- Controller – Intermarum Spółka z ograniczoną odpowiedzialnością, z siedzibą w Opolu (45-840) przy ul. Bronicza 3, KRS: 400030, REGON: 160378361, NIPP: 7543028319
- Personal data – any information about an individual identified or identifiable by one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural, or social identity, including the IP of the device, location data, Internet ID, and information collected through cookies and other similar technology.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Site – the website provided by the Controll at www.intermarum.com
- User – any natural person that uses the Site
Personal data processing during site usage
In connection with the use of the Site by the User, the Controller collects data to the extent necessary to provide particular services offered, as well as information about the User's activity on the Site. Below are described detailed rules and purposes of processing Personal Data collected during the use of the Site by the User.
Purposes and legal basis of personal data processing
The use of the Site
Personal data of all persons using the Site (including IP address or other identifiers and information collected through cookies or other similar technologies) [link to cookies], are processed by the Controller:
- in order to provide services electronically in the scope of the content collected on the Site made available to the Users - then the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) of the GDPR);
- for analytical and statistical purposes - then the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyses of Users' activity, as well as their preferences in order to improve the applied functionalities and provided services;
- in order to possibly establish and assert claims or defend against claims - the legal basis for the processing is the Controller’s legitimate interest (Art. 6.1.f GDR), consisting in protecting his rights;
- for the Controller's and other entities' marketing purposes, in particular those related to the presentation of behavioural advertising - the principles of processing Personal Data for marketing purposes are described in the MARKETING section.
The Controller allows to contact him using electronic contact forms. The use of the form requires providing personal data necessary to establish contact with the User and to answer the request. The User may also provide other data in order to facilitate contact or handling the inquiry. Providing data marked as obligatory is required in order to accept and handle the inquiry, and failure to provide such data results in the lack of possibility to handle the inquiry. Providing other data is voluntary.
Personal data is being processed:
- in order to identify the sender and process his inquiry sent by the form provided - the legal basis for the processing is the necessity of the processing for the performance of the service contract (Article 6(1)(b) of the GDPR); with regard to the data provided on an optional basis, the legal basis for the processing is consent (Article 6(1)(a) of the GDPR);
- for analytical and statistical purposes - the legal basis is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in keeping statistics of inquiries submitted by the Users through the Site in order to improve its functionality.
The controller process the personal data for marketing purposes such as:
- displaying to the User marketing content that is not adjusted to his/her preferences (contextual advertising);
- displaying to the User marketing content corresponding to his or her interests (behavioural advertising);
- sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service);
- conducting other activities related to direct marketing of goods and services (sending commercial information electronically and telemarketing activities).
In order to carry out marketing activities the Controller in some cases uses profiling. This means that thanks to automatic data processing, the Controller evaluates selected factors concerning the Users in order to analyse their behaviour or create a forecast for the future. This allows for better adjustment of the displayed content to individual preferences and interests of the User.
The Controller processes the Users' Personal Data for marketing purposes in connection with directing contextual advertising to the Users (i.e. advertising which is not adjusted to the User's preferences). The processing of Personal Data is then carried out in connection with the realization of the Controller's legitimate interest (Art. 6.1.f of GDPR).
The Controller and his trusted partners process Users' Personal Data, including Personal Data collected through cookies and other similar technologies, for marketing purposes in connection with directing behavioural advertising (i.e. advertising that is tailored to the User's preferences) to Users. The processing of Personal Data then includes profiling of the Users.
The list of Controller's trusted partners is here [hyperlink to the list of partners].
The Controller provides the newsletter service on the terms specified in the regulations to persons who have provided their e-mail address for this purpose. Providing the data is required in order to provide the newsletter service, and not providing it results in the impossibility of sending it. This form of communication with the User may include profiling.
Personal data is being processed:
- in order to provide the newsletter dispatch service - the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) of the GDPR);
- in the case of sending marketing content within the framework of the newsletter to the User - the legal basis for the processing, including the use of profiling, is the legally justified interest of the Controller (Article 6.1.f GDPR) in connection with the consent to receive the newsletter;
- for analytical and statistical purposes - the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyses of Users' activity on the Site in order to improve the functionalities used;
- in order to possibly establish and pursue claims or defend against claims - the legal basis for processing is the Controller's legally justified interest (Article 6(1)(f) of the GDPR), consisting in protecting his rights.
The Controller processes Personal Data of Users visiting the Controller's social media profiles (Facebook, YouTube, Instagram, Twitter). This data is processed only in connection with the profile management, including the purpose of informing Users about the Controller's activities and promoting various events, services and products. The legal basis for the Controller's processing of Personal Data for this purpose is his legitimate interest (Article 6(1)(f) of the TCO), consisting in promoting his own brand.
The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, the data are processed for the duration of the service provision - access to the Site.
Data subject’s rights
The user has the right to access to the data and to demand its correction, deletion, restriction of processing, the right to transfer the data and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory body dealing with the protection of personal data.
To the extent that the User's data are processed on the basis of consent, this consent may be withdrawn at any time.
The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the legally justified interest of the Controller, as well as - for reasons related to the specific situation of the User - in other cases where the legal basis of data processing is the legally justified interest of the Controller (e.g. in connection with the realisation of analytical and statistical purposes).
Recipients of the data
In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, analytical tools and entities related to the Controller, including companies from its capital group.
If the User's consent is obtained, his or her data may also be made available to other entities for their own purposes, including marketing purposes.
The Controller reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
Data transfer outside European economic area
The level of protection of personal data outside the European Economic Area (EEA) is different from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, in particular through:
- cooperation with the entities processing personal data in the countries in respect of which a decision of the European Commission has been issued on whether an adequate level of protection of personal data is ensured;
- the use of standard contractual clauses issued by the European Commission;
The controller shall carry out an ongoing risk analysis to ensure that personal data are processed in a secure manner - ensuring in particular that only authorised persons have access to the data and only to the extent that this is necessary for the performance of their tasks. The Controller shall ensure that all operations on Personal Data are recorded and performed only by authorized employees and associates.
The Controller shall take all necessary steps to ensure that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process Personal Data on the Controller's order.
The contact with the Controller is possible via e-mail address email@example.com or the mailing address.