Effective from July 30, 2021.
I. Data processing in connection with the use of the website
The administrator collects user data in connection with the use of the website and only to the extent necessary to provide individual services offered on the website, and for the purposes of sending commercial information in the form of a newsletter, as well as anonymised information about users' activity on the website using cookies on the basis of specified in this Policy.
II. Legal grounds for data processing on the website and the purposes of processing
The personal data entrusted to the administrator by the user, in particular, include first name, last name and e-mail address, are processed for various purposes:
1.to the extent necessary to answer the question asked, which does not constitute a request for a commercial offer,
2.in order to prepare a commercial offer for products and services offered by the administrator,
- to prepare and conduct negotiations to conclude a contract, and then for the purposes of implementing this contract.
4.for purposes related to the preparation and sending of the newsletter.
Providing personal data is done by placing them in the appropriate fields of the form on the "Contact" subpage. Providing personal data is voluntary, however, the lack of consent to the processing of personal data or the provision of incomplete data may prevent the use of the services offered by the administrator.
In connection with the above, the administrator processes the user's personal data for the purposes necessary for the performance of the contract to which the data subject is party, or to take action at the request of the data subject, before concluding the contract, as referred to in art. 6 sec. 1 lit. b GDPR.
In the scope related to the processing of the user's personal data for the purposes of the newsletter, the data is processed on the basis of the consent given by the data subject (Article 6 (1) (a) of the GDPR)
After the completion of the contract, the user's personal data that has been provided to the administrator may also be stored for a further period, for the following purposes and on the basis of the following criteria for determining the period of data processing:
1.in order to fulfil the statutory obligations incumbent on the Administrator, resulting in particular from tax and accounting regulations - the legal basis for processing is the legal obligation (Article 6 (1) (c) of the GDPR),
2.in order to possibly establish, investigate or defend against claims - the legal basis for processing is the Controller's legitimate interest (Article 6 (1) (f) of the GDPR), consisting in the protection of its rights.
In the scope related to the processing of the user's personal data for the purposes of the newsletter, personal data is processed until the user withdraws his consent. The user may withdraw consent at any time, in which case the administrator will cease to provide the service and immediately delete all data provided by the user.
III. User permissions
- The User has the right to access the data and demand their rectification, deletion, processing restrictions, the right to transfer data, and the right to object to data processing, as well as the right to lodge a complaint with the supervisory body dealing with the protection of personal data. To the extent that user data is processed on the basis of consent and is not processed for other purposes, it can be withdrawn at any time by contacting the Administrator, for example via electronic communication channels to the e-mail address:
firstname.lastname@example.org, or by post to the following address: zonda.aero Sp. z o.o., Paderewskiego 1 street, 86-005 Białe Błota.
- The User has the right to object at any time to the processing of his data, if the basis for data processing is solely the legitimate interest of the Administrator, referred to in art. 6 sec. 1 lit. f GDPR. The user also has the right to object at any time to the processing of his data for reasons related to his particular situation in cases where the legal basis for data processing is the legitimate interest of the administrator. If the provided personal data were not used to conclude the contract (e.g. the contract was not concluded), the user also has the right to withdraw consent to the processing of data at any time without affecting the lawfulness of the processing, which was carried out on the basis of consent before its withdrawal.
3.The data subject has the right to request the administrator to delete his personal data immediately ("the right to be forgotten") if one of the following conditions applies:
1.a) personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
- B) the data subject has withdrawn consent on which the processing is based pursuant to art. 6 sec. 1 lit. a GDPR or art. 9 sec. 2 lit. a GDPR and there is no other legal basis for processing,
3.c) the data subject objects to the processing pursuant to Art. 21 sec. 2 GDPR,
4.d) personal data have been processed unlawfully,
5.e) personal data must be removed in order to comply with the legal obligation provided for in European Union law or Polish law,
- f) the personal data have been collected in relation to the offering of information society services, referred to in art. 8 sec. 1 GDPR.
IV. Data recipients:
In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems used to provide services, entities such as banks and payment operators, entities providing accounting services, couriers, transport and forwarding companies (in connection with the execution of the order), as well as subcontractors indicated in the contract linking the user with the administrator,
In order to provide our services and to improve and analyse them, we also use the services and tools of other entities. They pursue the goals we set and, in some cases, they can also use the data obtained on the website http://www.zonda.aero to pursue their own goals and the goals of their cooperating entities. User data may be transferred to our trusted partners for this purpose. Our trusted partners include the payment operator PayU S.A., Grunwaldzka street 186 60-166 Poznan NIP: 779-23-08-495. In this case, the entrusting of user data takes place on the basis of a personal data entrustment agreement, and our trusted partner is obliged to ensure user data protection not lower than that of the administrator and in accordance with the provisions of the GDPR and national laws.
The Administrator reserves the right to disclose information about the User to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.
V. Transfer of personal data outside the European Economic Area
The administrator may transfer personal data outside the European Economic Area, if it is required by applicable law, and the data is transferred at the request of authorized bodies.
The administrator may also transfer the user's personal data outside the European Economic Area, if it is necessary for the purpose of implementing the contract concluded with the user. For example, if the user orders the performance of a service that will be performed outside the countries of the European Economic Area, the data may be transferred to subcontractors and other entities that will perform the contract in that country. The data may be transferred in order to best implement the service ordered by the user.
Such transfer will take place, provided that an adequate level of user data protection is ensured, which will be confirmed in particular by:
- cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued;
- the use of standard contractual clauses issued by the European Commission;
- application of binding corporate rules approved by the competent supervisory authority;
- in the case of data transfer to the USA - cooperation with entities participating in the Privacy Shield program, approved by a decision of the European Commission.
At the User's request, the Administrator will provide him with a copy of the data that will be transferred outside the EEA.
VI. Security of personal data
The administrator conducts a risk analysis on an ongoing basis to ensure that users' personal data are processed in a safe, lawful manner, ensuring access to data only by authorized persons and only to the extent that it is necessary due to the performance of their tasks. All operations on personal data are recorded. The administrator takes all steps to ensure that its subcontractors, contractors and other entities cooperating with the administrator guarantee adequate protection of personal data in each case before their transfer.
In addition, the administrator takes special care that personal information is:
- correct and lawfully processed,
- obtained only for specific purposes and not further processed in a manner inconsistent with these purposes,
- adequate, relevant and not redundant,
- accurate and up-to-date,
- not kept longer than necessary,
- processed in accordance with the rights of persons (whom they relate to), including the right to restrict sharing,
- safely stored,
- not transferred without adequate protection.
VII. Automated decision making and information on profiling.
Based on the user's data, no decisions are made by the administrator that would be automated (without human intervention). The administrator also does not take any actions aimed at user profiling.
VIII. Protection of the privacy of minors
The administrator does not monitor and does not verify information on the age of users, senders and recipients of messages and people interested in receiving notifications about the administrator's activities, including the newsletter. Contact information from users is used to fulfil orders, send information about our company and commercial offers.
Minors should not send any information or make orders or subscribe to services provided by the administrator, without the consent of their parents or legal guardians. Such consent is required by the controller whenever it becomes aware that the user is a minor ("child") within the meaning of national provisions on the protection of personal data.
The administrator does not automatically collect any personal data in connection with the use of the website. However, other data contained in cookies are collected when using the website. The administrator uses Google Analytics tools for this purpose.
Cookies are small text files stored in users' end devices, e.g. on a computer or smartphone, allowing for the correct display of the content of the viewed page.
Users can independently control the way cookies are handled using mechanisms built into the software used for browsing websites (web browsers). However, blocking some cookies may affect the functionality of the website.
Cookies collect information about users for the following purposes:
- displaying advertisements to users on the Internet that are tailored to their preferences and interests, and related to recent purchases made on the Internet.
- for analytical and statistical purposes.
The cookies do not contain data that identifies the user. On their basis, it is impossible to establish anyone's identity. These files are in no way harmful to end devices and do not change its settings or the settings of the software installed on it. Reading the content of these files is possible only by the server that created them.
The administrator does not directly display any advertisements for his services on the internet. Google Inc. is responsible for the delivery of advertisements tailored to the preferences of users.
X. Final Provisions
In case of any doubts or for additional information, please contact us at the following e-mail address: email@example.com