PRIVACY AND COOKIES POLICY
INTERNET SERVICE
www.latexopony.pl

§ 1.
PERSONAL DATA CONTROLLER, DEFINITIONS, INTRODUCTORY INFORMATION

1. The operator of the Internet Service as well as the Data Controller of the Users’ Personal Data of the Internet Service, hereinafter also referred to as the Administrator, is:
   
   LATEX TYRES LIMITED LIABILITY COMPANY with its registered office in Opole, ul. Krapkowicka 21, 45-760 Opole, Tax Identification Number (NIP): 7543058869, National Business Registry Number (REGON): 161436072, registered in the National Court Register under the number KRS: 0000955942, a company engaged, among others, in the supply of tires, rims, wheels, and wheel accessories.
   
   Contact details of the Administrator:
   Mailing address: 21 Krapkowicka Street, 45-760 Opole
   Email address: sekretariat@latexopony.pl
   Phone number: +48 77 451 98 00
   
   
2. Privacy Policy – refers to this Privacy and Cookies Policy of the Website www.latexopony.pl, specifying detailed rules for the processing and protection of Users’ personal data as well as the use of cookies on the Website, available on the www.latexopony.pl website under the “Privacy Policy” tab.
   
   
3. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
   
   
4. Internet Service – an internet service operated by the Administrator available at: www.latexopony.plthrough which the User can obtain information about the Administrator, the activities conducted by the Administrator, and the possibility of concluding a specific contract, the subject of which are goods and services offered by the Administrator, establish contact with the Administrator or the Administrator’s representatives, as well as perform other actions covered by the functionalities of the Internet Service and provided for in the Terms of Service and this Privacy Policy.
   
   
5. Personal Data Protection Act – Act of 10 May 2018. on the protection of personal data (consolidated text: Journal of Laws of 2019, item 1781).
   
   
6. User – a natural person visiting the website(s) of the Internet Service and/or using the services and functionalities of the Internet Service described in this Privacy Policy and in the terms of service of the Internet Service (hereinafter referred to as the “Terms of Service“).
   
   
7. The provision of personal data for processing by the Administrator is voluntary, and consent to their processing can be withdrawn at any time.
   
   
8. Users’ personal data are stored in a database, on the Administrator’s servers, or on servers belonging to the Administrator’s service providers, using technical and organizational measures required by applicable law.
   
   
9. The Administrator implements security measures aimed at protecting personal data against loss, unauthorized use, and modification.
   
   
10. This Privacy Policy does not cover any information, advertisements, and content concerning goods and services provided by entities other than the Administrator, which have been posted on the pages of the Internet Service regardless of the basis and purpose of their posting. It is recommended that the User familiarize themselves with the privacy policy of the respective third party before using or taking any actions in connection with the posted information and content.
    
    
11. This Privacy Policy does not cover the methods and scope of processing, storing, and protecting the personal data of Users who, through the appropriate functionalities of the Internet Service (in particular: the ““Register with XPARTNER.” “LOG IN.”“or the “Become our partner” button) will be redirected to the website www.xpartner.net.pl.” “The ‘XPARTNER‘ Internet Service is a separate platform, and this Privacy Policy and Terms of Service do not apply to it unless otherwise stated directly in the content of the Terms of Service and/or Privacy Policy.”
    
    
12. “The Administrator provides this Privacy Policy through a link placed on the main page of the Internet Service, in the bottom toolbar of tools and functionalities.” “The User has the opportunity to familiarize themselves with the content of the Privacy Policy at any time of their choosing.”
    
    

§ 2.
GOALS, LEGAL BASES, AND DURATION OF PERSONAL DATA PROCESSING

1. The Administrator may process the following categories of personal data and information concerning Users:
   
   1) Information about the User’s device to ensure the proper provision of services: computer IP address, domain name, information contained in cookies or other similar technologies, session data, internet browser type and version, operating system type, device data, data regarding activity on the Website, including on individual subpages.
   
   2) Information about geolocation, if the User has consented to the Administrator’s access to the User’s geolocation; geolocation information is used to provide information and offers more tailored to the User’s needs and capabilities.
   
   3) Personal data of Users: first name, last name, email address, phone number, mailing address, which the Administrator requires in order to establish contact with the Administrator or its representatives, through an electronic form available under the tab “Contact“Contact” and established procedures or for the purpose of initiating and conducting the complaint process described in the Terms of Service.
   
   
2. “Although not all the information listed in § 2(1) 1. Privacy Policy can be considered as Users’ personal data, as in conjunction with other information, they may qualify as such, the Administrator covers them with the full protection granted to personal data under the GDPR.
   
   
3. Personal data may be processed for the following purposes and on the legal bases indicated below:
   
   1) for the purpose of entering into and performing a contract for the provision of services electronically (legal basis – Article 6(1)(b) of the GDPR) – the purpose of processing personal data is to provide services; by using the Internet Service and agreeing to the provisions contained in the Terms of Service and Privacy Policy, the User enters into an agreement with the Administrator for the provision of services electronically, consisting of enabling the use of the functionalities of the Internet Service, in particular, receiving and handling queries addressed by Users of the Internet Service, undertaking specific actions at the request of the person whose personal data are concerned; failure to provide required personal data may result in limiting the User’s ability to use all functionalities of the Internet Service;
   
   2) for the purpose of fulfilling legal obligations incumbent on the Administrator in connection with the concluded contract for the provision of services electronically (legal basis Article 6(1)(c) of the GDPR in conjunction with Article 6(1)(b) of the GDPR) – the purpose of processing personal data is to fulfill the legal obligations of the Administrator related to the concluded contract for the provision of services electronically, in particular, the implementation of rights and obligations related to complaints.
   
   3) For the purpose of defense, investigation, or establishment of claims related to the contract for the provision of services electronically, which constitutes a legitimate interest of the Administrator (legal basis Article 6(1)(f) of the GDPR) – the purpose of processing personal data is to secure information in case of a legal need to demonstrate certain events, which is a legitimate interest of the Administrator.
   
   4) for purposes related to cookie technology, based on the consent of the person concerned. (legal basis Article 6(1)(a) and Article 6(1)(f) of the GDPR) – processing of personal data in this scope occurs solely on the basis of separate consent expressed by the User for the processing of personal data, the use of cookies or other similar technologies, expressed by a statement made at the time of the first visit to the Internet Service from the User’s device, through appropriate functionalities of the Internet Service, thus before concluding a contract for the provision of services electronically.
   
   5) for direct marketing purposes (legal basis Article 6(1)(f) of the GDPR) – for the purpose of offering products and services of the Administrator and the Administrator’s partners, usually in the form of online advertising, tailored to the User’s interests, which is a legitimate interest of the Administrator and the Administrator’s partners; the Administrator may use electronic communication tools for this purpose, such as, in particular, the email address provided by the User.
   
   6) for analytical purposes (legal basis Article 6(1)(f) of the GDPR) – including User opinion research, contacting Users of the Internet Service for analytical purposes; based on the analysis of User activity on the Internet Service, the Administrator is able to better tailor content and services to the needs of Users, develop statistics related to the use of the Internet Service, assess satisfaction with the services offered, determine their quality, and ensure data security on the website, which constitutes a legitimate interest of the Administrator.
   
   
4. Personal data collected by the Administrator will be processed for no longer than is necessary for the purposes for which the personal data were collected.
   
   1) Personal data collected for the purpose of entering into and performing a contract for the provision of services electronically will be stored and processed for the duration of the conclusion and performance of the relevant contract, and then for the required data archiving period provided for by law.
   
   2) Personal data collected for the purpose of fulfilling legal obligations incumbent on the Administrator in connection with concluded contracts will be processed for the period necessary to fulfill the legal obligations incumbent on the Administrator.
   
   3) Personal data collected for the purpose of defense, investigation, or establishment of claims related to concluded contracts will be processed for the period of investigation, defense, or establishment of claims, but no longer than until the expiry of the limitation period for claims.
   
   4) Personal data collected for the purpose of handling queries from Users of the Internet Service will be processed for the period necessary to establish contact with the User and resolve the matter.
   
   5) Personal data collected for marketing and analytical purposes will be processed for the duration of the marketing campaign or until the withdrawal of consent for processing or objection to such processing is received.
   
   6) Personal data collected for the purpose of researching User opinions will be processed during the study and for the duration of the analysis of its results.
   
   7) Personal data collected for purposes related to cookie technology – personal data will be processed until consent is withdrawn.
   
   8) Personal data will also be processed until the expiry of statutory limitation periods or the expiration of the obligation to archive under applicable laws.
   
   
5. The Administrator will stop processing personal data that were collected on the basis of the Administrator’s legitimate interest in each case when the person whose personal data is being processed objects to the processing of personal data and when the consent on the basis of which his or her personal data was collected and processed is withdrawn. or the Administrator determines that the data is no longer valid.
   
   
6. Information and personal data about Users are obtained by voluntarily entering personal data and information into the Website’s systems via electronic forms available on its pages, voluntarily providing personal data in the process of contacting the Administrator via other methods, as well as in an automated manner, via cookies saved in end devices and by collecting web server logs by the hosting operator of the Website (necessary for the proper operation of the Website).
   
   
7. The User can enter the website of the Website without having to provide any personal data and browse the pages of the Website in this mode, subject to data that is collected automatically, which includes primarily – IP address, domain name, type and type of browser, system type. operational, interests, age and gender of the Website user. The data in question is collected automatically, mainly via cookies.
   
   
8. Although providing personal data is voluntary and consent to their processing may be withdrawn at any time, in a situation where providing personal data is necessary due to an existing legal obligation or for the purposes of concluding and performing a contract for the provision of services and taking the necessary activities before its conclusion, failure to provide the required personal data by the User may result in the inability to conclude and perform the contract for the provision of services.
   
   
9. Personal data may be subject to an automated decision-making process, including profiling in order to provide services under the concluded contract and for the purpose of conducting direct marketing. Profiling consists in particular in adapting the display of content to Users’ preferences based on their previous choices.
   
   
10. The user consents to the processing of personal data:
    
    1) when entering the website of the Website for the first time by selecting the option “I agree, I want to go to the website” from the available options in the message regarding cookies and the Privacy Policy;
    
    2) before selecting the “Send” button and thus sending the inquiry via the contact form available in the “Contact” tab of the Website, by checking the appropriate checkbox regarding consent to the processing of personal data;
    
    3) by initiating the complaint process described in the Regulations, which requires providing the User’s personal data in order to consider and respond to the User’s complaint.

§ 3.
RECIPIENTS OF USER DATA

1. The Administrator may transfer the User’s personal data to entities processing personal data on behalf of the Administrator, i.e. external entities providing services to the Administrator, based on concluded contracts entrusting the processing of personal data in order to provide services to the Administrator and in accordance with his instructions.
   
   
2. Users’ personal data may be transferred to the following categories of entities that provide sufficient guarantees of implementing appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and the Personal Data Protection Act and protects the rights of data subjects:
   
   1) Subcontractors – external companies providing services to the Administrator, in particular such as: hosting, server maintenance, including e-mail servers, database maintenance, service, diagnostic and repair work, marketing, analytics, accounting, providing widgets for placement on the website website, providing a helpdesk system, creating and delivering backup copies, services related to testing the quality of services provided, hosting, technical / IT support, marketing and PR services, legal and advisory services, advertisers and similar entities, and also to the extent resulting from the obligations legal – public authorities. These entities are data recipients, processors acting on behalf and at the request of the Administrator.
   
   2) Advertisers – i.e. entities that, based on information contained in cookies or other similar identifiers (if they contain personal data), participate in the process of selecting the content of advertisements that are displayed to Users on the Website. More information about what cookies are and how they work, and how you can adjust your browser settings in this regard, can be found in § 7 of this Privacy Policy.
   
   
3. Personal data will not be processed in third countries.

§ 4.
RIGHTS OF PERSONS TO WHOM PERSONAL DATA CONCERN

1. Each person affected by the processed personal data has the right:
   
   1) access (Article 15(1) of the GDPR) – obtaining confirmation from the Administrator whether personal data relating to her are being processed. If personal data relating to a given person are processed by the Administrator, he or she is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data have been or will be disclosed, about the data storage period or about criteria for determining the period in question, about the right to request the Administrator to rectify, delete or limit the processing of personal data of the data subject and to object to such processing, information about the right to lodge a complaint with the supervisory authority, and additionally if the personal data have been collected from the person to whom they concern – about all available information about their source, information about automated decision-making, including profiling;
   
   2) to receive a copy of the data (Article 15(3) of the GDPR) – to obtain a copy of the data subject to processing, the first copy being free of charge, and for subsequent copies the Data Controller may impose a reasonable fee resulting from administrative costs;
   
   3) to rectify data (Article 16 of the GDPR) – request the rectification of incorrect personal data concerning a given person, or the completion of incomplete data by submitting an additional statement;
   
   4) to delete data (Article 17 of the GDPR) – request the deletion of personal data relating to a given person, if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing, the data subject objects to the processing and there are no overriding legitimate grounds for the processing, the personal data have been processed unlawfully, the personal data must be erased in order to comply with a legal obligation under Union law European Union or the law of a Member State to which the Administrator is subject, unless the processing of personal data is necessary to establish, pursue or defend claims or there are other circumstances listed in Art. 17 section 3 GDPR;
   
   5) to limit processing (Article 18 of the GDPR) – request to limit the processing of personal data relating to a given person when:
   
   i. the data subject questions the accuracy of the personal data – for a period enabling the Data Controller to check the accuracy of the data,
   
   ii. the processing is unlawful and the data subject objects to their deletion and requests restriction of their use,
   
   iii. The administrator no longer needs this data, but they are needed by the data subject to establish, pursue or defend claims,
   
   iv. the data subject has objected to their processing – until it is determined whether the legally justified grounds on the part of the Administrator override the grounds for the data subject’s objection;
   
   6) to transfer data (Article 20 of the GDPR) – receiving personal data in a structured, commonly used, machine-readable format regarding a given person who has provided personal data to the Administrator, and requesting that these data be sent to another administrator if the data are processed on the basis of the consent of the data subject concern or a contract concluded therewith and if the data are processed in an automated manner;
   
   7) to object (Article 21 of the GDPR) – to object to the processing of her personal data for the legally justified purposes of the Administrator, for reasons related to her particular situation, including profiling. In such a case, the Administrator is not entitled to process this personal data, unless he demonstrates the existence of valid legally justified grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, pursuing or defending claims. If personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him or her for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing. ;
   
   8) to withdraw consent at any time and without giving a reason, provided that the withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal. Withdrawal of consent will result in the Administrator ceasing to process personal data for the purpose for which the consent was granted;
   
   9) submit a complaint to the President of the Office for Personal Data Protection in each case in which the User considers that the Administrator’s actions have violated the provisions on the protection of personal data.
   
   
2. To exercise the above-mentioned rights, the data subject should contact the Administrator using the Administrator’s contact details indicated in § 1 section 1 of this Privacy Policy and inform him which right and to what extent he wants to exercise. Please remember and bear in mind that fulfilling the User’s request will require confirmation of his/her identity, which may require additional activity on the User’s part.

§5.
PRESIDENT OF THE PERSONAL DATA PROTECTION OFFICE

1. The person to whom the processed personal data relates has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection based in Warsaw, who can be contacted as follows:
   
   1) by letter: Stawki 2, 00-193 Warsaw;
   
   2) via the electronic inbox available at: https://www.uodo.gov.pl/pl/p/kontakt;
   
   3) by phone via the hotline at: 606-950-000.
   
   
2. You can read more about how to submit a complaint to the supervisory authority on the website: https://uodo.gov.pl/pl/83/155.
   
   

§6.
CHANGES TO THE PRIVACY POLICY

1. The content of the Privacy Policy set out in this document is valid from the date indicated on the first page of the Privacy Policy, under the title, in the place “last updated (…)”.
   
   
2. The privacy policy may be supplemented or updated in accordance with the Administrator’s current needs in order to provide current and reliable information to the Website Users and to take into account any changes in the factual and legal status. The currently applicable Privacy Policy is available to Users at the appropriate link on the Website.
   

§7.
COOKIES

1. The Website performs the functions of obtaining information about Users and their behavior in the following way:
   
   1) through information entered voluntarily by the User into electronic forms made available on the Website and for the purposes resulting from the function of a specific form or provided to the Administrator in another form for the purposes of initiating and carrying out the complaint process described in the Regulations;
   
   2) through cookies saved in the User’s end devices (so-called “cookies”) – by using the Website, the User accepts that cookies will be installed in the end device that will enable the Administrator to provide services;
   
   3) by collecting web server logs by the hosting operator of the Website (necessary for the proper operation of the website).
   
   
2. Cookies are IT data, in particular text files, which are sent while browsing the website of the Website and stored on the User’s end device and are intended for using the Website. Cookies usually contain the name of the website they come from, their storage time on the end device and a unique number.
   
   
3. The entity that places cookies on the end device of the Website User and obtains access to them is the Administrator. The legal basis for the processing of personal data from cookies is the legitimate interests of the Administrator, consisting in ensuring high quality and security of the services provided, and the consent of the User to whom the personal data relates.
   
   
4. The Website uses cookies after the Website User has expressed prior consent in this regard. Consent to the use of all cookies by the Website is made by selecting the appropriate option from those available in the message regarding the use of cookies by the Website, which is displayed after the first entry to the website of the Website, by clicking the button: “I agree, I want to go to the site“, the two available options are: “I agree, I want to go to the site” or “I do not allow”.
   
   
5. If the Website User does not consent to the Website using cookies, he or she may use the option and select the button: “I do not allow”, available in the message regarding the use of cookies by the Website, which is displayed after the first entry to the Website, or make changes to the settings of the web browser you are currently using (however, this may result in incorrect operation of the Website).
   
   
6. The process of expressing and refusing consent may vary depending on the web browser used by the User. For details, see your web browser’s help or documentation. To manage cookie settings, select a web browser/system from the list and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.
   
   
7. The Website uses two basic types of cookies: “session cookies” and “persistent cookies”. “Session” cookies are temporary files that are stored on the User’s end device until they leave the Website or turn off the software (web browser). “Permanent” cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User. Additionally, we distinguish our own files (coming directly from the Website) and external files (coming from a third party via the Website). In the latter case, it is recommended to read the privacy and cookies policy of the given third party.
   
   
8. Cookies are used for the following purposes:
   
   1) cookies remember the User’s preferences, which allows for improving the quality of services provided and improving the accuracy of search results;
   
   2) creating statistics that help understand how Website Users use websites, which allows improving their structure and content;
   
   3) defining the User’s profile in order to display product recommendations and tailored advertising materials, in particular the Google network.
   
   
9. Software for browsing websites (web browser) usually allows cookies to be stored on the User’s end device by default. Users can change the settings in this regard. The web browser allows you to delete cookies. It is also possible to automatically block cookies via appropriate web browser settings.
   
   
10. Cookies do not cause configuration changes in devices and software installed on the User’s devices.
    
    
11. Restrictions on the use of cookies may affect some of the functionalities available on the Website, and in some cases completely prevent the use of some of its functions and options.
    
    
12. Cookies placed on the User’s end device may also be used by advertisers and partners of the Website cooperating with the Website, in particular by the “XPARTNER” website (www.xpartner.net.pl).
    
    
13. Cookies may be used by the Google network to display advertisements tailored to the way the User uses the Website. For this purpose, they may retain information about the User’s navigation path or the time spent on a given website: https://policies.google.com/technologies/partner-sites.
    
    
14. The website uses statistical analysis of website traffic via Google Analytics (Google Inc. based in the USA). The Google Analytics system, which automatically collects data about the User, is an internet analytics system through which the Administrator obtains insight into the data traffic of the Website and the demographic data of Users, used for marketing purposes. It is recommended that the User read the Google Analytics privacy policy to learn the principles of using cookies used in statistics: The Google Analytics privacy policy can be found at the link: https://policies.google.com/privacy?hl=pl. Celem zablokowania działania systemu Google Analytics należy wyłączyć możliwość korzystania z plików cookies.
    
    
15. In terms of information about the User’s preferences collected by the Google advertising network, the User can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/.
    
    
16. The Website contains plug-ins that can transfer Users’ data to the administrators of portals such as: Facebook, Google, Instagram, LinkedIn, YouTube, Salesmanago, Gemius and others. The tool in question allows the indicated portals to identify people visiting the Website as a target group, which can then be displayed advertisements with appropriate content. In order to avoid transfer of the data in question to the indicated portals, you should avoid clicking on links to the portals in question or log out of your account on a given portal before clicking on the link. The processing of personal data by the above portals is based on the rules and policies applied by the above portals. The Administrator recommends that you read the documents in question before making the moves described in the preceding sentences.
    
    

§ 8.
SECURITY OF PERSONAL DATA PROCESSING

1. The Administrator applies security measures to protect personal data against loss, misuse and unauthorized modification.
   
   
2. Taking into account the state of technical knowledge, the nature, scope and purposes of processing as well as the risk of violating the rights and freedoms of natural persons with varying probability and severity, the Administrator has implemented appropriate technical and organizational measures to ensure a level of security corresponding to the existing risk, in particular it applies the following measures:
   
   1) Minimization of personal data required, collected and processed;
   
   2) The ability to continuously ensure the confidentiality, integrity, availability and resilience of processing systems and services;
   
   3) The ability to quickly restore the availability and access to personal data in the event of a physical or technical incident;
   
   4) Regularly testing, measuring and assessing the effectiveness of technical and organizational measures to ensure the security of processing;
   
   5) By default, only personal data that is necessary to achieve each specific processing purpose is processed;
   
   6) Collecting personal data for specified, lawful purposes and not subjecting them to further processing inconsistent with these purposes;
   
   7) Processing personal data in a substantively correct and adequate manner in relation to the purposes for which they are processed;
   
   8) Keeping records of persons authorized to process personal data. Persons authorized to process data are obliged to keep personal data and the methods of securing it strictly confidential;
   
   9) Regular updating of all software used by the Administrator to process personal data, which in particular means regular updates of programming components.