This Privacy Policy sets out the principles of processing and protection of personal data in connection with the use of the www.asa.eu website, which is hereinafter referred to as the “website”. It provides information on the User’s rights in connection with the processing of their personal data by ASA Sp. z o.o. on the website and its mobile version.
This document is an expression of care for the rights of persons using the www.asa.eu website as well as an expression of the Company’s compliance with the principles of personal data protection and diligence in guaranteeing the security of the User’s personal data, together with information concerning activity in the network, in particular the User’s possibility to exercise their rights resulting from the GDPR (General Data Protection Regulation).
Consent to data processing is voluntary and can be withdrawn at any time.
1. Personal data controller.
The personal data controller and the entity managing the asa.eu website is ASA Sp. z o.o., ul. Oświęcimska 11, 48-100 Głubczyce, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court in Opole, the 8th Commercial Division in Opole, number 0000142069, tax identification number NIP: 748-14-19-778, hereinafter referred to as the “Controller” or the “Company”.
In case of any questions, comments or objections concerning the processing of personal data, the User is encouraged to contact the Controller:
- using the contact form available on the website
- by email: odo@asa.eu
- by writing to the address ASA Sp. z o.o., ul. Oświęcimska 11, 48-100 Głubczyce
2. Data processed and purposes of data processing.
a. General information
Contact with the Company or use of the website, its mobile version as well as use of the newsletter service may involve the need to provide personal data. Provided data is kept strictly confidential and used for the purposes of which the User has been informed.
b. Data collected when contacting the company using the Contact Form.
Using the Contact Form available on the website, the User has the possibility to contact the Company by providing their email and optional contact details in the message content. Data provided in this way is processed in order to establish contact and respond to the message. Contacting the company by means of the form and providing the aforementioned data, the User agrees to the processing of their personal data, in particular their email address.
The data is provided on a voluntary basis, but failure to provide it will prevent contact from the Company.
c. Data collected during registration.
In order to use the Newsletter Service, the User will have to register. In order to receive an electronic newsletter the User is required to provide only their email address. The NEWSLETTER module on the home page www.asa.eu is designed for this purpose. By providing their email address, the User agrees to the processing of their personal data. The acquired data is used to send content within the NEWSLETTER module.
The newsletter subscriber has the possibility to opt out of receiving it at any time.
d. Other data.
Data provided by the User to the Company for the purpose of entering into a contract will be processed for this particular purpose and subsequently for the purpose of contract performance.
If the User contacts the Company in order to perform various activities or acquire information (e.g. make a complaint) using the Contact Form or by email, they will be required to provide the Company with their personal data in order to confirm their identity and enable the Company to contact them. This applies to the same personal data as previously provided. However, due to a specific nature of a request, the Company may have to require other data from the User. The User is not obliged to provide such data, but it is necessary to perform an action or obtain required information. Such data will be processed in order to perform activities requested by the User or to provide the User with requested information requested, as the case may be.
3. Cookie files.
Cookies are simple text files sent to the hard disk of the User’s computer (or such updated files, in the case of repeated visits) via the browser used by the User to enable the system to operate properly in terms of the full functionality made available to the User, as well as to collect statistics regarding visits on the website. The website may use two basic file types:
Session cookies are stored on the User’s device and remain there until the end of a browser session. The stored information is then permanently deleted from the device memory. The mechanism of session cookies does not make it possible to download any personal data or confidential information from the User’s device. Permanent cookies are stored on the User’s device and remain there until they are deleted. Ending a session of a given browser or switching off the device does not cause their removal from the User’s device. The mechanism of permanent cookies does not make it possible to download any personal data or confidential information from the User’s device.
No information allowing direct identification of the User’s personal data is collected or processed on the website. Cookies are used on this website for statistical purposes (concerning the statistics of visits to the website), to ensure proper operation of the website in terms of all its functionalities and to provide more tailored content for the User.
The User can deactivate or change the use of cookies at any time by changing the cookie settings in their browser.
4. Data sharing.
Provided personal data will not be made available to any third parties unless in the following cases:
- explicit consent of the data subject, e.g. making data available to other entities within the framework of activities related to answering an enquiry sent to the Controller,
- the transfer of data to authorized bodies under the law.
5. Data retention period.
The User’s personal data will be stored no longer than necessary for the purposes for which it has been collected, unless the Controller is obliged to store it longer under applicable laws. However, retention periods may vary depending on the purpose of processing. For example:
- personal data processed for the purpose of handling a query will be processed for the duration of the related correspondence and then, depending on the results of such correspondence, it will either be forwarded to the Controller’s partners/customers database and be further processed for the purpose of performing an agreement, or be deleted if there is no possibility of establishing cooperation,
- in the event of a clear closure of negotiations on the part of the User, data will be deleted immediately, and if this is not possible, it will be safely stored until negotiations are closed,
- in the absence of a reply and in the event of an unclear situation, data will be stored for a period of 6 months from the date of sending the last message,
- if it is not possible to determine the User’s last activity on the website, the User’s data will be processed until the User’s consent is revoked or their opposition to the processing is expressed (for example, in the case of the newsletter service),
- the User’s data will also be stored and used by the Controller if necessary to meet legal obligations, settle disputes and enforce the provisions of agreements, as well as until the end of periods of limitation for the submission of claims or objections.
After the expiry of the retention periods the User’s personal data will be deleted or rendered anonymous.
6. The User’s rights.
In connection with the processing of data by the Company, the User has a number of rights. The User may exercise such rights as well as obtain more information by contacting the Company:
- by email: odo@asa.eu
- by regular mail: ASA Sp. z o.o., ul. Oświęcimska 11, 48-100 Głubczyce
The User is entitled:
- to request access to their personal data and to modify and erase such data (“the right to be forgotten”);
- to object to the processing of their personal data for direct marketing purposes, which results in the termination of the processing of their data for direct marketing purposes;
- to object to the processing of their personal data on grounds relating to a specific situation of the User, if their personal data are to be processed on the basis of a legitimate interest. However, the Company will further process such personal data to a necessary extent necessary if there is a legitimate reason to do so on the part of the Controller;
- to transfer data processed in connection with the performance of a contract or on the basis of consent, and to restrict the scope of data processing;
If the processing of personal data is based on consent, the User has the right to withdraw such consent at any time. Withdrawal of consent does not, however, affect the lawfulness of the processing of personal data carried out on the basis of such consent before its withdrawal.
The Controller will provide the User with information on actions taken in relation to the User’s request within one month of receiving the User’s instruction. If necessary, the deadline for the fulfilment of a request may be extended by another two months due to the complicated nature of a request or the number of requests submitted.
In order to fulfil a request, the Controller is entitled to verify the User’s identity so that an unauthorized person will not gain access to the User’s data.
If the User’s request turns out to be clearly unjustified or excessive, in particular due to its repeated character, the Controller may demand a reasonable fee for the fulfilment of the request or refuse to take action in relation to the request.
The User has the right to lodge a complaint in connection with the Controller’s processing of their personal data with the supervisory body of the PPDPO (President of the Personal Data Protection Office), with the registered office at the following address: ul. Stawki 2, 00 -193 Warszawa, or with any other supervisory body.
7. Links to other websites.
The website www.asa.eu may contain links to other websites that are owned and operated by independent entities. Such entities may have their own privacy policies, which the User should become familiar with. The Controller is not responsible for privacy practices or products and services on other entities’ websites.
8. Personal data security.
The Controller makes every effort to protect the website from unauthorized access by third parties and controls the methods of collecting, storing and other processing of the User’s personal data. It uses, among others, a firewall, server security devices, encryption devices and physical security measures. The website www.asa.eu also has an SSL certificate. An SSL certificate is a tool that ensures the protection of the website and guarantees the confidentiality of data sent electronically. An SSL certificate is a type of security which consists in encoding data before it is sent from the User’s browser and decoding it after a safe access to the website. Information sent from the server to the User is also encoded and decoded after reaching its destination. It should be noted that access to personal data is granted only to those employees of the Company and entities that need to have access to it in order to process it only for the purposes described in this Privacy Policy. The
Controller undertakes to protect all information made available by the User while visiting the website in accordance with the provisions of generally applicable law, in particular the GDPR (General Data Protection Regulation).
9. Updating of the Privacy Policy.
In connection with the needs that may arise from the development of the services offered by the Company or regulatory changes, the Controller is entitled to make changes to this Privacy Policy. Such changes will be communicated to the User on the website. It is recommended to check this website frequently and to check the date of the latest modifications.