§ 1

GENERAL PROVISIONS

1. The controller of personal data collected through the website www.tsc.com.pl is TSC Spółka z ograniczoną odpowiedzialnością, entered in the register of entrepreneurs by the District Court for the Capital City of Warsaw in Warsaw, 13^th Economic Division of the National Court Register under KRS no. 0000121437, place of business and service address: ul. Puławska 303, 02-785 Warszawa, VAT no. 5222508977, REGON no. 016203311, BDO: 000013145, hereinafter referred to as the ‘Controller’.

2. The Controller has appointed an Inspector for the Protection of Personal Data who can be contacted via e-mail at: iod@tsc.com.pl - Agnieszka Radtke, Inspector for the Protection of Personal Data.

3. Personal data collected by the Controller through the website is processed according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as ‘GDPR’.

§ 2

TYPE OF PROCESSED PERSONAL DATA, PURPOSE AND SCOPE OF DATA COLLECTION

1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data through the website www.tsc.com.pl if the user uses the contact form. Personal data is processed as a justified interest of an entrepreneur based on article 6, clause 1, letter f) of GDPR.
   
2. TYPE OF PROCESSED PERSONAL DATA. Through the contact form, the user enters:
   
   1. full name,
      
   2. full name,
   3. phone number.
3. PERSONAL DATA ARCHIVING PERIOD. Personal data of users are kept by the Controller:

   1. when the basis for data processing is performance of a contract, for such a long period as necessary to perform the contract and thereafter for a period corresponding to a limitation period for claims. Unless otherwise stipulated by a specific regulation, the limitation period is six years, and for claims for periodical benefits and claims relating to the running of business activity – three years;

   2. when the basis for data processing is consent for as long as it is not revoked, and after such revocation for a period corresponding to a limit period for claims the Controller may assert and which may be asserted against it. Unless otherwise stipulated by a specific regulation, the limitation period is six years, and for claims for periodical benefits and claims relating to the running of business activity – three years.
      

4. When using the website, additional information may be collected, in particular: IP address assigned to the user’s computer or external IP address of the Internet service provider, domain name, type of a browser, access time, type of an operating system.

5. Furthermore, navigation data may be collected from users, including information on links they decide to click or other actions taken on the website. The legal basis for such activity is a legally justified interest of the Controller (article 6, clause 1, letter f) of GDPR) to facilitate the use of services provided in an electronic way and to improve the functionality of such services.

6. Submission of personal data by the user is voluntary.
7. The Controller uses its best efforts to protect interests of a data subject and, in particular, ensures that data collected by it is:
   
   1. processed in accordance with the law,
   2. collected for designated purposes compliant with the law and not further processed in a way inconsistent with such purposes,
   3. substantially correct and adequate with regard to purposes for which it is processed and stored in a form enabling identification of data subjects for no longer than required to achieve the purpose of processing.

§ 3

MAKING PERSONAL DATA AVAILABLE

1. Personal data of users are made available to providers of services used by the Controller when running the website. Service providers to whom personal data is made available, depending on contractual arrangements and circumstances, either follow instructions of the Controller regarding the purpose and way of data processing (processors) or determine purposes and ways of processing (controllers) on their own.
2. Personal data of users is kept within the European Economic Area (EEA) only.

§ 4

RIGHT OF CONTROL, ACCESS TO THE CONTENT OF OWN DATA AND RECTIFICATION OF THE SAME

1. A data subject has a right of access to the content of his/her own personal data and a right to rectify, remove, restrict the processing of and transfer data, a right to object, withdraw consent any time without affecting compliance with the processing right which was exercised on the basis of consent before its withdrawal.
2. Legal bases of a user’s demand :
   1. Access to data – article 15 of GDPR.
   2. Rectification of data – article 16 of GDPR .
   3. Removal of data (so-called ‘right to be forgotten’) – article 17 of GDPR.
   4. Restriction of processing – article 18 of GDPR .
   5. Portability – article 20 of GDPR.
   6. Object – article 21 of GDPR.
   7. Withdrawal of consent – article 7, clause 3 of GDPR.
3. In order to exercise rights referred to under section 2 above, an appropriate email message can be sent to the following address: iod@tsc.com.pl.
   
4. When a user intends to exercise a power resulting from the above rights, the Controller will fulfil the request or refuse to fulfil it immediately, however, not later than within one month of receipt of such request. If, due to the complex nature of the request or the number of requests, the Controller is not capable of fulfilling the request within one month, it will fulfil it within the next two months informing the user about the intended prolongation of the date and reasons for the same within a month of receipt of the request.
5. If the processing of personal data is found to infringe GDPR, a data subject may lodge a complaint with the President of the Personal Data Protection Office.

§ 5

COOKIES

1. The Controller’s website uses ‘cookies’.
2. Installation of ‘cookies’ is necessary for proper provision of services at the website. ‘Cookies’ contain information required for the website to function properly and also provide the opportunity to produce general website viewing statistics.
   
3. As part of the website, two types of ‘cookies’ are used: session and persistent ones
   1. ‘Session cookies’ are temporary files stored in a user’s end device until logging out (leaving the website).
   2. ‘Persistent cookies’ are stored in a user’s end device for a period defined in ‘cookies’ parameters or until they are removed by the user.
4. The Controller uses its own cookies to better understand the way of interaction of the user in terms of the website content. Files collect information on the way the website is used by the user, the type of a website from which the user was redirected, the number of views and time spent at the website. This information does not record specific personal data of the user, but is used to produce website use statistics.
5. The user is entitled to decide about the access of ‘cookies’ to his/her computer by preselecting them in the browser window. Detailed information on the possibility and methods of handling ‘cookies’ is available in software settings (of a web browser).

§ 6

FINAL PROVISIONS

1. The Controller uses technical and organisational means to ensure protection of processed personal data suitable for hazards and a category of data covered by such protection and, in particular, protects data from making it available to unauthorised persons, being possessed by an unauthorised person, processing it in a way inconsistent with applicable regulations and from modifications, loss, damage or destruction of the same.
2. The Controller provides proper technical measures to prevent collection and modification of personal data sent electronically by unauthorised persons. To matters not stipulated hereby, proper regulations of GDPR and other relevant provisions of the Polish law apply.