of CO3 spółka z ograniczoną odpowiedzialnością (Limited Liability Company)
Date of last update: 09.01.2023
- Controller – it means the controller of Personal Data within the meaning of Article 4(7) of the GDPR, namely CO³ Spółka z ograniczoną odpowiedzialnością with its registered office in Bielany Wrocławskie (55-040), ul. Irysowa 1, NIP: 8961583248, for which the District Court for Wrocław Fabryczna in Wrocław, 6th Commercial Division of the National Court Register maintains registration files in the Register of Entrepreneurs under the KRS number: 0000764323, e-mail: dpo@CO³.eu.
- Cookies Banner – a computer program on the Website used to manage Cookies by the User, displaying information about the Cookies and providing the possibility for the User to consent to their use by the Controller when using the Website or the Platform.
- Chatbot – a computer program for handling User inquiries, with which the User can conduct simple conversations, especially about the Controller’s services and products;
- Software – it means the Internet browser used to access the Platform;
- Cookies – it means computer data, in particular text files, which are stored on the User’s Device and which facilitate the use of the Platform;
- Platform – it means the ICT system by means of which CO³ provides services electronically, as described in the General Contractual Terms and Conditions (GCTC), available at the following internet address: www.co3.eu/gctc ;
- GDPR – it means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – the legal act governing the protection of personal data;
- Website – shall be understood to mean the website operating at the following address: www.CO³.eu;
- Device – it means the electronic device by which the User accesses the Platform, in particular: PCs, laptops, tablets, smartphones;
- User – shall be understood to mean a User of the Platform and a User of the Website;
- Platform User – shall be understood to mean any person who has a user account on the Platform, which entitles them to use the functionality of the Platform within the limits specified in the T&Cs;
- Website User – means any person who uses the Website.
§ 2. General provisions
- The Controller ensures that it uses its best efforts to ensure that the processing of personal data by the Controller is carried out with the greatest respect for the privacy of the data subjects.
- The Controller shall ensure that technical and organizational measures are in place to ensure the protection of the processed personal data, appropriate to the risks and categories of data being protected, and in particular that the data is protected against its disclosure to unauthorized persons, acquisition by an unauthorized person, processing in violation of the Act, and change, loss, damage or destruction.
- The Controller shall comply with the following principles regarding the processing of personal data:
- processes personal data lawfully, fairly and in a transparent manner for the data subject;
- collects personal data for specified, explicit and legitimate purposes and does not further process it in a way incompatible with those purposes;
- processes personal data in a way that is adequate, relevant and limited to what is necessary for the purposes of the processing;
- personal data is processed correctly and is updated when necessary; the Controller takes all reasonable steps to ensure that personal data which is inaccurate in light of the purposes of its processing are erased or rectified without delay;
- keeps the personal data in a form which enables identification of the data subject for no longer than is necessary for the purposes for which the data is processed.
- The Controller may transfer Personal Data to a third country, i.e. outside the European Economic Area (EEA), in order to enable Users outside the EEA to use the Platform services or the Service. This transfer may be made to:
- countries where the European Commission has issued adequacy decisions on the protection of personal data (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) without the need to meet additional requirements;
- other countries, primarily on the basis of Standard Contractual Clauses with additional security measures (technical and legal) or Binding Corporate Rules or pursuant to Article 49(1)(c) of GDPR, if the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the Controller and a User outside the EEA.
§ 3. Processing of Personal Data of Users and other persons
- Personal data of Users and other persons interacting with the Controller or the Users can be processed by the Controller:
- in order to perform the contract concluded with the Controller for the provision of services by electronic means within the Platform- then the legal basis for the processing of personal data is the necessity of the processing for the performance of the contract (Article 6(1)(b) of GDPR);
- in order to provide geolocation data such as information about the GPS location of the User’s vehicle, the registration number of the localized vehicle and the ignition status (if available) – the legal basis for processing is consent (Article 6(1)(a) of GDPR);
- in order to establish contact and enable the use of services provided on the Platform or the Service, including the use of the Chatbot to the extent relating to the processing of data provided in the chat window – the legal basis for the processing is the legitimate interest of the Controller (Article 6.1.f. GDPR);
- in order to comply with statutory obligations incumbent on the Controller, resulting in particular from tax and accounting regulations – the legal basis of processing is a legal obligation (Article 6(1)(c) of GDPR);
- for analytical and statistical purposes, including improving the Platform functionalities applied – the legal basis of the processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR) consisting of conducting analyses of Users’ activities on the Platform, as well as of their preferences in order to improve the applied functionalities;
- in order to establish and pursue claims or defend against claims – the legal basis of the processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR);
- for technical and administrative purposes, to ensure the security of the Controller’s ICT systems and to manage these systems – in this regard, the legal basis of the processing is the Controller’s legitimate interest (Article 6(1)(f) of GDPR);
- for direct marketing purposes – in this case, the legal basis for the processing is also the legally legitimate interest pursued by the Controller or by a third party (Article 6(1)(f) of GDPR).
- Providing personal data by the User is voluntary but necessary in order to provide electronic services by the Controller within the Platform.
- The Controller processes or may process the following personal data:
- name and surname,
- e-mail address,
- IP address,
- telephone numbers,
- series and number of identity document,
- VAT identification number (e.g. NIP),
- registered or business address,
- professional entitlements and qualifications,
- geolocation data (including the country and city from which the User browsed the Service or logged into the Platform);
- data collected during interaction with the Controller or its representatives through electronic communication.
- the name of the company within which the user works or with which she/he cooperates;
- social media account information for contact purposes;
- the URL of the sites visited, the time and date of such visits;
- technical information about the Device (e.g., screen resolution, device type, browser type or operating system).
- The recipients of personal data processed by the Controller are or may be:
- persons authorized by the Controller to process data within the Controller’s enterprise;
- entities providing the Controller with IT services (e.g., Chatbot service), accounting, human resources, legal and tax advisory services, as well as advertising, courier, postal services, protection of persons and property, and cleaning services – in particular, on the basis of agreements on entrustment of personal data processing;
- other Users to whom the Controller grants access to the Platform- in accordance with the provisions of GCTC;
- public administration bodies and entities performing public tasks or acting on behalf of public administration bodies, as well as judicial authorities – within the limits of their rights provided by provisions of law.
- The Controller processes the Users’ personal data for the duration of the legal relationship with the User and the time of the limitation period, however, not longer than 6 years. The Controller processes personal data of other persons for a period not longer than 6 years.
- The Controller does not use systems used for profiling and automated decision-making.
- The Controller declares that it may use tools designed to analyse traffic on the Platform, such as Google Analytics and other similar tools.
- The Controller reserves the right to use anonymized geolocation data for analytical and statistical purposes, serving the development of services offered by the Controller.
§ 4. Rights of the data subject
- Persons whose data is processed by the Controller are entitled to:
- the right of access to their personal data and the right to correct it;
- the right to supplement, update, rectify, transfer and request restriction of processing as well as erasure of personal data;
- the right to object to the processing of personal data;
- In order to access, correct, supplement, update, rectify, limit processing, transfer, delete and object to the processing of one’s personal data, please send your request to the e-mail address of the Controller: dpo@CO³.eu or in writing to the address: ul. Irysowa 1, 55-040 Bielany Wrocławskie.
- The data subject shall also have the right to lodge a complaint with the President of the Personal Data Protection Office if the Controller does not process personal data lawfully.
§ 5. Cookies
- The Platform may use two basic types of Cookies:
- session cookies – these are temporary files that are stored on the User’s Device until leaving the Platform or switching off the Software;
- permanent – these are files stored on the User’s Device for the period specified in the parameters of the Cookies or until they are deleted by the User.
- The Platform may use all or some of the following types of Cookies:
- “essential”, which enable the use of the Platform,
- “performance”which allows the collection of information about the manner of using the Platform;
- “functionality”, which enable retention of User-selected settings and personalization of the User interface, e.g. through language, font size, appearance of the Platform;
- “advertising”, which make it possible to provide Users with advertising content more tailored to their interests.
- The different types of Cookies used within the Platform or Service are specified in the Cookies Banner available to Users at any time.
- The solutions used within the Platform are safe for the Devices of the Users who use the Platform.
- The User may at any time change the settings concerning Cookies. These settings may be changed, in particular, so as to block the automatic handling of Cookies in the settings of your web browser, or to inform you each time they are placed on your Device. If you restrict or disable access of Cookies to your Device, your use of the Platform or the Website may be impaired and may disable some functionality that requires Cookies. Detailed information about the possibility and methods of handling Cookies is available in the Software settings and in the Cookies Banner.
§ 6. Use of technologies monitoring User activity
- The platform uses social plugins, which are tools allowing connection to popular social networks. These plugins allow the browser of a User visiting the Platform to retrieve content from the plugin provider and transmit data about the User, including personal data, to that provider.
- The following social plugins are currently in use:
- Facebook Ireland Ltd. – On the Platform, there are “Like” and “Share” plugins to link to Facebook and a plugin that links directly to Instagram. By using one of the aforementioned plugins, the User logs in to Facebook or Instagram respectively, which have different privacy policies than the Platform. You can read them by using the link: https://pl-pl.facebook.com/privacy/explanation or for information on plugins: https://pl-pl.facebook.com/help/203587239679209;
- LinkedIn Ireland Unlimited Company – there is a plugin on the Platform that allows referring to LinkedIn and sharing a post on it. By using such a plugin, the User logs in to the aforementioned portal, which has different privacy policies than the Platform. You can read them by using the link: https://www.linkedin.com/legal/privacy-policy?_l=pl_PL.
- Google Ireland Limited – the Service includes a plug-in that allows the use of the Google Maps service to locate the Controller’s premises, and there are video or audio-video materials permanently embedded (so-called embeddable) from YouTube. The use of these services has privacy policies different from the Service. You can get acquainted with them by going to the link: https://policies.google.com/privacy?hl=pl
§ 7. Using Chatbot
- As part of the Service, the Controller uses Chatbot.
- The Chatbot provider is an entity external to the Controller – Smartsupp.com s.r.o., VAT ID CZ03668681 located at Šumavská 31, 602 00 Brno (Czech Republic), acting as the Controller’s processor.
- The Controller has a processing entrustment agreement with Smartsupp.com s.r.o.. Smartsupp.com s.r.o. processes data only for the purpose and to the extent necessary for the operation of the conversation via Chatbot and acts only in accordance with the Controller’s instructions.
- Additional information on data privacy and data processing of Smartsupp.com, s.r.o. can be found at www.smartsupp.com/privacy.
§ 8. Profiling
- As part of the use of the Service, a system is used that tracks the activity of Users based on information, including Cookies, stored on Users’ Devices, e-mail addresses, as well as the activity history of Users of the Service. Based on this tracking, it is possible to profile Users in order to send individually tailored marketing messages.
- The profiling referred to in the paragraph above shall not have any legal effect on the User or, to a similar extent, shall not materially affect the User.
§ 9. Final provisions
- The Platform may contain links to other websites, such as those of advertisers or telematic service providers. Such websites operate independently of the Controller and are in no way supervised by the Controller. These websites may have their own privacy policies and regulations, which we recommend that you read.