GENERAL PROVISIONS

This Privacy Policy of a website available at https://www.evant.pl (hereinafter “Website”) is for information purposes and does not give rise to any obligations for the Website users. The Privacy policy sets out the rules of processing personal data by the Website administrator, including the purpose and scope of such processing, the rights of data subjects and information about the use of cookie files and analytical tools.

The controller of personal data collected via the Website is EVANT PL SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ seated in Warsaw, entered into the register of entrepreneurs of the National Court Register under no KRS 0000802861; registration court which keeps the Company’s documents: District Court in Warsaw, XII Economic Division of the National Court Register; share capital of: PLN 5,000.00, having registered and correspondence address at ul. Pańska 96/83, 00-837 Warszawa, NIP: 5272905048, REGON: 384327850, e-mail address: kontakt@evant.pl, phone number: +48 22 432 08 10 (hereinafter: “EVANT PL“, “the Owner” or “the Administrator“).

The Controller processes personal data on the Website in accordance with the applicable provisions of law, including but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “the GDPR“.

The use of Website is on voluntary basis. Using the Website does not require from you any personal data, unless you want to use the contact form available on the website – in that case you must provide your contact details (signature and e-mail address), and failure to provide the data makes it impossible to send the contact form.

The Administrator exercises due diligence to protect the interest of data subjects, in particular the Controller is responsible for and ensures that the data it collects are: (1) processed lawfully; (2) collected for specific, lawful purposes and are not further processed in a way incompatible with those purposes; (3) adequate, relevant in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed, and (5) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Considering the nature, extent, context and purpose of the processing and the risk of infringing the rights or freedom of a natural person of varied probability and varied scale of threat, the Administrator implements adequate technical and organisational measures to process data in compliance with this regulation and is able to demonstrate it. The measures are subject to review and update if needed. The Administrator applies technical measures to protect electronically sent data from unauthorized access and modification.

CONTACT DETAILS

The Administrator’s contact details: EVANT PL Spółka z o.o. ul. Pańska 96/83, 00-837 Warszawa e-mail: kontakt@evant.pl telefon: +48 22 432 08 10

EVANT PL  Spółka z o.o.
ul. Pańska 96/83, 00-837 Warszawa
e-mail: kontakt@evant.pl,
telefon: +48 22 432 08 10

Contact details of the personal data inspector appointed by the Administrator:

adres do korespondencji: ul. Pańska 96/83, 00-837 Warszawa
e-mail: kontakt@evant.pl

LEGAL BASE FOR DATA PROCESSING

The Administrator may process personal data if and to the extent that at least one of the following applies: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; (4) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Each processing of personal data by the Administrator requires the occurrence of at least one of the above grounds. Specific grounds for the Administrator’s processing of the personal data of Website users are indicated in the subsequent paragraph of the Privacy Policy – with reference to a given purpose of processing.

PURPOSE, BASIS, DURATION AND SCOPE OF DATA PROCESSING ON THE WEBSITE

In each case the purpose, basis, duration and scope as well as the recipients of personal data processed by the Administrator depends on the user’s activity on the Website. The Administrator may process personal data on the Website on the basis of and for the clearly specified purposes, in particular, to respond to queries submitted through contact form.

Depending on the purpose of the contact:

1) Article 6(1)(b) GDPR (performance of a contract or taking steps at the request of the data subject prior to entering into a contract) or

2) Article 6(1)(f) GDPR (legitimate interests pursued by the controller)

The retention of data depends on the legal basis – respectively:

1) for the period necessary to take steps at the request of the data subject prior to entering into a contract and if the contract is concluded, for the period necessary to perform the contract, until its termination or other expiry of the contract; or

2) for the duration of the legitimate interest pursued by the Administrator, however no longer than for the period of limitation of the claims against the data subject with respect to the Administrator’s business activity. Periods of limitation are prescribed in the provisions of law, including but not limited to the Civil Code (the basic period of limitation of claims arising from business activity is three years).

DATA RECIPIENTS ON THE WEBSITE

For the Website to work properly the Administrator must use services of external providers (such as a hosting company, etc.). The Administrator uses services provided only by such processing operators who provide sufficient guarantee to implement appropriate technical and organisational measures, so that the processing meets the GDPR requirements and protects the rights of the data subject. Personal data is not transferred to any third country or to any international organisation.

The transfer of personal data by the Administrator is not done each time and is not done to all recipient or categories of recipients indicated in the Privacy Policy – the Administrator transfers data only if the Administrator has the data and if it is necessary to carry out the purpose of data processing and only in the scope necessary to carry it out.

Personal data of the Website users may be transferred to the following recipients or categories of recipients: service operators providing technical, organisational and IT solutions to the Administrator, enabling the Administrator to operate its business activity, including the Website and services offered thereon (including in particular providers of software for the Website, e-mail operators and web hosting providers). The Administrator shares the collected personal data of the user to a selected provider operating at the Administrator’s order only if and only to the extent to which it is necessary to carry out the purpose of data processing in compliance herewith.

RIGHTS OF THE DATA SUBJECT

1. Right to access, rectify, restrict, delete or transfer – the data subject may demand from the Administrator to have access to their personal data, to rectify it, to delete it (“the right to be forgotten”) or to restrict the processing thereof, may make an objection against the processing and may transfer their data. Detailed terms and conditions of exercising the above rights are set out in Art. 15-21 of the GDPR.
2. Right to withdraw the consent at any time – the data subject whose data is processed by the Administrator on the basis of their consent (according to Art. 6 (1)(a) or Art. 9(2)(a) of the GDPR) may withdraw their consent at any time and this will not affect the lawfulness of the processing done prior to the withdrawal.
3. The right to make a complaint to a supervisory authority – the data subject may file a complaint to a supervisory authority in the manner laid down in the GDPR and in the provisions of Polish law, including but not limited to the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
4. Right to object – the data subject has a right to object at any time – on the grounds related to their specific situation – against the processing of their data on the basis of Art. 6 (1)(e) (public tasks or interest) or Art. 6 (1)(f) (legitimate interest of the controller), including profiling on the basis of the same provisions. In such case the Administrator may no longer process such personal data unless the Administrator demonstrates that there are valid legitimate grounds for processing which overrides the interests, rights and freedoms of the data subject or for establishing, pursuing or defending a claim.
5. Right to object against direct marketing – if personal data is processed for the purpose of direct marketing, the data subject may at any time object against the processing of their data for such purpose, including the profiling, to the extent that the processing is linked to such direct marketing.

To exercise the rights referred to in this section of the Privacy Policy you may contact the Administrator by sending relevant message in writing or by e-mail to the Administrator’s address or to the address of the data protection inspector appointed hereinabove, or by using the contact form on the Website.

COOKIES ON THE WEBSITE

When a visitor uses the Website, the Administrator may process data contained in the cookie files for the following purposes: (1) provide basic functionalities of the Website such as session continuity, storage of dynamic data such as statistics, summaries, and (2) adjusting the content of the Website to the Customer’s personal preferences (e.g. language of the site).

MISCELLANEOUS

The Website may contain links to other websites. The Administrator recommends to read privacy policy of the other website upon visiting. This Privacy Policy applies only to the Administrator’s Website.