DS-PL

PRIVACY POLICY AND COOKIES POLICY

§1

DEFINITIONS

Administrator – DSPL Sp. z o.o., ul. Grzybowska 87, 00-844 Warsaw, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under KRS number 0000929681, with REGON number 520320009, with NIP number 5272976060, e-mail info@ds-pl.com.
Personal data – information about an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, by one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected through cookies and other similar technology.
RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
Policy – this Privacy and Cookies Policy.
User – any natural person visiting the Website or using one or more of the services or functionalities described in this Policy, as well as any natural person whose personal data is processed by the Administrator, e.g. visiting the Administrator’s premises or sending an e-mail enquiry to the Administrator.
Service – the website operated by the Administrator at http://ds-pl.com/.

§2

INTRODUCTION

The Privacy Policy applies to the Website, the service referring to information on the Website, as well as to data provided through them, by phone, e-mail or in person at the Administrator’s premises. When leaving the Administrator’s website, the User enters an area in which this Policy does not apply. The Administrator is not responsible for the privacy policy rules applicable to websites operated by other entities.

In connection with the Administrator’s business activities and the User’s use of the Website, the Administrator collects data to the extent necessary to provide the individual services offered, as well as information about the User’s activity on the Website. The detailed principles and purposes of the processing of Personal Data are described below.

§3

DATA CONTROLLER AND DATA PROTECTION OFFICER

The Administrator of the personal data is DSPL Ltd., which can be contacted by writing to the correspondence address indicated above or to the e-mail address: info@ds-pl.com (hereinafter referred to as the Administrator).

The Administrator has appointed a Data Protection Officer in the person of Nina Zacharska, who can be contacted on any matter concerning the processing of personal data by writing to the Administrator’s postal address marked “IOD” or by e-mail: iod@dspl.pl.

§4

LEGAL BASIS , PURPOSE AND DURATION OF THE PROCESSING OF PERSONAL DATA, VOLUNTARY PROVISION OF DATA

The Administrator processes Users’ personal data for the following purposes, based on the legal bases indicated below:

Reply to an enquiry related to our activities

If you contact us by email, call us or via contact forms to arrange a presentation, meeting, get more information about our offer, we process your personal data on the basis of the controller’s legitimate interest from Article 6(1)(f) of the RODO, which we consider to be answering an enquiry, maintaining a conversation, providing information. We keep the data processed for contact purposes for the time necessary to complete the contact/answer questions/send the requested material and then until the end of the calendar year following the year in which the matter was resolved or the contact ended. We retain correspondence for such a period of time for the purposes of evidence, securing or defending against claims, which is our legitimate interest as referred to in Article 6(1)(f) of the DPA.

The provision of data is voluntary, however, failure to do so will result in us not being able to fulfil the purposes of responding to your enquiry, etc.

Conclusion and performance of a contract in connection with our business/processing of personal data of contractors/customers, representatives of contractors/customers

If you are our client or customer and enter into a contract with us, we process the personal data necessary for this purpose in order to conclude and perform this contract, in which case the legal basis is Article 6(1)(b) RODO. In addition, we process contract-related personal data for tax and accounting purposes, in which case the legal basis is Article 6(1)(c) RODO in conjunction with the Accounting Act of 29 September 1994, the Tax Ordinance Act of 29 August 1997 and the Value Added Tax Act of 11 March 2004. If you are a representative or contact person acting on behalf of our client or customer, we process your personal data for the purpose of business contact, which is our legitimate interest (Art. 6(1)(f) RODO). Business contact for us is all correspondence (electronic, paper), as well as telephone contact regarding the concluded cooperation and the performed service, in particular: making arrangements, arranging business meetings, answering questions, directing information from our side.

Personal data obtained for accounting and tax purposes will be processed for 5 years calculated from the end of the financial year in which the accounting document was issued. Data processed for contact purposes will be retained for the time necessary to fulfil the contact and then until the end of the calendar year following the year in which the contract was terminated, unless there are circumstances that require us to process the data for longer, such as a dispute between the contracting parties. Data necessary for the performance of the contract/resolution of the complaint are processed for the time necessary for the performance of the contract and thereafter until the statute of limitations for mutual claims that may arise from the conclusion of the contract.

The provision of the aforementioned personal data is necessary for the conclusion and execution of the contract. Failure to provide data will result in us being unable to either fulfil the contract or contact you. The provision of data processed for tax and accounting purposes is mandatory, as otherwise we will not be able to fulfil our legal obligations.

Correspondence by form from the website, by e-mail and by post and telephone contact

We process the data for the purposes of maintaining ongoing contact, conducting discussions, responding to sent requests for information, providing information – on the basis of Article 6(1)(f) RODO – which is to be understood as the fulfilment of the Administrator’s legitimate interest.

We keep the data processed for contact purposes for the time necessary to complete the contact/respond to enquiries/send the requested material and then until the end of the calendar year following the year in which the matter was resolved or the contact ended. We retain correspondence for such a period of time for the purposes of evidence, securing or defending against claims, which is our legitimate interest as referred to in Article 6(1)(f) of the DPA.

The provision of personal data for the aforementioned purposes is entirely voluntary. Failure to provide data will prevent us from making ongoing contact and responding to your enquiry.

Data collection within business contacts

In connection with its business activities, the Administrator collects personal data, e.g. during business meetings or through the exchange of business cards, via LinkedIn, GoldenLine, etc. – for the purposes of initiating and maintaining business contacts. Such personal data is processed in order to fulfil the legitimate interest of the Administrator and its contractor from Article 6(1)(f) of the RODO, consisting of networking in connection with business activities. We process the data for the duration of the Administrator’s legitimate interest, unless you object to the processing beforehand.

The provision of personal data for the aforementioned purposes is entirely voluntary. Failure to provide data will prevent us from making ongoing contact.

Handling of complaints

We will process the personal data processed in connection with the complaint submitted on the basis of Article 6(1)(f) RODO, which is the fulfilment of our legitimate interest to duly process and handle claims. If special category personal data is provided in the complaint then we will process this data on the basis of Article 9(2)(f) RODO. We will process this data until the complaint has been processed and for the time necessary after the complaint process for evidential purposes.

The provision of data is necessary for the complaint process. Failure to provide data will prevent us from processing the complaint.

Sending commercial/marketing information

In the case of consent to receive marketing/commercial information from the Administrator by e-mail and/or telephone, personal data shall be processed in order to provide the aforementioned information.The legal basis for the processing of personal data is consent under Article 6(1)(a) of the RODO in connection with Article 10 of the Act on Providing Services by Electronic Means and Article 172 et seq. of the Telecommunications Act in respect of certain forms of contact and the legitimate interest of the Administrator under Article 6(1)(f) of the RODO in connection with direct marketing. If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, to the extent that the processing is related to such direct marketing. We process data processed on the basis of consent until the consent is withdrawn. You can withdraw your consent at any time by writing to the e-mail address indicated in § 3 above. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. We process data related to the aforementioned purpose until you object to the processing or withdraw your consent referred to above.

Provision of data is voluntary, failure to provide data will prevent us from sending marketing messages, leading to a lack of knowledge of our latest offers, promotions, marketing campaigns.

Sending a newsletter

With regard to newsletter subscribers, we process data on the basis of Article 6(1)(a) of the RODO (consent of the data subject) in conjunction with Article 10 of the Act on the provision of electronic services in order to send commercial information related to the Administrator’s activities by electronic means. We process the data until the consent is withdrawn. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal

The provision of data is entirely voluntary. Failure to provide data will prevent us from sending you the newsletter and you from learning more about our business activities.

Defence of claims

When the need arises, we may process personal data for the purposes of investigating, establishing claims or defending against claims – on the basis of Article 6(1)(f) of the RODO – which is to be understood as the realisation of the controller’s legitimate interest in asserting its pecuniary or non-pecuniary rights or protecting against claims directed against the controller – until the expiry of the limitation periods for possible claims, and, in the case of the initiation of proceedings, until their final conclusion.

The provision of data is necessary, failure to provide data will prevent us from pursuing our legitimate interest.

Cookies

We process personal data obtained as a result of the functioning of the cookie on the basis of the controller’s legitimate interest under Article 6(1)(f) of the RODO, which we consider to be the need to receive our website, the desire to display the website correctly to the user, or to control the number of people who visit the website. We process data on the basis of the legitimate interest of the controller in connection with which you have the right to object to the processing of your personal data, about which more in § 7 of the Privacy Policy (here also more information on other rights) and/or to contact our Data Protection Officer at the email address indicated in § 3 of the Privacy Policy. We process your data for the duration of the legitimate interest of the controller, but no longer than until you object to the processing. The provision of data is fully voluntary, failure to provide data will not result in negative consequences.

At the start of your visit to our website, you are asked whether you consent to the installation of cookies on your device under Article 173 of the Telecommunications Act, other than those necessary for the operation of the website. You can withdraw your consent at any time without affecting the processing of your data which took place before your withdrawal. In order to exercise your rights, please contact our Data Protection Officer at the e-mail address indicated in § 3 of the Privacy Policy. The provision of data is entirely voluntary, failure to provide data will not result in negative consequences.

Fulfilment of legal obligations, including obligations under the RODO

We are obliged to comply with the obligations indicated in the RODO, i.e., among other things, the creation of records and registers related to the RODO. We process your personal data in this case on the basis of Article 6(1)(c) of the RODO in connection with a legal obligation incumbent upon us and Article 6(1)(f) of the RODO, i.e. on the basis of a legitimate interest of the controller.

§5

DATA SOURCES

We collect data directly from you if you call or correspond with us by email or post, or leave it in another form (e.g. a handed business card, a completed form, an online shop purchase). We may also obtain your data from companies we work with who identify you as a representative or appropriate contact person. The data we receive in this case is your business contact details, or those contained in a power of attorney or an extract from the National Court Register if you are a representative.

§6

RECIPIENTS OF THE DATA

We will transfer your personal data to processors under contract with us and only in accordance with our instructions, i.e.

to parties involved in the order handling process (e.g. courier companies, payment system operators),
to an accounting firm for accounting and settlement purposes of a concluded cooperation agreement,
a law firm if this is necessary in order to defend our claims,
to companies providing hosting, provision or maintenance of IT systems on our behalf, to companies providing data protection services,

In addition, we will transfer personal data to the relevant state and/or public institutions if necessary in order to comply with legal obligations.

Recipients of the data may also be entities authorised by law. We use Microsoft services (e.g. email), but the data is processed by servers located in the EEA and we do not generally transfer data outside the EEA.

§7

DATA SUBJECTS’ RIGHTS

In relation to the processing of personal data, the User has the following rights:

a) The right of access to your personal data (Article 15 RODO), including obtaining a copy of your data (Article 15(3) RODO),

b) The right to rectify (amend) or complete incomplete personal data (Article 16 RODO),

c) The right to request the erasure of personal data in cases provided for by law (Article 17 RODO),

d) The right to request the restriction of the processing of personal data (Article 18 RODO),

e) The right to receive your data in a structured commonly used format and to have it transferred, where the processing is based on consent or a concluded contract, and where the processing is carried out by automated means (Article 20 RODO),

f) The right to object to the processing of your data on grounds relating to your particular situation – in cases where we process your data on the basis of our legitimate interests, including profiling your data. The data subject has the right to object at any time on grounds relating to their particular situation. The controller shall no longer be allowed to process these personal data unless the controller can demonstrate the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, assertion or defence of claims. If personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing. The controller will delete the data immediately.

g) in cases where the processing of data is based on the consent given, you have the right to revoke the consents given at any time, but without affecting the lawfulness of the processing carried out on the basis of these consents before their revocation. Consent may be withdrawn at any time by email to the address indicated in § 4.

h) in cases where it is considered that the processing of personal data violates the provisions of the RODO, the User has the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection, based in Warsaw.

The above rights may be exercised by sending the relevant request by e-mail or by post to the Administrator’s registered office address specified in § 4 of the Policy.

§8

TRANSFER OF DATA OUTSIDE THE EEA, PROFILING, AUTOMATED DECISION-MAKING

As a general rule, the Company does not transfer data outside the European Economic Area (hereinafter EEA). However, when using the Company’s Microsoft Office software and subcontractors, there may be situations where the Company agrees to transfer personal data outside the EEA only when necessary and with an appropriate level of protection, primarily by:

a) cooperation with processors of personal data in countries for which a relevant European Commission decision has been issued;

b) the use of standard contractual clauses issued by the European Commission;

c) the application of binding corporate rules approved by the competent supervisory authority;

§9

COOKIES

Cookies are small files sent by a web server to the User’s browser and stored on the User’s computer. Cookies help the Administrator analyse web traffic and recognise which part of the website has been visited. Cookies do not in any way allow the Administrator to access the User’s computer or information about the Users, except for information about how the website was used and personal data that the Users provide automatically due to browser settings.
Normally, your web browsing software (web browser) allows by default the storage of cookies necessary for the functioning of the website on your terminal device.
Using your browser settings, you can change your settings in this respect at any time (e.g. delete cookies or block their future use). Below you will find information on which cookies are considered essential and others which we will ask you to allow on your computer. By configuring your browser settings accordingly, you can also refuse to accept cookies. However, this may mean that you will not be able to use all the features of the Website.
Types of cookies:a. Necessary cookies: This type of cookie is essential to the functioning of the website and cannot be disabled on our systems. Necessary cookies are usually used in response to actions you take, such as setting privacy options, logging in or filling in forms. You can change your browser settings to block them, but the website will then not function properly. b. Analytical cookies: These types of cookies allow us to measure the number of visits and collect information about traffic sources so that we can improve the performance of our website. They also help us find out which pages are most popular or how visitors navigate our site. If you block this type of cookie we will not be able to collect information about the use of the site and we will not be able to monitor the performance of the site. c. Functional cookies: This type of cookie helps us to improve the effectiveness of our marketing activities and to adapt them to your needs and preferences, e.g. by remembering any choices you make on the pages.d. Advertising cookies: In order to promote certain services, articles or events, we may use advertisements that appear on other websites. This type of cookie is used to make advertising messages more relevant and tailored to your preferences. Cookies also prevent the same advertisements from appearing again. e. Session cookies: These are temporary information stored in the browser’s memory until the browser session ends, i.e. until the browser is closed. These cookies are mandatory for certain applications or functionalities to work correctly.f. Permanent cookies: These make it easier to use frequently visited pages (e.g. ensure optimal navigation, content layout, etc.). This information remains in your browser’s memory for an extended period of time. The length of time depends on the choice you can make in your browser settings. This type of cookie allows information to be transmitted to the server each time a page is visited.
Below are the types of cookies and a range of necessary information about them:

Name of cookies	Type	Validity	Data collected	Purpose of processing
Google
_ga_*	Analytical	1 year	service hits	for storing and counting page views.
_ga	Analytical	1 year	Contains a unique identifier used by Google Analytics	to determine whether two different hits belong to the same user during a browsing session.
LinkedIn
lidc	functional	1 day	n/a	Choosing the right data centre
li_gc	Functional	6 months	Consent to cookies	Gathering consent
bcookie	analytical	1 year	Device identifier	Sharing material via social media
ln_or	analytical	1 day	n/a	Verification whether it is possible to use the Orbi analitycs application
li_sugr	marketing	3 months	Unique User ID	User matching outside the Designated Countries
UserMatchHistory	marketing	1 month	Unique User ID	whether two different hits belong to the same user during a browsing session.
AnalyticsSyncHistory	marketing	1 month	n/a	stores information about the time when synchronisation with the lms_analytics cookie took place for users in Designated Countries
bscookie	marketing	1 year	n/a	It is used to track the use of embedded services.
Yandex
_ym_d	functional	1 year	Date of first visit	Noting the date of your first visit to the Service
_ym_isad	Functional	20 hours	n/a	Ensuring functionality on the following pages
yandexuid	analytical	1 year	How to visit the site	Analysis of the functioning of the Service
_ym_visorc	analytical	30 minutes	Browser ID	Tracking user traffic on the Website
_ym_uid	marketing	1 year	Browser ID	Distinguishing visitors
ymex	marketing	1 year	Records visitor behaviour data	This is used for internal analysis and optimisation of the website.
yabs-sid	marketing	session	Records visitor behaviour data	Recording of User behaviour on the Website
yuidss	marketing	1 year	Browser ID	User identification
_ym_retryReqs	marketing	session	Contains requests that the counter could not send to the server	Contains requests that the counter could not send to the server
sync_cookie_csrf	other	10 minutes	Used in connection with the synchronisation between the website and a third party data management platform. A cookie is used to monitor this process for security reasons.	Used in connection with the synchronisation between the website and a third party data management platform. A cookie is used to monitor this process for security reasons.
i		10 years
_ym89203108_lsid		session
_ym89203108:0_reqNum		session
_ym92368610:0_reqNum		session
_ym_wv2rf:89203108:0		session
_ym_wv2rf:92368610:0		session
_ym_synced		session
_ym92368610_lsid		session
__ym_tab_guid		session

§10

SECURITY OF PERSONAL DATA

The Controller shall ensure the security of personal data against unauthorised disclosure to unauthorised persons, acquisition of data by unauthorised persons, destruction, loss, damage or alteration, and processing of personal data in a manner incompatible with the provisions of the RODO.

The controller shall take technical and organisational measures to safeguard the personal data entrusted to it which meet the requirements of the RODO, in particular the measures listed in Article 24 and Article 32 of the RODO, ensuring confidentiality, integrity and availability of the processing services for the personal data provided.

§11

AUTOMATED DECISION-MAKING AND PROFILING

Your data may be processed by the Controller by automated means, including profiling. However, decisions concerning an individual person related to this processing will not be automated.

§12

FINAL PROVISIONS

To the extent not covered by this Policy, EU and national data protection legislation applies. Date of last update of the Policy: 08 September 2023.