Privacy
Policy
§1
GENERAL
PROVISIONS
- This document sets out the Privacy Policy
of the Mobile Photo Kiosk website operating at mobilephotokiosk.app,
operated by Pixel-Tech
Spółka Jawna Pytowski i Kubarek, based at 6A Laski Street, 41-303 Dąbrowa
Górnicza. The Company is registered in the Register of Entrepreneurs of
the National Court Register (VIII Economic Department - KRS of the
District Court Katowice-Wschód in Katowice) under KRS number: 0000358467.
Pixel-Tech Sp. J. is registered under REGON number: 240352530 and NIP
number: 6443287239. which, in particular, includes regulations on
personal data protection and security of other data entered on the Website
by the User.
- The Privacy Policy is an integral appendix
to the Terms & Conditions of the Mobile Photo Kiosk website.
§2
DEFINITIONS
Terms used
in this document mean:
- Administrator of personal data (also
referred to as the Administrator)
- Pixel-Tech Spółka
Jawna Pytowski i Kubarek, based at 6A Laski Street, 41-303 Dąbrowa
Górnicza. The company is registered in the Register of Entrepreneurs of
the National Court Register (VIII Economic Department - KRS of the
District Court Katowice-Wschód in Katowice) under KRS number: 0000358467.
Pixel-Tech Sp. J. is registered under REGON number: 240352530 and NIP
number: 6443287239.
- Service - the website at mobilephotokiosk.app and
all its sub-sites.
- User - an individual who uses the Service and
provides personal information within it.
- Personal data - information about a natural person
identified or identifiable by one or more specific factors determining
physical, physiological, genetic, mental, economic, cultural or social
identity, including image, voice recording, contact data, location data,
information contained in correspondence, information collected through
recording equipment or other similar technology.
- RODO - Regulation (EU) 2016/679 of the European
Parliament and of the Council of April 27, 2016 on the protection of
individuals with regard to the processing of personal data and on the free
movement of such data and repealing Directive 95/46/EC.
- Terms & Conditions – Terms & Conditions
of the Mobile Photo Kiosk website operating at mobilephotokiosk.app.
§3
PERSONAL
DATA PROTECTION
- The Administrator is the controller of personal data within the
meaning of the RODO.
- The Administrator collects and processes
personal data in accordance with the relevant laws, including in
particular the RODO, and in accordance with the principles provided for in
these laws.
- The Administrator informs about the
processing of data at the time of collection. The Administrator processes
data to the extent, time and purposes each time indicated in the content
provided under the forms used to collect personal data from the User.
- The Administrator transfers Personal Data
only to the Administrator's trusted subcontractors, i.e. suppliers
responsible for the operation of IT systems, entities such as banks and
payment operators, entities providing accounting services, legal services,
marketing agencies (to the extent of marketing services), entities
providing other IT and software services.
- The Administrator, at the request and with
the express consent of the User, transfers the User's personal data to a
third party with whom the User has entered into an agreement through the
Service. Personal data are transferred to the extent and for the purpose
necessary to provide the subject matter of the agreement concluded between
the User and the third party.
- The Administrator shall have the right to
transfer selected User Personal Data to competent authorities and third
parties if such necessity arises from applicable laws and when such
entities make a request for such data based on an appropriate legal basis.
- The Administrator shall ensure the security
of the processed Personal Data and its confidentiality, and shall allow
the User access to information on data processing. If, despite the
security measures in place, a breach of the protection of Personal Data
occurred (e.g., a "leak" of data or loss of data) and such a
breach could cause a high risk of infringement of the User's rights or
freedoms, the Administrator shall inform the User of such an event in a
manner consistent with the regulations.
- The user can contact the data controller.
The contact details are as follows:
Mailing
address:
Pixel-Tech
Sp. J., Laski 6A, 41-303 Dabrowa Gornicza, Poland,
Email
address:
gdpr@pixel-tech.eu
Phone
number:
+48 32 291
50 19
§4
SECURITY
OF PERSONAL DATA
- The Administrator uses all technical and
organizational possibilities available to it to ensure the security of the
User's personal data and protect it from accidental or intentional
destruction, accidental loss, modification, unauthorized disclosure or
access. Users' personal data is stored and processed on high-security
servers, with appropriate security measures, meeting the requirements of
Polish law.
- Entrusted data is stored on top-of-the-line
equipment and servers in properly secured information storage centers, to
which only authorized persons have access.
- The Administrator shall carry out personal
data processing activities in compliance with all legal and technical
requirements imposed on him by the regulations on personal data
protection. The Administrator shall analyze on an ongoing basis the risks
associated with its processing of personal data and ensure that only
authorized persons have access to the data and only to the extent
necessary to perform their duties.
- The Administrator shall take all necessary
measures to ensure that its subcontractors and other cooperating entities
also provide guarantees to apply appropriate security measures whenever
they process Personal Data on behalf of the Administrator.
- The Administrator undertakes to keep
security copies containing the User's personal data.
§5
USER
RIGHTS
- If personal information changes, the User
should update it by editing the data in the User's account.
- The user has the following rights:
- The right to information about the
processing of Personal Data,
- The right to obtain a copy of the Personal
Data that the Administrator processes,
- The right to rectify Personal Data,
- The right to erasure of Personal Data (on
this basis, you can request erasure of data, the processing of which is
no longer necessary to carry out any of the purposes for which they were
collected),
- The right to restrict the processing of
Personal Data,
- The right to portability of Personal Data,
- The right to object to the processing of
Personal Data for marketing purposes (You may object to the processing of
Personal Data for marketing purposes at any time, without having to
justify such objection),
- The right to object to other purposes of
data processing (the User may object at any time - for reasons related to
his/her particular situation - to the processing of Personal Data that is
carried out on the basis of the legitimate interests of the
Administrator; such objection requires a justification),
- The right to withdraw consent, if the
Personal Data is processed on the basis of the consent given (withdrawal
of consent does not affect the lawfulness of processing carried out
before its withdrawal),
- The right to complain to the supervisory
authority for the processing of Personal Data, which has jurisdiction
over the User's habitual residence, place of work or place where the
alleged violation was committed. In Poland, the supervisory authority is
the President of the Office for Personal Data Protection.
- The Administrator may refuse to delete the
User's personal data if the preservation of personal data is necessary due
to an obligation imposed on the Administrator by law.
- The User has the right to submit a request
for the exercise of his/her rights indicated above by letter or electronic
means (e-mail). The Administrator's contact details are indicated in § 3
section 7.
- If, based on the request referred to in
paragraph 4, the Administrator is unable to determine and identify the
natural person to whom the request pertains, it will ask the applicant for
additional information. Failure to provide additional information will
result in refusal to comply with the applicant's request.
- The Administrator shall respond to the
request within one month of its receipt. If it is necessary to extend this
period, the Administrator shall inform the requester of the reasons for it
and the expected date for responding to the request.
§6
BASIS,
PURPOSE AND STORAGE PERIOD OF PERSONAL DATA
- Personal data is processed for the
following purposes and on the following grounds:
- Use of the Service:
Personal data of all persons using the Website (including IP address or other
identifiers and information collected through cookies or other similar
technologies), are processed by the Administrator for the purpose of:
- Provision of services by electronic means
(legal basis: necessity of processing for performance of the contract -
Article 6(1)(b) RODO),
- for analytical and statistical purposes
(legal basis: consent - Article 6(1)(a) RODO),
- Establish and pursue claims or defend
against claims (legal basis: the Administrator's legitimate interest -
Article 6(1)(f) RODO, which is to protect the Administrator's rights).
- Registration on the Website, order form,
conclusion of contract:
In order to establish, operate and maintain a User Account, the User is
asked to provide the Personal Data indicated in the registration form.
Providing the data is not mandatory, but refusal to provide it results in the
inability to establish a User Account. In order to place an order on the
Website, the User is asked to provide the Personal Data indicated in the order
form. Providing the data is not mandatory, but refusal to provide it results in
the inability to place an order. The Personal Data indicated by the User is
processed by the Administrator in order to:
- Provision of services by electronic means
(legal basis: necessity of processing for performance of the contract -
Article 6(1)(b) RODO),
- for analytical and statistical purposes
(legal basis: consent - Article 6(1)(a) RODO),
- Establish and pursue claims or defend
against claims (legal basis: the Administrator's legitimate interest -
Article 6(1)(f) RODO, which is to protect the Administrator's rights).
- Newsletter, push messages and SMS/MMS
marketing service:
Users who have requested the Administrator to do so receive e-mail, push
messages, SMS or MMS messages with advertising content. Subscribing to the
Newsletter, push messages and SMS/MMS marketing services involves providing the
Administrator with the User's Personal Data. Providing the data is not
mandatory, but refusal to provide it results in the impossibility of providing
the Newsletter service, push messages and SMS/MMS marketing services. The
Personal Data indicated by the User is processed by the Administrator in order
to:
- Provision of services by electronic means
(legal basis: necessity of processing for performance of the contract -
Article 6(1)(b) RODO - in the scope of data necessary for sending
Newsletter, sending push messages, SMS and MMs, in the scope of optional
data legal basis: consent - Article 6(1)(a) RODO),
- for analytical and statistical purposes
(legal basis: consent - Article 6(1)(a) RODO),
- Establish and pursue claims or defend
against claims (legal basis: the Administrator's legitimate interest -
Article 6(1)(f) RODO, which is to protect the Administrator's rights),
- for the Administrator's marketing
purposes - targeting via Newsletter, MMS and SMS marketing content,
(legal basis: the Administrator's legitimate interest - Article 6(1)(f)
RODO - dictated by the User's consent to use the Newsletter service,
push messages and SMS/MMS marketing).
- Marketing
The Administrator processes the Users' Personal Data in order to carry
out marketing activities, which may consist, in particular, in displaying to
the User marketing content corresponding to the User's interests or sending
commercial information by electronic means for purposes related to direct
marketing of goods and services. In this case, the User's Personal Data is
processed by the Administrator on the basis of the User's consent (Article
6(1)(a) of the RODO), which may be withdrawn. Realization of the
Administrator's marketing purposes may be carried out through profiling,
consisting of automatic processing of Personal Data and its evaluation in order
to analyze the User's behavior and create a forecast for the future, which is
sued for displaying to the User content in accordance with the User's
individual preferences and interests.
- Contact form, traditional and electronic
correspondence (e-mail)
The User may address messages to the Administrator using e-mail using
the Administrator's contact information available on the Site, the Terms of Use
or this Privacy Policy, as well as through the contact form available on the
Site. Personal Data contained in such correspondence is used by the
Administrator solely for the purpose of communication and settlement of the
matter to which the correspondence relates. The basis for the processing of the
Data is the legitimate interest of the Administrator - Article 6(1)(f) of the
DPA - which consists in maintaining the correspondence addressed to it in
connection with its business activities, and in the case of contact related to
the services provided or a contract - the necessity of the processing to
perform the contract - Article 6(1)(b) of the DPA.
- Phone contact
The User may contact the Administrator by telephone for purposes related
to the services provided or the agreement concluded, as well as for other
matters. In the case of telephone contact in matters not related to the
concluded agreement or provided services, the Administrator may require the
User to provide Personal Data only if it is necessary to handle the reported
matter. The legal basis for the processing of Personal Data is the legitimate
interest of the Administrator - Article 6(1)(f) of the RODO - consisting of the
necessity to resolve the reported matter related to its business activity, and
in the case of contact related to the services provided or the contract - the
necessity of processing to perform the contract - Article 6(1)(b) of the RODO.
- Social media profiles
The Administrator has its profiles on social media (including Facebook).
The Administrator processes Personal Data left by persons responding to the
profiles, e.g. comments or web IDs. The Administrator uses this data in order
to effectively run the profiles, enable activity on these profiles, as well as
for analytical or statistical purposes. The legal basis for the processing of
Personal Data is the legitimate interest of the Administrator - Article 6(1)(f)
of the RODO - consisting in the promotion of its activities and services
provided, possibly for the purpose of asserting claims or defending against
third-party claims. The above does not apply to the processing of personal data
by social networks. To learn about the rules of data processing by social
networks, please refer to their policies for processing Personal Data.
- The period of data processing depends on
the service provided, the purpose and the basis for processing. As a rule
of thumb, the data are processed for the period of performance of the
service or execution of the order. When the basis for processing Personal
Data is consent, the data are processed until the consent is effectively
withdrawn. When the basis for the processing of Personal Data is the legitimate
interest of the Administrator, the data are processed until an effective
objection is made.
- The period of processing of Personal Data
referred to in paragraph 2 may be extended in case the processing is
necessary for the establishment, investigation and defense of possible
claims. After that time, Personal Data may be processed only if and to the
extent required by applicable law.
- After the expiration of the processing
period of Personal Data, Personal Data is deleted or irreversibly
anonymized.
§ 7
COOKIE
POLICY
- The Administrator uses cookies. Cookies are
small text files sent (saved) by the Service on the User's terminal device
(e.g. computer, smartphone).
- The Administrator uses cookies to provide services
electronically, to improve them and enhance their quality, as well as for
analytical and statistical purposes and to adapt the Website to the needs
of its Users. Through the use of cookies, the Administrator personalizes
content and advertising. The Administrator shares information about how a
User uses the Website with trusted social, advertising and analytics
partners in order to provide the highest possible quality of e-commerce
operation, analytics, customization and personalization services.
- The Service uses two types of cookies:
"session cookies" and "permanent cookies" (persistent
cookies). "Session" cookies are temporary files that are stored
on the User's terminal equipment until the User logs out, leaves the
website or shuts down the software (web browser). 'Permanent' cookies are
stored on the User's end device for the time specified in the parameters
of the cookies or until they are deleted by the User.
- The Administrator uses the following types
of cookies on the Website:
- indispensable - enable the use of services
and functionalities available on the Site, such as those used in handling
user authorization or to fill a shopping cart when shopping online,
- Functional - they allow remembering User's
choices and remembering them and adjusting them on the Site, e.g. with
regard to language preferences, font size, appearance of the Site, etc,
- Analytical - they enable the acquisition
of a range of information, including the number of visits and sources of
traffic on the Website. The collection of this data is used to determine
which pages are most frequently visited and leads to the creation of
statistics on traffic on the Website. The collection of this data is used
by the Administrator to improve the performance of the Website. The
collected data is processed in anonymized form. This type of cookies
includes Google Analytics cookies.
- Functional and analytical cookies may be
installed by the Administrator and its trusted partners through the
Service.
- The legal basis for processing data in
connection with the use of essential cookies is the necessity of
processing Personal Data for the performance of the contract (Article
6(1)(b) RODO). In the case of other cookies, the basis for processing
Personal Data is the legitimate interest of the Administrator or the
consent of the User (Article 6(1)(a) and (f) RODO). In order to use
functional, analytical and advertising cookies, the Administrator must
obtain the User's consent.
- The consent referred to in paragraph 5 is
granted by means of the relevant form displayed when visiting the Site for
the first time. The consent granted may be withdrawn or adjusted
differently at any time. To change or withdraw the consents granted,
contact the Administrator.
- Users can change their cookie settings from
their web browser.
- Changing the settings of cookies and
similar technologies may affect the way the Website works and the services
it provides.
§8
LOGI
- In accordance with the practice of most
websites, the Administrator stores HTTP requests directed to its server
(server logs). Accordingly, the Administrator stores the following
information:
- IP addresses from which users browse the
information content of our website,
- time of arrival of inquiry,
- time to send a response,
- the name of the client station -
identification implemented by the HTTP protocol,
- Information about errors that occurred
during the execution of HTTP transactions,
- URL of the page previously visited by the
user (referer link),
- information about the user's browser.
- The collected logs are kept for an
indefinite period of time as support material for the administration of
the Website. The information contained therein is not disclosed to anyone
except those authorized to administer the Website. Based on the log files,
statistics may be generated to assist in the administration of the Site.
Aggregate summaries in the form of such statistics do not contain any
identifying characteristics of visitors to the Service.
- The Administrator processes the information
contained in the logs for technical, administrative purposes, to ensure
the security of the IT system and the management of this system, as well
as for analytical and statistical purposes - in this regard, the legal
basis for the processing of Personal Data is the Administrator's
legitimate interest (Article 6(1)(f) RODO).
§ 9
TRANSFER
OF DATA OUTSIDE THE EOG
- As part of the Administrator's use of tools
to support its day-to-day operations provided, for example, by Google,
Users' Personal Data may be transferred to a country outside the European
Economic Area (EEA), in particular to the United States of America (USA)
or another country in which an entity cooperating with it maintains tools
for processing Personal Data in cooperation with the Administrator. The
Administrator transfers Personal Data outside the EEA only when necessary,
and with an adequate degree of protection, primarily through the use of
standard contractual clauses issued by the European Commission.
§ 10
FINAL
PROVISIONS
- This privacy policy is subject to updates
in connection with the ongoing analysis of technical and legal conditions
related to the processing of personal data.
- This privacy policy is effective as of 06/10/2023.