The General Data Protection Regulation shall enter into force on 25 May 2018. This Regulation applies to each company or institution in the European Union that collects and processes personal data. Therefore, we would like to inform you that:
1. The Controller is HORIZON SPORT Sp. z o.o. with headquarters at ul. Wapienicka 6, in Bielsko-Biała (postal code: 43-382), e-mail address: factory@nobilesports.com, tel. +48 33 822 42 41
2. The purpose of data collection:
• compliance with legal obligations, transactions and commercial contracts (basis: Article 6 paragraph 1 (c) ofthe GDPR)
• sending a newsletter (basis: the consent of the person)
• sending commercial offers by Nobile Sports Sp. z o.o. (basis: the consent and Article 6 paragraph 1 (a) of theGDPR and Article 10 paragraph 2 of the Act on the provision of electronic services)
• product registration (basis: the consent of the person)
3. You have the right of access to the content of the data and to rectify, delete or restrict the processing, eras epro file data, transfer, as well as the right to object, request the cessation of processing and data transfer, as wellas the right to withdraw consent at any time and the right to bring an action to the supervisory body President ofthe Office for Personal Data Protection.
4. Data we process:
• Name or company name (if provided)
• Home or office address or other workplace addresses (if provided)
• General e-mail address (if provided)
• Details of contact person (if provided)
• Birthdate (art.8 Regulation of the European Parliament)
• Bank account number (if provided)
• List of business opportunities (if applicable)
• Sex (if provided)
• IP address
• Phone number (if provided)
• Marketing data (consents to send commercial information)
5. In connection with the processing of your personal data for the purposes indicated in point II, your personal data may made available to the following recipients or categories of recipients: public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for purposes that result from legal provisions, e.g. police, court, prosecutor’s office, Tax Office, court enforcement officer.
6. For the purpose indicated in point II, the Controller uses only the servi ces of processors, with whom i t hasconcluded appropriate agreements for entrusting or with entities that provide a sufficient guarantee of theimplementation of appropriate technical and organisational measures. Those are: courier companies, hostingcompanies, banking institutions (payment systems), IT, accounting and legal services companies.Those can also be third-country or international organisations, such as Google, Facebook, Amazon Web Services, FullContact.it. The Controller does not sell personal data to third parties.
7. Data provided by you may be subject to profiling. Due to the care of your personal data, the purpose of p rofilingis to match the best offer in a non-automated way. We also analyse the user anonymous information to bettermatch our offer and website content to your needs. Our websites also use cookies to, for example, analyse thewebsite traffic. You can set up the settings of the storage or access to files in your browser.
8. Personal data will be processed until the withdrawal of consent to the processing. The consent may be w ithdrawnby writing to the following address: factory@nobilesports.com by contacting us by phone +48 33 822 42 41
9. Personal data obtained through commercial agreements, transactions and legal obligations shall be kept f or aperiod of at least 5 years starting from the beginning of the year following the financial year, in which operations,transactions and proceedings were finally completed, paid up, accounted for or expired – pursuant to Article 74.1of the Act on accounting and the Tax Ordinance Act of 29 August 1997 – (Journal of Laws of 2017 item 201 as amended).
Amendments to the rules and regulations
§ 2
The following points have been added:
• At any time, the customer may change the scope of consents expressed, may change and restrict the personaldata provided earlier.
• The platform complies with the rights of natural persons in accordance with the Regulation of the European Parliament and the Council 2016/679 of 27 April 2016. The customer can delete their account – be forgotten.
• When signing up or using the account, the customer may give consent to profiling. The scope of profiling is discussed in Privacy Policy
• Only person above 16 can create an account, in accordance with Article 8. Initial verification takes place duringthe creation of an account.
Privacy Policy
1. The Controller is HORIZON SPORT Sp. z o.o. with headquarters at ul. Wapienicka 6, in Bielsko-Biała (postal code: 43-382), e-mail address: factory@nobilesports.com, tel. +48 33 822 42 41
2. Respecting your rights as data subjects and respecting applicable laws, including in particular the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regardto the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (generaldata protection regulation), the act on personal data protection (hereinafter referred to as the “Act”) and other relevant provisions on the protection of personal data, we undertake to ensure security and confidentiality of personal datao btained from you. All employees have been properly trained in the processing of personal data and our company, as the Controller, has implemented appropriate safeguards and has taken technical and organisational measures to ensure the highest level of personal data protection. We have implemented personal data protection policies and procedures, in accordance with the 2016/679 Regulation, which enable us to ensure compliance with the law and fair processing, as well as the observance of your rights, as data subjects. Moreover, if necessary, we cooperate with the supervisory authority of the Republic of Poland, i.e. with the President of the Office for Personal Data Protection.
3. Data we process:
• Name or company name (if provided)
• Home or office address or other workplace addresses (if provided)
• General e-mail address (if provided)
• Details of contact person (if provided)
• Birthdate (art.8 Regulation of the European Parliament)
• Bank account number (if provided)
• List of business opportunities (if applicable)
• Sex (if provided)
• IP address
• Phone number (if provided)
• Marketing data (consents to send commercial information)
4. We use Google AdSense ads on our website. Google, as a third party service provider, uses cookies to display ads on our website. Using the DART cookies enables Google to serve ads to our users on the basis of their visit to our websites and other websites on the Internet. Users may opt out of the use of the DART cookie by going to the Google Ad and the “Network Privacy Policy” tab.
We have implemented the following solutions:
• Remarketing with Google AdSense
• Reporting impressions on the Google Display Network
• Reporting demographic data and interests
• DoubleClick platform integration
Together with third-party service providers, we use our own Cookies (such as Google Analytics cookies) and third-party cookies (e.g., DoubleClick) or other third party identifiers to compile user interaction data with ad impressions and other features of advertising services related to our website.
Opting out: Users can set preferences about how Google should serve its ads using the Google Ad settings. You may also permanently opt out by visiting the Network Advertising out-out page or by installing the Google Analytics Opt Out Browser add-on.
5. Our websites may also use Cookies to tailor the functioning to your individual needs. The data may be saved, so you can use them next time you visit our websites without the need to re-enter them. The ability to set up your web browser allows you to turn off cookies at any time by going to your browser preferences. The user is informed about their data and rights during the first contact with the site.
6. The purpose of data collection:
• compliance with legal obligations, transactions and commercial contracts (basis: Article 6 paragraph 1 (c) ofthe GDPR)
• sending a newsletter (basis: the consent of the person)
• sending commercial offers by Nobile Sports Sp. z o..o. (basis: the consent and Article 6 paragraph 1 (a) of theGDPR and Article 10 paragraph 2 of the Act on the provision of electronic services)
• product registration (basis: the consent of the person)
As a user of our Website you have the opportunity to choose whether or not, and to what extent, you want to use ourservices and share information and data about yourself in the scope defined by the content hereof.
Your personal data is processed by our company as the Controller in order to provide services to you (i.e. data subject) offered as part of our websites. In accordance with the principle of data minimisation, we process only those categories of personal data that are necessary to achieve purposes referred to in point 6.
Personal data will be processed until the withdrawal of consent to the processing. The consent may be withdrawn by writing to the following address: factory@nobilesports.com by contacting us by phone +48 33 822 42 41
Personal data obtained through commercial agreements, transactions and legal obligations shall be kept for a period of at least 5 years starting from the beginning of the year following the financial year, in which operations, transactions and proceedings were finally completed, paid up, accounted for or expired – pursuant to Article 74.1 of the Act on accounting and the Tax Ordinance Act of 29 August 1997 – (Journal of Laws of 2017 item 201 as amended). Personal data are processed for the time necessary to the fulfilment of purposes. Personal data may be processed for a period longer than 5 years, if such an entitlement or obligation imposed on the Controller results from specific provisions of law or when the service or contract we perform is continuous.
The sources of the personal data processed by the Controller are data subjects or public data.
In connection with the processing of your personal data for the purposes indicated in point 6, your personal data may be made available to the following recipients or categories of recipients: public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for purposes that result from legal provisions, e.g. police, court, prosecutor’s office, Tax Office, court enforcement officer.
For the purpose indicated in point 6, the Controller uses only the services of processors, with whom it has concluded appropriate agreements for entrusting or with entities that provide a sufficient guarantee of the implementation of appropriate technical and organisational measures. Those are: courier companies, hosting companies, banking institutions (payment systems), IT, accounting and legal services companies. They can also be third-country orinternational organisations, such as Google, Facebook, Amazon Web Services, FullContact, etc. The Controller does not sell personal data to third parties.
The disclosure of personal data to meet legal obligations, transactions and commercial contracts is a condition with outwhich you cannot, for example, place an order, conclude a contract, receive a courier parcel, etc.
Data provided by you may be subject to profiling. Due to the care of your personal data, the purpose of profiling is to match the best offer in a non-automated way. We also analyse the user anonymous information using Google tools to better match our offer and website content to your needs.
Pursuant to the provisions of the Regulation of 2016/679 of 27 April 2016, each person whose personal data we process as a Controller has the right:
a. of access to personal data referred to in Article 15 of the Regulation of 2016/679 of 27 April 2016 – providing us with personal data, you have the right to inspect and access them; this does not mean, however, that you have the right to access all documents containing your data because they may also contain confidential information, nevertheless, you have the right to know what personal data and for what purpose we process, and the right to obtain a copy of your personal data. Information provided pursuant to Articles 13 and 14 of Regulation 2016/679 of 27 April 2016, as well as communication and actions taken pursuant to Article 15-22 and 34 are provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either: a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or b) refuse to act on the request.
b. to correct, complete, update, rectify personal data referred to in Article 16 OF REGULATION 2016/679 DATED 27APRIL 2016 – if your personal data have changed, please inform us, as the Controller, about such a situation, so that the data we possess are up-to-date and accurate; also in a situation where no change to personal data has occurred, but for any reasons these data are incorrect or have been incorrectly recorded (e.g. due to typographical errors), please inform us to correct or rectify such data,
c. to erasure (right to be forgotten), referred to in Article 17 of the REGULATION 2016/679 of 27 APRIL 2016, in other words you have the right to request “deletion” of data kept by us, as the Controller, and the right to request us, as the Controller, to notify other controllers, to whom we have provided your data, to erase them. You may request to have your personal data erased, in particular if:
• the purpose, for which they have been collected has been achieved, for example, we have performed the sales agreement concluded with you,
• the processing of your personal data was solely based on consent, which was then withdrawn and there are no other legal grounds for further processing of your personal data,
• on the basis of Article 21 OF REGULATION 2016/679 OF 27 APRIL 2016, you object and you believe that there are no overriding legitimate interests for the further processing of personal data,
• your personal data have been processed unlawfully, i.e. for unlawful purposes or there are no grounds for theprocessing personal data – please remember that in such a case there must be grounds for your request,
• the need to erase your personal data results from the law,
• you are a person under the age of 13.
d. to restrict the processing referred to in Article 18 of the Regulation of 2016/679 of 27 April 2016 – you can requestour company to limit the processing of your personal data (which means that until the investigation is complete, our
company only keeps the data), if:
• you contest the accuracy of your personal data, or
• you believe that the processing is unlawful and at the same time oppose the erasure of the personal data (i.e. you do not use the right referred to in the preceding letter), or
• you object, as indicated in letter f hereof, or
• Your personal details are necessary for the establishment, exercise or defence of legal claims,
If the data was provided with the customer panel on the website, the user can make the necessary changes themselves.
e. data portability as referred to in art. 20 of the Regulation of 2016/679 of 27 April 2016 – you have the right to the right to receive the personal data concerning yourself in a computer-readable format and have the right to transmit those data in such a format to another controller; you are entitled to such a right, if the processing is based on consent or such data were processed automatically,
f. to object to the processing of personal data, as referred to in Article 21 of the Regulation of 2016/679 of 27 April 2016 – you have the right to object, if you do not agree to the processing of personal data we have so far processed for legitimate purposes and in accordance with the law,
g. not to be subject to profiling referred to in Article 22 in relation to Article 4 point 4 of the Regulation of 2016/679 of 27 April 2016 – you are not subject to automated decision making or profiling on our websites, unless you consent to that; in addition, we will always inform you about profiling in case it is about to be applied,
h. to bring an action to the supervisory authority (i.e. to the President of the Office for the Protection of Personal Data), referred to in Article 77 of the Regulation of 2016/679 of 27 April 2016 – if you consider that we are processing your personal data unlawfully or in any way infringe the rights resulting from generally applicable provisions of law in the field of personal data protection.
i. With reference to the right to erasure (right to be forgotten), please note that in accordance with the provisions ofthe Regulation of 2016/679 of 27 April 2016, you do not have the right to exercise this right if:
• the processing of your personal data is necessary to use the right to freedom of expression and information, e.g. if you have provided your details, e.g. in comments
• the processing of your data is necessary for the establishment, exercise or defence of legal claims.
• the processing of personal data is necessary for our company for compliance with its legal obligations -we can not erase your data for a period necessary to comply with obligations (e.g. tax obligations) whichare imposed on us by law,
j. At any time you can use the rights set out in the Privacy Policy and the Regulation of 2016/679 of April 27, 2016, after logging in to our website. The built-in mechanisms will allow you to delete your account and all data collected on our website. You can also send a request to the following e-mail address: factory@nobilesports.com by contacting us by phone 48 33 822 42 41
k. Each identified security breach is documented, and in the case of one of the situations specified in the provisions ofthe Regulation of 2016/679 of 27 April 2016 or the Act, the data subjects and the President of the Office for the Protection of Personal Data are notified of such a personal data breach.
l. In matters not regulated by this Privacy Policy, appropriate and commonly applied legal regulations shall apply. In the event of non-compliance of the provisions of this Privacy Policy with the above provisions, these provisions shall be applied.
m. Other information about the compliance of Sub-processors based outside the EU with the Regulation of the GDPR.
Detailed information can be found at the following web addresses:
How Google uses personal data
https://policies.google.com/technologies/partner-sites
https://privacy.google.com/businesses/controllerterms/
https://cloud.google.com/security/compliance/eu-data-protection-directive/
https://services.google.com/fh/files/misc/google_cloud_and_the_gdpr_engl…
Facebook’s privacy policy
https://web.facebook.com/privacy/explanation?_rdc=1&_rdr
Amazon Web Services Inc.
https://aws.amazon.com/compliance/eu-data-protection/
https://aws.amazon.com/compliance/gdpr-center/
FullContact Inc.
https://support.fullcontact.com/hc/en-us/articles/115004761134-Permissio…
a-F ullContact-account
Dropbox – biała księga prywatności i ochrony danych
https://aem.dropbox.com/cms/content/dam/dropbox/www/en-us/security/priva…
Sub-processor | Headquarters address | Service |
---|---|---|
Amazon Web Services Inc. | P.O. Box 81226 Seattle, WA 98108-1226 | Amazon Web Services |
Message Systems Inc. | 9130 Guilford Road Columbia Columbia, MD 21046 | SparkPost |
Vercom S.A. | ul. Baraniaka 88 61-131 Poznań | EmailLabs |
ComVision Spółka sp. z o.o. | ul. Toszecka 101 Gliwice 44-100 | SMS API |
FullContact Inc. | 1755 Blake Street Suite 450 Denver, Colorado 80202 | FullContact API |
Google Ireland Limited, Barrow Street, Dublin 4 | Cloud, API, Business, Form, itd. | |
Dropbox | Dropbox, Inc.Leg, al Department 333 Brannan Street, San Francisco, California 94107 | Secure File Sharing |
Edrone | Edrone Sp. z o.o., 31-153 Kraków, ul. Szlak 77 / 220 | eCRM |
SalesManago | Benhauer Sp. z o.o ul. Grzegórzecka 21,31-352 Kraków, NIP: 6762447754 | Marketing Automation |