The following Privacy Policy contains information about the Controller’s processing of Personal Data of persons using the Website, the Controller’s websites and persons whose Personal Data is processed for at least one of the purposes listed below. The Privacy Policy serves as a public announcement concerning the ways in which Data is collected and processed; the Data Controller is committed to ensuring transparency of operations and to providing all the necessary information to the persons whose Data is being processed.
§1 Definitions
- Website – the “Rock Master” website operating at https://rockmaster.com.pl/en/.
- External website – the websites of partners, service providers or service recipients cooperating with the Controller.
- Controller – CBR ROCK MASTER LIMITED LIABILITY COMPANY, LIMITED PARTNERSHIP
- with registered office at Krolewska 94/11 Street, 30-079 Cracow, Poland entered into the National Court Register – the register of entrepreneurs by the REGIONAL COURT FOR Cracow Srodmiescie in Cracow, the XI ECONOMIC DEPARTMENT OF THE NATIONAL COURT REGISTER, under KRS number: 0000690194, NIP number: 9451844489.
- Cookies – cookies or other similar technological solutions to be considered IT data, most often text files, stored on the terminal devices of persons using and browsing the Website.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such Data and repealing Directive 95/46/EC.
- Personal Data / Data – any information related to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
- Privacy Policy – this Privacy and Cookies Policy.
§2 Personal Data Protection Officer
The Controller has appointed a Personal Data Protection Officer who can be contacted in all matters concerning the processing of Personal Data, either electronically at: office@altosekura.com, by telephone at +48 12 445 74 00 or in writing at the address of the Controller’s registered office. The indicated data can be
§3. General information regarding the processing of personal data
- The Controller processes Personal Data in ways depending on the purpose for which they are collected or transferred (a precise description of the purposes for the processing of personal data is provided in §4 of the Privacy Policy); at all times this takes place with due respect to the relevant provisions of the law, in particular of the GDPR.
- In the majority of cases, the Data is received by the Controller directly from the person to whom it is related to; this happens e.g. when this person fills in a form or makes a purchase through the Website. However, there may be situations where the Data is provided by another Controller, e.g. acting on behalf of a client/contractor with whom the Controller cooperates and who indicated a specific person as the contractual point of contact. In such a case, the Controller will process only the range of Data which has been provided and which in most such cases will be limited to business contact details.
- The Provision of Personal Data is voluntary, however, some of the services provided by the Controller may require it, otherwise it might be impossible for the Controller to provide the service requested; such as answering a question or the conclusion of a contract.
§4 Personal data processing purposes
The Controller always processes Personal Data for a specific purpose, acting on a specific legal basis and for a specific period of time.
- The conclusion of a contract and the performance thereof in accordance with the type of service selected.
Data is processed in order to carry out activities related to the conclusion and fulfilment of a contract (concluded between the client and the Controller through the Website, as well as outside of the Website); on the basis of Article 6(1)(b) of the GDPR, where the activities in particular concern:- The provision of a service or the sale of goods, to the extent described in the contract concluded,
- Contacting a person for purposes related to the provided service or the sale of goods,
- Activities necessary prior to the conclusion of a contract, in particular presenting a sales offer at the request of the Data Subject.
Personal Data will only be processed for these purposes for the duration of the contract.
- Contacting the Controller.
Data is processed for the purpose of establishing a business relationship, which includes answering queries sent in by Data Subjects; on the basis of Article 6(1)(f) of the GDPR, i.e. in relation to the legitimate interests pursued by the Controller by responding to the abovementioned queries.
The Personal Data will be processed until an objection is successfully expressed against such processing of Data, however, not longer than until the last day of the calendar year following the 5 year after the Controller has responded.
- Liaising with the client/contractor’s nominated business contact persons.
For the purpose of establishing or maintaining a co-operation relationship with a contractor/customer of whom the Data Subject is representative or on whose behalf they contact the Controller following the conclusion of a contract; on the basis of Article 6(1)(f) of the GDPR, i.e. in relation to the legitimate interests pursued by the Controller by correctly fulfilling their contractual obligations.The scope of the Personal Data processed shall include the Data indicated in the contract and the Data shall be processed until an objection is successfully expressed against such processing of Data, but not longer than for the duration of the contract or until the cooperation with the client/contractor is terminated by either the Controller or the Data Subject in question.
- Complaints and other claims.
Personal Data may be processed for the purposes of seeking compensation from or securing possible claims and handling complaints; on the basis of Article 6(1)(f) of the GDPR, i.e. in relation to the legitimate interests pursued by the Controller by protecting the rights of the Controller and of Data Subjects. The Data shall be processed until the relevant claim has expired.
- Marketing activities of the Controller.
Marketing activities in regard to the Controller’s own services or those of third parties are performed on the basis of Article 6(1)(f) of the GDPR; i.e. in relation to the legitimate interests pursued by the Controller by looking after their business, promoting their services and seeking out cooperations.
The Personal Data will be processed with regard to marketing activities until the consent to receive marketing communications or information under the provisions of the Electronic Services Act or the Telecommunications Law is withdrawn, or until an objection is successfully expressed against such processing of Data.
- Fulfilment of the Controller’s legal obligations.
In order to fulfil the relevant tax and accounting obligations, on the basis of Article 6(1)(c) of the GDPR, i.e. for compliance with a legal obligation to which the Controller is subject.
The Personal Data is retained for this purpose for as long as the duration of the legal obligation; the precise timeframe is determined by the relevant and applicable legislation.
- Analytical and statistical activities of the Controller.
Personal Data is processed for analytical and statistical purposes, on the basis of Article 6(1)(f) of the GDPR, i.e. in relation to the legitimate interests pursued by the Controller by analysing website traffic, optimisation of the Controller’s websites, as well as by estimating interest scopes and levels.
The Personal Data will be processed for as long as a particular service/ functionality is used or until an objection is successfully expressed against such processing of Data, however not longer than until the last day of the calendar year following the third year from when the Data was gathered by the Controller.
- Issuing certificates and other documents related to the provided training.
Personal Data is processed for the purpose of issuing certificates and other documents as indicated for the training selected, as defined and regulated by the relevant legislation, on the basis of Article 6(1)(c) of the GDPR, i.e. for compliance with a legal obligation to which the Controller is subject under relevant legislation in regard to certification in the given field or subject, such as the one the Controller issues in connection with the provided trainings. Personal Data for this purpose will be processed for a period of 5 years from the date of issue of the certificate.
Personal Data is processed for the purpose of issuing certificates and other documents as indicated for the training selected, which are not specifically described by any relevant legislation but only serve as a confirmation of the completion of a training as provided by the Controller, on the basis of Article 6(1)(b) of the GDPR, i.e. in connection with a contract concluded in regard to the specified training and to issuing a certificate as long as particular criteria are met. Personal data for this purpose will be processed for a period of 5 years from the date of issue of the certificate.
- Using the Website, i. e. displaying it and using the functionalities provided.
Insofar as the information provided by Cookies constitutes Personal Data, displaying of the Website takes place in accordance with Article 6(1)(f) of the GDPR, i.e. in relation to the legitimate interests pursued by the Controller by operating the Website, ensuring the security of users and the correct use of the Website by them. Such personal data will be processed for different periods, depending on the Cookie or other similar technology applicable, and the exact timeframe for each Cookie is specified on an informational banner displayed on the Website.
The use of non-essential Cookies is subject to the user’s consent (Article 6(1)(a) GDPR), given prior to their implementation. Such consent can be revoked at any time.
§5 Access to Personal Data by third parties
The Controller may transfer Personal Data to entities that are authorised to receive them under applicable and relevant legislation, as well as to trusted recipients cooperating with the Controller, such as: hosting companies, providing such or similar services to the Controller; online payment service providers, processing payments for goods or websites offered on the Website (if transactions are made through the Website); companies responsible for the delivery of physical products to the User (postal/courier services, if purchases are made through the Website); companies providing technical services (development and maintenance of IT systems and the Website); debt collection and legal service providers; accounting service providers; companies providing auxiliary services in regard to the trainings and to the issue of certificates and other documents.
The Seller may make the Customer’s telephone number or e-mail address available to the IT service provider that issues, maintains and provides access to e-receipts; this data may be processed for the purposes of:
- verifying whether a given telephone number or e-mail address have been registered within the operating entity’s own products, and if so, providing access to e-receipts as well as additional information stemming from the issuing process to the Customer within the aforementioned products;
- sending text messages and other notifications to Customers confirming that an e-receipt has been forwarded to the IT system of the entity providing IT support for e-receipts.
§6 Ways of processing Personal Data
- The Controller may transfer Personal Data outside the European Economic Area (EEA) or to international organisations. Such transfer shall take place on the basis of an adequacy decision taken by the European Commission or on the basis of standard contractual clauses in accordance with a decision of the European Commission or on another legal basis, for example: the express consent given by the Data Subject. Precise information on the transferring of Data to the various providers and, where applicable, information on adequate or appropriate safeguard solutions in place, as well as on the possibility of obtaining a copy of the data in question or on the place where the data can be accessed, can be requested from the Controller by e-mail: office@altosekura.com.
- The Controller may process Personal Data in an automated manner, including profiling; such automated processing will not lead to decisions that are legally binding in any way for the Data Subject or affect them in a similarly significant way. Such automated processing may affect the selection of advertisements displayed or the selection of products offered.
§7 Users’ rights in relation to the processing of Personal Data
The owner of the Personal Data processed by the Controller retains all rights indicated below, as long as appropriate legal requirements have been met. Exercising such rights can take on any form, including sending an appropriate request to the Controller’s e-mail address. If it is not possible to identify the Requester, the Controller may require additional Data to be sent.
- Right to access Personal Data and to obtain a copy of it
The Data Subject has the right to obtain confirmation from the Controller as to whether or not Personal Data relating to them is undergoing processing by the Controller, and, if so, to access this data and to obtain relevant information. The Data Subject may also make use of their right to obtain a copy of said Personal Data from the Controller.
- Right to rectification of Personal Data
The Data Subject has the right to request that the Controller immediately rectify any inaccurate Personal Data concerning them and/or complete any missing information within the Personal Data.
- Right to erasure of Personal Data
The Data Subject has the right to request that the Controller erase any Personal Data concerning them. The Controller shall comply, unless any circumstances are present which would exempt them from this obligation, in which case the Controller shall inform the Data Subject accordingly.
- Right to restriction of Personal Data processing
The Data Subject has the right to obtain from the Controller restriction of processing where any of the conditions mentioned in Article 18 of GDPR apply.
- Right to the transfer of Data
Where the Data is processed by the Controller on the basis of consent, a contract concluded or in an automated manner, the Data Subject has the right to request a copy of this Data in machine-readable format from the Controller as well as the right to request that the Controller transfer the Data to another controller, where technically possible.
- Right to object to the processing of Personal Data
At any time, for reasons related to their particular situation, the Data Subject has the right to object to the processing of their Personal Data for purposes outlined in Article 6(1)(f) GDPR (legitimate interest of the Controller). The Controller may continue to process the Data if it is clearly demonstrated that compelling and legitimate reasons for the processing exist, which override the interests, rights and freedoms of the Data Subject, or grounds for establishing, asserting or defending claims.
- Right to object to Data processing for the purposes of direct marketing
Where Personal Data is processed for the purposes of direct marketing, the Data Subject has the right to object at any time to the processing of their Personal Data for the purposes of such marketing.
- Right to lodge a complaint
The Data Subject has the right to lodge a complaint with the supervisory authority responsible for matters regarding the protection of Personal Data.
- Right to withdraw consent
If the Data Subject has given their consent to the processing of Personal Data by the Controller, they have the right to revoke the given consent at any time (the withdrawal of consent does not affect the lawfulness of data processing that took place on the basis of such a consent before it was withdrawn).
§8 Cookies – general information
The Website uses various Cookies, for example to allow the safe and easy use of the Website. Where Cookies are used, the Controller might have access to information regarding the activities carried out by users while visiting the Website (e.g. their times of visit, traffic on the Website and interest expressed/shown in regard to specific content or advertisements) and information directly related to the user, e.g. information on their location. As a general rule, information collected by means of Cookies does not constitute Personal Data, however, in combination with other information held by the Controller or external Websites, it may become a part of Personal Data.
§9 Types of Cookies used on the Website
- Types of Cookies in terms of storage permanence:
- Session cookies – these are files placed on the user’s device and read by the Website from there during a single session of a given device. Once the web browser is closed, the cookies are deleted from the device.
- Persistent cookies – these are files placed on the user’s device and read by the Website from there for as long as they are not deleted, either manually or automatically after a specified period.
- Types of Cookies in terms to their purpose:
- Essential – These Cookies are necessary for the Website to function correctly. For this reason, they cannot be disabled.
- Analytics – These Cookies allow the Controller to monitor Website traffic, including the number of visits, and verify the choices made by users. Thanks to analytics Cookies it is possible to build an anonymized statistics database to help develop and improve the Website.
- Marketing – These Cookies are used to display advertisements and customise them according to user preferences. Customisation takes place by analysing the behaviour of individual users on the Website; depending on the Cookie provider, the analysis may also include information on the behaviour on other sites.
- Functional – These Cookies serve to retain information on choices made on the Website in regard to its function, e.g. the preferred language of the page, the layout of the content and the region in which the user is located.
- Types of Cookies by owner:
- Internal cookies – these are files placed on the user’s device by the Website’s ICT system and read by it from there.
- External cookies – these are files placed on the user’s device by the ICT systems of External Websites and read by them from there. Such External scripts able to place Cookies on the User’s device have been deliberately introduced to the Website through the scripts and services made available and installed on the Website. The External Websites in question are:
Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States, through:
- Google Ads (marketing cookies running and evaluating advertising campaigns);
- Google Analytics (statistical files that study user behaviour). For more information: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008;
- reCAPTCHA (cookies necessary to ensure website security, for example to prevent spam commenting);
- YouTube, whose widgets are embedded on the website and which allow a specific video to be played, of which Google is informed for the purposes of analysis, optimisation and the correct function of YouTube and the widget, as well as of ad personalisation. If the user is logged into a Google account while using the Website, videos that have been played will be linked to the activity log of that account. For more information, please see: https://policies.google.com/privacy and www.youtube.com/t/terms.
- Google Maps, whose widgets are embedded on the website to display a map and to make it possible to calculate a route to a given point on the map. More information: https://www.google.com/intl/eng_eng/help/terms_maps/
- Google Translate plug-in, which allows the website to be translated into selected languages.
- More information about Google LLC: https://policies.google.com/privacy?hl.
- Some of the cookies used in the store are: cookieyes-consent, woocommerce_items_in_cart, woocommerce_cart_hash, wp_woocommerce_session_*, shop_per_page, woodmart_wishlist_count, sbjs_migrations, sbjs_current_add, sbjs_first_add, sbjs_current, sbjs_first, sbjs_udata, sbjs_session, wishlist_cleared_time, woodmart_recently_viewed_products
§10 Cookie Management
- All cookies indicated, except for essential cookies, require the user’s consent before they are used. The user makes a choice with regard to the cookies used (the only exception are the essential cookies), and cookies remain blocked until explicit consent is given, by accepting them and confirming via a button. The user can change cookie settings for the Controller’s Website at any time by withdrawing consent or objecting to the use of non-essential cookies.
- Cookie settings can also be changed directly in the web browser used. At the browser level, the user can manage cookies by requesting that information is displayed each time a cookie is placed on the device or by blocking their automatic storage. The user can configure these options in several ways, according to the browser used. For more information, please see below:
- Microsoft Edge https://privacy.microsoft.com/en-us/privacystatement
- Chrome https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
- Opera https://help.opera.com/en/latest/security-and-privacy/Mozilla
- Firefox https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
- Safari https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
- If cookies are restricted, some of the Website’s functionalities may not work properly.