- The administrator of personal data collected via the BIMEngineers.eu website is Maciej Iwaszko who performs business under the name of BIM ENGINEERS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ entered in the Central Register and Information on Economic Activity of the Republic of Poland kept by the minister of economy, place of business and address to deliveries: ul. T. Borowskiego 2 lok. 308, NIP: 5242823096, REGON: 366644596, e-mail address: email@example.com, telephone number: +48 22 398 60 05.
- Personal data collected by the Controller through the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR.
TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
- PURPOSE OF PROCESSING AND LEGAL BASIS.The Administrator processes the personal data of the Service Users of the Website www.bimengineers.eu when using the contact form:
- in order to answer the question sent by the Customer (pursuant to art. 6 par. 1 (b) GDPR – performance of the contract for the provision of electronic services in accordance with the Website Regulations),
- in order to send commercial information by electronic means, after expressing a separate consent, pursuant to art. 6 par. 1 (a) of GDPR.
- TYPE OF PROCESSED PERSONAL DATA.When using the contact form, the Service Recipient provides:
- Name and surname,
- PERIOD OF PERSONAL DATA ARCHIVING.The personal data of the Customers are stored by the Administrator:
- in case when the basis for data processing is the performance of the contract, as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period of claims. Unless a special provision states otherwise, the limitation period is six years, and for claims pertaining to periodical performances and claims related to conducting business activity – three years.
- in case where the basis for data processing is consent, as long as the consent is not revoked, and after revoking the consent for a period of time corresponding to the limitation period of claims which may be raised by the Controller and which may be raised against him. Unless a special provision states otherwise, the limitation period is six years, and for claims pertaining to periodical performances and claims related to conducting business activity – three years.
- When using the Website, additional information may be downloaded such as: IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, type of browser, access time, type of operating system.
- Navigational data may also be collected from the Service Users, including information about links and links in which they decide to click or other activities undertaken on the Website. The legal basis for this type of activity is the legitimate interest of the Administrator (Art. 6 par. (1)(f) of GDPR), consisting in facilitation of the use of electronically rendered services and in improvement of the functionality of said services.
- Provision of the personal data by the User is completely voluntary.
- Personal data will also be processed in an automated way in the form of profiling, provided that the Customer agrees to it, pursuant to Art. 6 par. 1 a) GDPR. The consequence of profiling will be to assign a profile to a given person in order to make decisions about them or to analyse or predict their preferences, behaviours and attitudes.
- The Controller will use due care to protect the interests of people whose data is collected and, in particular, will ensure that the data he collects is:
- processed lawfully,
- collected for specified and legitimate purposes and not processed further in a way incompatible with the intended purposes.
RELEASE OF PERSONAL DATA
- The personal data of the Customers are provided to service providers used by the Administrator when running the Website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, are either subject to the Collector’s instructions regarding the purposes and methods of processing this data (processors) or independently define the purposes and methods of its processing (controllers).
- Customers’ personal data is stored only within the European Economic Area (EEA).
THE RIGHT TO CONTROL, ACCESS AND CORRECT THE PERSONAL DATA
- The data subject has the right to access their personal data, as well as to rectify, erase, restrict the processing, the right to transfer data, object, withdraw their consent at any time without affecting the lawfulness of any processing performed on the basis of the consent prior to its withdrawal.
- Legal grounds for the Service Recipient’s request:
- Access to data – Art. 15 of GDPR
- Rectification of data – Art. 16 of GDPR.
- Data erasure (the right to be forgotten) – Art. 17 of GDPR.
- Restriction of processing – Art. 18 of GDPR.
- Data portability – Art. 20 of GDPR.
- Objection – Art. 21 of GDPR.
- Withdrawal of consent – Art. 7 par. 3 of GDPR.
- In order to exercise the rights referred to in item 2, an appropriate e-mail should be sent to the following address: firstname.lastname@example.org.
- In the event when the Customer exercises his right included in the above-mentioned rights, the Controller complies with the request or refuses to comply with it immediately, but no later than within one month after receiving it. However, if – due to the complicated nature of the request or the number of requests – the Controller will not be able to fulfil the request within a month, he will comply with it within the next two months informing the Customer in advance, within one month of receiving the request, about the intended extension of the deadline and the reasons for it.
- In the event of concluding that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint to the President of the Personal Data Protection Office.
- The Administrator’s website uses “cookies”.
- Installation of cookies is necessary for the website’s services to be provided in a proper way. The cookies contain information necessary for the proper functioning of the website, as well as provide the possibility of compiling general statistics of website visits.
- The website uses two types of “cookies”: “session” and “permanent”.
- “Session Cookies” are temporary files that are stored in the end device of the Service User, for log out time (leaving the website).
- “Permanent Cookies” are stored in the end device of the Service User, for the time specified in the parameters of “cookies”, or until their removal by the User.
- The Controller uses his own cookies to better understand the Customers’ interactions with the content of the page. The files collect information on how the Customer uses the website, the type of website the Customer was redirected from and the number and length of the Customer’s visits to the website. This information does not record specific personal data the Customer, but is used to develop the statistics for the website use.
- The Customer has the right to decide on access of the “cookies” to their computer, by means of browser settings.Detailed information about the possibilities and methods of cookie use is available in the software (web browser) settings.
- The administrator uses on his website:
- marketing tools, i.e. Facebook Pixel, in order to direct advertisements to the Service Recipient, this involves the use of Facebook cookies, as part of the cookie settings, the Service Recipient may decide whether he agrees to the Service Provider’s use of the Pixel Facebook tool (administrator: Facebook Inc. or Facebook Ireland Limited) in relation to him;
- analytical tools, i.e. Google Analytics, this involves the use of Google LLC cookies for the Google Analytics service, as part of the mechanism for managing cookie settings, the Service Recipient has the option to decide whether the Service Provider will be able to use Google Analytics (external cookie administrator: Google Inc. USA) in relation to him.
- The Controller uses technical and organizational measures to protect personal data, appropriate to the risks and category of data being protected, in particular to protect data against their unauthorized disclosure, takeover by an unauthorized person, processing with the violation of existing regulations, alteration, loss, damage or destruction.
- The Controller provides the following technical measures to prevent the access and modification by third parties of personal data transmitted electronically.