Pursuant to Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), O.J. EU. L.2016.19.1, hereinafter referred to as the ‘GDPR’, OEX S.A. hereby would like to provide the following information:
I. Personal Data Protection
- The controller of personal data of the person visiting oex.pl, including persons contacting OEX S.A. via electronic mail, (hereinafter referred to as the ‘User’) is OEX S.A. with registered office in Warsaw, at ul. Klimczaka 1, 02-797 Warszawa,
- With regard to any matters related to the personal data provided by the User, the User may contact the Personal Data Protection Officer (PDPO) appointed by OEX S.A.: Maciej Kaczmarski, ul. Klimczaka 1, 02-797 Warszawa, e-mail: iodo@oex.pl.
- The User’s personal data are processed for the purposes related to the maintenance of proper relations with Clients/prospective Clients or other contacting persons, and in particular for the provision by OEX S.A. of feedback to the User’s question(s), application or request. They may also be processed for the establishment, exercise or defence of potential legal claims.
- The legal basis for the processing by OEX S.A. of the User’s personal data for purposes as indicated in item 3 herein above is the legitimate interest of the Controller (Art. 6 (1) (f) of the Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016, hereinafter referred to as the ‘GDPR’).
- The provision of personal data is voluntary but a failure to provide the same will make the contact with the User, including the provision of any feedback, impossible.
- The User’s personal data shall be stored for a period of time not longer than 3 years after the date of the last message sent.
- The data are not made available to any third parties with the exception of entities duly authorised to process the data pursuant to the applicable legal regulations in force.
- The Controller uses such tools as Google Analytics and Google AdWords, and, in this relation, the User’s data are transferred to the United States of America in accordance with Implementing Decision (EU) 2016/1250 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176). Apart from the above-mentioned transfers, the Controller does not intend to transfer the User’s personal data to any third country or to any international organisations.
- Due to the fact that the basis for the processing of User’s personal data is the premise of a legitimate interest of the Controller, the User has the right to object to the processing of his/her personal data. The exercise of this right will lead to the Controller’s discontinuation of processing of the User’s personal data, unless there should be legitimate grounds for the processing of the same, which override the interests, rights and freedoms of the User or unless the personal data are necessary for a potential establishment, exercise or defence of legal claims.
- In relation with the processing of personal data, the User has the right to request:
- to obtain information concerning the data processing,
- to be granted access to his/her data and to receive a copy of the same,
- to have the data rectified – in case of any irregularities,
- to have the data processing limited:
- during the verification by the Controller of the correctness of the User’s data,
- until the User’s objection has been reviewed,
- when the User has concluded that the data processing is unlawful and has exercised the right to have the processing limited instead of requesting the removal of the personal data,
- when a further limited data processing by the Controller of the data is necessary for the User for the establishment or defence of potential legal claims,
- to have the personal data transferred (i.e. to obtain his or her data in a structured, commonly used and readable format in order to transmit the same to another controller) and
- to have the personal data erased (‘the right to be forgotten’).
- In case of doubts/questions concerning the personal data processing or in order to exercise the rights – please contact our Personal Data Protection Officer (iodo@oex.pl, ul. Klimczaka 1, 02-797 Warszawa). In case of exhaustion of the User’s rights with regard to the Controller and a conclusion that the processing of the User’s personal data by the Controller is a violation of the personal data protection regulations, the User has the right to lodge a complaint to a supervisory authority – President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl.
- No automated decisions (i.e. decisions without a significant human participation) will be made and the User’s personal data will not be subject to profiling.
II. Cookies
- The operator of the www.oex.pl website is OEX S.A., ul. Klimczaka 1, 02-797 Warszawa.
- The website pursues its functions related to the acquisition of information about the Users and their behaviours in the following way:
- From information provided voluntarily in website forms.
- From cookie files saved in end devices.
- The cookie files (so-called ‘cookies’) are IT data, in particular text files, that are stored in the Website User’s end devices and their purpose is to facilitate the browsing of Website pages. Cookies usually contain the name of the website they originate from, the length of time for which they will be stored in the end device and their unique number. The entity placing cookies in the Website User’s end device and obtaining access to the same is the OEX Website operator with registered office at ul. Klimczaka 1, 02-797 Warszawa.
- Cookies are used for the following purposes:
- to adjust the content of the Website pages to the User’s preferences and to optimise the browsing; in particular, the cookies allow us to identify the Website User’s device and to display the pages as per his/her individual needs;
- to create statistics which will help us to understand the way in which the Website Users use the pages and, consequently, to improve the structure and contents thereof;
- to maintain the session of the Website User (after login) so that the User does not have to re-enter the login and the password each time he or she opens a subdomain of the Website;
- The Website generally uses two basic types of cookies: ‘session cookies’ and ‘persistent cookies’. The session cookies are temporary cookies that are stored in the end device of the User until the logout, website closing or software (browser) closing. The persistent cookies are stored in the User’s end device for a specific period of time as defined in the cookie file parameters or until they have been removed by the User.
- The Website uses the following two types of cookies:
- ‘strictly necessary” cookies, that allow the use of Website services, e.g. authorisation cookies that are used for services requiring authorisation at the Website;
- security cookies, e.g. cookies used to detect Website authorisation abuses;
- ‘performance’ cookies that allow the collection of information on the way the Website is used;
- ‘functional’ cookies that ‘remember’ the User’s settings and interface customization with regard to, for example, the User’s language or region, font size, page display etc.;
- ‘advertising’ cookies that allow the provision to the Users of advertising content more adjusted to their interests.
- In many cases, the software used for browsing (the browser) by default allows the storage of cookies in the User’s end device. The Website Users may change the cookies settings at any time. In particular, the settings may be changed so as to automatically block the cookies support in the browser settings or to provide information about each cookie being saved in the Website User’s device. Detailed information about the possibilities and ways of supporting cookies can be found in the software (browser) settings. N.B. Any limitation concerning the support of cookies may impact the functionalities available at the Website pages.
- Cookies stored in the Website User’s end device may also be used by third party advertisers and partners cooperating with the Website Operator.
- For more information about cookies, visit the ‘Help’ section in your browser’s menu.