right of access to the content of their personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
Legal grounds for the user’s request:
- Access to data – Article 15 RODO
- Correction of data – Article 16 RODO.
- Deletion of data (so-called right to be forgotten) – Article 17 RODO.
- Restriction of processing – article 18 RODO.
- Data portability – article 20 RODO.
- Objection – article 21 RODO
- Withdrawal of consent – article 7(3) RODO.
In order to exercise the rights referred to in point 2, you can send the relevant email to: privacy@vaculife.com.
In the situation where a user makes a request resulting from the above-mentioned rights, the Data Controller shall comply or refuse to comply with the request immediately, but not later than within one month from the receipt of the request. If, however, due to the complexity of the request or the number of requests, the data controller is unable to comply with the request within one month, he/she shall comply with the request within a further two months, informing the user in advance, within one month of receiving the request, of the intended extension of the deadline and the reasons for it.
If it is established that the processing of personal data violates the provisions of the RODO, the data subject has the right to lodge a complaint with the President of the Data Protection Authority.
COOKIES FILES
The website of the Data Controller uses „cookies” files.
The installation of „cookies” is necessary for the proper provision of services on the website. The „cookie” files contain information necessary for the proper functioning of the website and they also allow for the compilation of general statistics on the visits to the website.
The Site uses two types of „cookies”: permanent cookies.
„Persistent” cookies are stored in the user’s terminal for the period of time specified in the „cookie” parameters or until they are deleted by the user.
The Data Controller uses its own cookies to better understand how the User interacts with the content of the Site. The files collect information about the user’s use of the website, the type of website from which the user was referred, the number of visits and the time of the user’s visit to the website. This information does not reveal any specific personal information about the user, but is used to compile statistics about the use of the website.
The user has the right to control the access of „cookies” to his computer by selecting them in advance in his browser window. Detailed information on the possibility and methods of handling „cookies” is available in the settings of your software (web browser).
FINAL PROVISIONS
The Data Controller shall implement technical and organizational measures to ensure the protection of the processed personal data, appropriate to the risks and categories of protected data, and in particular to protect the data from access by unauthorized persons, from removal by unauthorized persons, from processing in violation of applicable regulations, and from alteration, loss, damage or destruction.
The Data Controller shall implement appropriate technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.
In matters not regulated by this Privacy Policy, the provisions of the GDPR (RODO) and other relevant provisions of Polish law shall apply accordingly.