I. Rules for the processing of personal data of users
As Corleonis S.A. (hereinafter: Corleonis) we attach great importance to respecting and respecting the rights of users, with particular emphasis on the right to protect their privacy.
This policy explains the principles of collecting and processing personal data used by Corleonis.
Corleonis is responsible for the lawful use of the collected personal data, which takes place in a way that guarantees their security and compliance with the provisions of the GDPR (Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
Corleonis, as the data controller, processes them in accordance with the following principles:
• “lawfulness, fairness and transparency”,
• “purpose limitation”,
• “data minimization”,
• “storage limitation”,
• “integrity and confidentiality”.
Corleonis processes personal data based on the relevant provisions of law, i.e. art. 6 sec. 1 GDPR, that is:
• when processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject before concluding the contract;
• when processing is necessary to fulfill the legal obligation incumbent on the administrator;
• when processing is necessary to protect the vital interests of the data subject or another natural person;
• when processing is necessary for the purposes of legitimate interests pursued by the administrator or by a third party, except for situations where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data .
When browsing our website, one or more cookies may be saved on the user’s computer (terminal device), depending on the configuration of the browser.
Before giving consent, cookies necessary for the proper functioning of the website are saved on the user’s computer.
Cookies may be placed by Corleonis as well as third parties with whom Corleonis cooperates. Please read the information about cookies and how they are used.
II. Information about the collected data
In order to use some of the functionalities offered by our website, you will need to register. During registration, we ask users for the login and password they will use on our website. You will also be asked to consent to the processing of your personal data by Corleonis.
III. Personal data administrator
The administrator of personal data is: Corleonis S.A. st. Kazimierska 150, 84-230 Rumia, NIP: 588-215-80-64, entered into the National Court Register kept by the District Court Gdańsk-Północ in Gdańsk, 8th Commercial Division of the National Court Register under KRS number 0000957206
The Administrator has not appointed a Data Protection Officer, however, regarding your personal data, you can contact us at the following e-mail address: firstname.lastname@example.org or in writing to the address of the Administrator’s registered office.
IV. Purpose and basis for processing personal data
Personal data obtained in connection with the use of the website will be processed by Corleonis for the following purposes:
• in order to take actions aimed at concluding a contract, such as submitting an offer, correspondence regarding agreeing the terms of the contract, etc. – pursuant to Art. 6 para. 1 lit. b GDPR;
• for the purpose of implementing the concluded contract – pursuant to Art. 6 para. 1 lit. b GDPR;
• in order to fulfill the legal obligations incumbent on the Administrator, in particular in the field of settlements resulting from tax law, the Accounting Act – pursuant to Art. 6 para. 1 lit. c GDPR;
• to send you personalized commercial information regarding products and related services or to provide the “Newsletter” service, if you have consented to it – pursuant to Art. 6 para. 1 lit. and the GDPR
• to the extent necessary for the purposes of the legitimate interests pursued by the Administrator – pursuant to Art. 6 para. 1 lit. f GDPR, in particular:
• to market own products and services;
• for fraud prevention purposes;
• to ensure network and information security;
• to establish, pursue or defend against claims;
• to measure customer satisfaction;
• for archival purposes.
V. Who will have access to personal data
The recipients of personal data will be entities authorized to obtain personal data, in particular entities participating in the implementation of the contract, such as courier companies and postal services, entities conducting payment activities (banks, institutions providing payment and settlement services), as well as accounting offices, entities providing legal services to the administrator, public administration bodies to the extent specified by applicable law, financial institutions to the extent related to providing services to the administrator, entities providing consulting or auditing services.
Your personal data may also be transferred to a third country or an international organization based on appropriate legal safeguards, which are standard contractual clauses for the protection of personal data approved by the European Commission. This may be mainly due to:
• activities undertaken on social networking sites and the use of plug-ins and other tools from these sites (including Facebook, Twitter, Google+);
• use of analytical tools and tools for anonymous tracking of user behavior, in particular such as Google Analytics, Gemius Traffic, Chartbeat;
• using advertising platforms to raise funds for the maintenance of websites (in particular: Google adsense).
VI. How long will the data be stored
Personal data will be stored for the period of cooperation or use of the Account, provided that the service has been activated, and after its completion, at least for the period specified by the law on public and legal settlements, but not shorter than until the final settlement or limitation of any claims arising from mutual cooperation , and in the event of a dispute, until its final conclusion, by which we also mean the effective conclusion of enforcement proceedings. In the case of processing personal data based on art. 6 sec. 1 lit. a or f GDPR, subject to the provisions of the GDPR, respectively, until you withdraw your consent or object to such processing.
VII. What are the rights of users in connection with the collected data
In accordance with the provisions of the GDPR, subject to the relevant provisions, each user has the right to:
• request access to personal data concerning him/her;
• correction of data;
• demands to supplement incomplete personal data, including by submitting an additional statement;
• deletion of data or limitation of processing;
• object to further processing of your personal data;
• transfer your personal data.
The user has the right to withdraw his consent at any time. Withdrawal of consent does not affect the lawfulness of data processing, which was made on the basis of consent before its withdrawal.
By processing the data that is collected using cookies, Corleonis in most cases are not able to identify the user. Therefore, if the user would like to exercise his rights, he may be asked to provide additional information for identification.
In case of doubts as to the correctness of personal data processing by Corleonis, you have the right to lodge a complaint with the supervisory authority.
VIII. What if the data is not provided
Providing data is voluntary or may be a prerequisite for concluding a contract (e.g. creating an account on the website) or providing services. Without providing them, the contract cannot be concluded.
Rumia, September 30, 2022