Trust of individuals whose personal data we process and ensuring compliance with the applicable laws are of paramount importance to us.
According to the requirements of REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “Regulation”, we would like to share with you the following information:
The controller of your personal data, hereinafter referred to as “Controller”, is:
UNITY Spółka Akcyjna with registered office in Wrocław, ul. Strzegomska 2-4, 54-201 Wrocław, entered in the register of entrepreneurs of the National Court Register, maintained by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Department of the National Court Register, under no. KRS 0000004330, with its share capital amounting to PLN 5,864,648.00 (fully paid in), bearer of tax ID (NIP) PL8942649070 and statistical no. (REGON) 932269479.
The Controller is responsible for the use of personal data in a safe manner, according to the purpose for which such data has been collected and in compliance with the applicable laws.
Phone: +48 71 358 41 111
Email: iod@unity.pl
Postal address: ul. Strzegomska 2-4, 54-201 Wrocław, Poland.
We use the collected personal data only for specific and legally justified purposes. The scope, purpose, period and legal basis for such processing as well as the categories of recipients are regulated by the laws binding on the Controller, and depend on the nature and scope of activities of the data subject.
Purpose of data processing: Taking steps at the request of the data subject prior to entering into a contract (e.g. preparing an offer)
Legal basis for processing: Article 6(1)(b) of the Regulation (“performance of a contract”)
Storage period: The data is stored for a period necessary for the performance, termination or expiry of the contract, or for a period after which possible claims become time-barred.
Purpose of data processing: Direct marketing (directing specific, personalised messages at carefully selected individual customers in order to elicit a direct reply)
Legal basis for processing: Article 6(1)(f) of the Regulation (“legitimate interests pursued by the Controller”)
Storage period: The data is stored for the duration of the legitimate interests pursued by the Controller and for a period after which possible claims become time-barred. If a data subject effectively objects to the use of their personal data, the Controller will no longer process the data for the purpose of direct marketing.
Purpose of data processing: Sending information and advertising content concerning Unity Group’s offers by means of electronic communication
Legal basis for processing: Article 6(1)(a) of the Regulation (“consent of the data subject”)
Storage period: The data is stored until the data subject withdraws their consent to the continued processing of their data for marketing purposes. The consent can be withdrawn at any time using an opt-out link included in each message.
Purpose of data processing: Sending information on Unity Group’s events by means of electronic communication
Legal basis for processing: Article 6(1)(a) of the Regulation (“consent of the data subject”)
Storage period: The data is stored until the data subject withdraws their consent to continued the processing of their data for marketing purposes. The consent can be withdrawn at any time using an opt-out link included in each message.
Purpose of data processing: Sending information on new expert publications of Unity Group by means of electronic communication
Legal basis for processing: Article 6(1)(a) of the Regulation (“consent of the data subject”)
Storage period: The data is stored until the data subject withdraws their consent to the continued processing of their data for marketing purposes. The consent can be withdrawn at any time using an opt-out link included in each message.
Purpose of data processing: Sending expert publications of Unity Group at the user’s request by means of electronic communication
Legal basis for processing: Article 6(1)(a) of the Regulation (“consent of the data subject”)
Storage period: The data is stored until the data subject withdraws their consent to the continued processing of their data for marketing purposes. The consent can be withdrawn at any time using an opt-out link included in each message.
Purpose of data processing: Sending Unity Group’s newsletter
Legal basis for processing: Article 6(1)(a) of the Regulation (“consent of the data subject”)
Storage period: The data is stored until the data subject withdraws their consent to the continued processing of their data for marketing purposes. The consent can be withdrawn at any time using an opt-out link included in each message.
Purpose of data processing: Expression of an opinion by a Customer
Legal basis for processing: Article 6(1)(a) of the Regulation (“consent of the data subject”)
Storage period: The data is stored until the data subject withdraws their consent to the continued processing for this purpose.
In order to perform a contract and to ensure the proper functioning of the Controller’s websites, the Controller uses services provided by third parties who work with the Controller (e.g. postal and courier service providers, and payment processors).
The personal data is transferred to third parties only when and as necessary to achieve the purpose of processing. Third parties may use the transferred personal data only for the purpose of fulfilling the task entrusted to them by the Controller.
The personal data may be transferred to the following recipients who work with the Controller:
Your personal data may also be disclosed to member companies of Unity Group, i.e.: Internet Designers sp. z o.o, Intratic sp z o.o. and Unity Systems sp. z o.o.
The legal basis for the processing of the data transmitted within the Group of companies for internal administration purposes is Article 6(1)(f) of the Regulation: the processing is necessary for the purposes of the legitimate interests pursued by the controller.
The personal data may be transferred outside the European Economic Area (which includes the European Union, Iceland, Liechtenstein and Norway) to Google LLC based on adequate legal safeguards, such as the standard contractual clauses concerning the protection of personal data approved by the European Commission. See also section 9. Online analysis.
No consent to the processing of the personal data is required if, among other things:
If a consent is necessary to be able to process the personal data for a specific purpose (e.g. consent to the use of cookies), the Controller will ask for such a consent. Your consent can be withdrawn at any time.
If it is withdrawn, the data will no longer be used for the purpose covered by the concerned, but withdrawing the consent will not affect the legality of any processing activities which were performed based on the consent before its withdrawal.
According to the rules stipulated by the Regulation, the data subject also has the right to demand that the Controller provide access to their personal data, and to demand rectification, erasure (the right to be forgotten) or restriction of processing, and the right to object to processing as well as a right to data portability.
If the personal data is processed for the purpose of direct marketing, an objection can be made at any time to the processing of such data for marketing purposes, including profiling, to the extent to which the processing is linked to direct marketing.
In order to exercise the above rights, a request should be delivered to the Controller by e-mail, by letter or in person, to the Controller’s office, using the contact details provided in the introduction.
To verify that the individual submitting the request is authorised to do so, the Controller may ask for additional information to confirm his/her identity.
The Regulation stipulates the extent to which each of these rights can be exercised. In particular, it will depend on the legal basis and the purpose for which the personal data is processed by the Controller. The above rights can be exercised free of charge once every 6 months. According to Article 12 of the Regulation, if requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may charge a reasonable fee.
The data subject has the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for the Protection of Personal Data (Urząd Ochrony Danych Osobowych).
8.1 Newsletter
The newsletter and other marketing communication are sent only to Users who have given consent to receiving such communication and have provided their e-mail address. The consent to receiving the newsletter can be withdrawn at any time by clicking the opt-out link included in every newsletter, or by contacting the Controller at the address provided above.
8.2 Cookies
The Controller’s websites use cookies, i.e. text files that are saved to the User’s device. The files allow for analysing how a website is used and identifying the User’s browser. Cookies can be blocked in the browser settings, but this may limit the website’s functionality.
The Controller may process the data included in the cookies to perform an anonymous analysis of visitors and their behaviour (e.g. the opening of certain websites) in order to deliver advertising that is personalised to what they are likely to be interested in, also when they visit other websites which are partners in the advertising networks of Google Inc. and Facebook Ireland Ltd., and in order to improve the administration of the Controller’s websites.
8.3 Onsite Targeting
The Controller uses cookies to analyse the activity of visitors (e.g. the opening of specific subpages), and to be able to present advertisements and/or special offers to the User.
8.4 Retargeting, third-party cookies and collection of data by third parties for advertising purposes
The Controller’s websites use retargeting (remarketing) technology.
The Controller uses the following third-party services which use cookies on the Controller’s websites:
8.5 How to block the saving of cookies?
To block the saving of cookies, the User should enable a browser setting that allows cookies to be saved only with the User’s consent.
To accept the use of the Controller’s cookies and block the use of third-party cookies at the same time, select the option “Block cookies from third-party websites” in the browser settings
The User can disable cookies in the browser settings, but this may limit the website’s functionality and make it impossible to use all of its functions.
The Controller uses the web analytics service Google Analytics offered by Google. Google Analytics uses cookies to analyse a user’s behaviour on the website. The information generated by the cookies concerning the use of the website (including the user’s IP address) is transferred to and may be stored by Google on servers in the United States. Google will use this information to analyse how the website is used, create reports for websites which use Google Analytics and provide other services. Google may also transfer this information to third parties if it is required to do so by the law or if third parties process such information on behalf of Google.
By using the website, the User consents that Google may process his/her data in the manner and for the purposes described above.
Google Analytics analyses the website with the “_anonymizeIp()” extension and, therefore, all IP addresses are processed only in an abbreviated form and cannot be directly linked to a specific User.
You can withdraw your consent to the transferring, collection and processing of your data to and by Google in the future by, for example, installing the Google Analytics Opt-Out tool.
The web browser provides data on the user’s activity on the Controller’s websites, which is saved in server log files. Data records saved in this way include the following data: date and time of download, name of the visited website, size of the downloaded data, as well as information on the product version of the web browser being used, the IP address and URL of the reference website (address of the website from which the user has been redirected).
The data records in the server log file are analysed to correct errors, manage service efficiency, protect against DDoS attacks and personalise the offer.
The personal data will not be used for automated decision-making which results in legal consequences for the data subject, including for profiling.
The Controller’s websites may include links to third-party websites, which operate independently from the Controller and are not supervised by the Controller in any way. After accessing third-party websites, the Controller recommends familiarising yourself with their privacy policies. The Controller is not liable for how the data is handled on third-party websites.