1.1. Data Controller or Netia – Netia S.A., ul. Poleczki 13, 02-822 Warsaw
1.2. Personal Data – all information about a natural person identified or identifiable by one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity, including – if they identify that person – device IP, location data, an online identifier, and information collected through cookies and other similar technologies.
1.4. GDPR – the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
1.5. Website – the Internet service operated by the Data Controller at the following address: netia.pl, mobile applications or web applications.
1.6. User – any natural person visiting the Website or using one or more services or functionalities of the Website.
1.7. – an entity with whom the Controller cooperates that provides marketing content tailored to the User or mediates in the provision of such content.
2. PROCESSING OF DATA IN CONNECTION WITH THE USE OF THE WEBSITE
2.2. In connection with the User's use of the Website, the Controller collects the User's data to the extent necessary to provide the individual services offered, as well as information about the User's activity on the Website, including the device IP, location data, an online identifier, and information collected through cookies and other similar technologies. Cookies and similar technologies are not used to identify a user and their identity is not determined on their basis. Cookies and similar technologies, where they do not by themselves identify an individual, but only when combined with other unique identifiers or other information that identifies that individual, may constitute personal data.
2.3. Using the Website is possible without creating a User account. In this case, using the Website does not require providing personal data in the registration form. The data processed includes information about the use of the Website.
2.4. The User may create an account on the Website by filling in a registration form (in which the data required for creating an account are properly marked, and the remaining data – if their provision is specified in the form – are optional and are not necessary for creating an account), thanks to which a User may use additional functionalities or services of the Website. In this case, personal data provided in the registration form and information about the use of the Website are processed. Providing personal data is not a statutory requirement, i.e. the User is not legally obliged to provide such data in order to set up an account on the Website. At the same time providing data marked as required is a condition for setting up an account on the Website. Failure to provide data marked as required makes it impossible to create an account on the Website and to use the functionalities, which, according to the Website regulations, may be used only after creating an account.
2.5. An account on the Website may be created using social media (such as Facebook and G+). For the purposes of creating an account on the Website or in the event it will be possible to use other functionalities offered by portals within the Website, the Website, at the request of the User, will collect from the User's account in the social media the data necessary for registration and operation of the account on the Website.
2.7. In case additional functionalities are available within the Service, such as the possibility to subscribe to a newsletter or use the contact form, relevant information on the principles of personal data processing and the scope of processed data shall be available when collecting them for the purpose of these functionalities.
3. COOKIES AND SIMILAR TECHNOLOGIES
3.1. In connection with the use of the Website, cookies or similar technologies are used in order to provide the User with access to the Website, improve its operation, for profiling and display of content tailored to the User's needs.
3.2. Cookies are small text files that are saved in the User's telecommunication end device (computer, phone, tablet, etc.) during their use of the Website, allowing the Controller and other entities providing services to the Controller (e.g. analytical and statistical) or to use them for various purposes, which can be divided into categories described below.
3.3. Similar technologies to cookies include local storage, session storage, and service workers, which operate in the following manner: a technology that uses a dedicated portion of the browser's memory to store data stored by the Website.
3.4. For simplicity, cookies and similar technologies shall be hereinafter referred to collectively as “cookies”.
3.5. We use two types of cookies or similar technologies based on their lifespan:
3.5.1. session cookie – files stored in the User's device until the User logs out or leaves the Website;
3.5.2. persistent cookies – files stored in the User's device until they are deleted by the User or until the expiry of the cookie file on the date specified in the specification of the cookie file.
3.6.1. Cookies required, necessary to use the Website:
a) user input cookies with data entered by the User (session ID) for the duration of the session;
b) authentication cookies used for services that require authentication for the duration of a session;
c) user centric security cookies, such as those used for detecting authentication abuse;
d) multimedia player session cookies (e.g. flash player cookies), stored for the duration of the session;
3.6.2. Functional cookies that facilitate the use of the Website:
a) user interface customisation cookies used to personalise the user interface for the duration of the session or slightly longer,
b) cookies used for monitoring website traffic, i.e. data analytics – these are files used for the purpose of analysing how the Website is used by the User and to create statistics and reports concerning Website functioning.
3.8. The User may change your cookie or similar technology settings at any time by changing the privacy settings of their browser or application or by changing your account settings on the Website, provided that the User may not be able to access certain features of the Website.
3.9. The privacy settings can be changed by selecting the appropriate option in the browser or application settings. In the case of the most popular web browsers, the User can independently manage privacy settings, including cookies, in particular by accepting cookies, changing their settings, and blocking or deleting cookies. The method of changing privacy settings as well as its extent depends on the type or version of browser or application of the User. For details on how to change the privacy settings, visit websites of the providers of these solutions.
4. PURPOSES AND LEGAL BASIS FOR PROCESSING DATA BY THE WEBSITE The Controller processes Users' personal data for the purpose of:
4.1. granting access to the Website – on the basis of Article 6(1)(b) of the GDPR;
4.2. compliance with legal obligations under Article 6(1)(c) of the GDPR,
4.3. execution of the following legitimate interests of the Controller or a third party – on the basis of Article 6(1)(f) of the GDPR:
4.3.1. self-marketing, including profiling, in particular presenting behavioural advertising, displaying marketing content on the Website to the User or directing notifications to identified Users about interesting offers or content by means of electronic communication, in particular by e-mail, provided that the User has given the appropriate consent, as well as conducting other activities related to marketing, e.g. satisfaction surveys.
4.3.2. detection and elimination of any frauds;
4.3.3. internal purposes related to the provision of services and business activities, including evidential, analytical and statistical purposes.
4.4. User personal data shall be processed under their consent for marketing purposes of , in particular related to the presentation of behavioural advertising – on the basis of Article 6(1)(a) of the GDPR.
4.5 For the purposes of implementation of the above, the Controller may, in selected causes, use profiling. This means that through automated data processing, the Controller evaluates selected factors concerning natural persons in order to analyse their behaviour or make predictions for the future. As a result of these analyses, no significant decisions regarding the User are taken by automated means.
5. PERIOD OF PERSONAL DATA PROCESSING
5.1. Personal data shall be processed until the User's account on the Website is deleted and then for the following period: a) provided for the performance of obligations under the laws on national defence and security, public safety and order, as well as tax and accounting regulations, b) period of limitation of claims and until the moment the civil, enforcement, administrative and criminal proceeding requiring the processing of data is concluded, and in case the consent was given, until the purpose of consent is achieved or until the consent is revoked, whichever occurs earlier.
5.2. The User can delete cookies from their device on their own. In order to clear the User's end device (computer, phone, tablet, etc.) of cookies, the browser cache and cookies must be deleted. The process of clearing cache and cookies should be done in User's browser settings. Settings may vary depending on the browser and its version. See Section 4.10 for more information on the options available in each browser. Deleting cookies will result in the deletion of Service settings.
6. USER RIGHTS
6.1. In connection with the processing of personal data, the User has the following rights:
6.1.1. the right to rectify data – if an error has been made in the course of data collection or if the data has changed, the User has the right to provide correct and current data and the Controller shall correct or update it;
6.1.2. the right to access data – the User may exercise this right if they want to know what data we process;
6.1.3. the right to erase data, also called the “right to be forgotten” – if the User decides that the data is no longer necessary for the purposes for which it was collected, they have the right to request the Controller to erase it;
6.1.4. the right to restrict data processing – if the User has doubts as to whether the Controller is processing the data correctly, they have the right to file a request for restriction of processing;
6.1.5. the right to data portability – the User may receive and port data they have previously provided to the Controller from the Controller to another entity;
6.1.6. the right to object to the processing of data on the basis of a legitimate interest of the Controller or of a third party, including profiling, on grounds related to the particular situation, and to object to the processing of data for direct marketing purposes;
6.1.7. the right to withdraw consent at any time – the User has the right to withdraw their consent to data processing at any time and without giving reasons; the withdrawal of consent is not retroactive, i.e. the processing that has taken place until the withdrawal of consent remains fully valid and legal; The User may withdraw their consents by changing settings.
6.2. In order to consider a request to exercise the above rights, the Controller is entitled to verify the identity of the User, which prevents the disclosure of information about the User to unauthorized persons. In the case of Users who have not created an account on the Website, the Controller is not in a position to verify the identity of the User, because the processed data concern only information on the use of the Website, without information on the identity of the User.
6.3. The User can lodge a complaint concerning the processing of personal data with the data protection supervisory authority. In the Republic of Poland, the supervisory authority is the President of the Personal Data Protection Office.
7. DATA RECIPIENTS and
7.1. Users' personal data may be transferred to the following categories of recipients: entities providing the Controller with services necessary to achieve the purposes of processing, including IT providers, entities providing technical, organisational and advisory support, other subcontractors in the area of customer service, billing and payment handling, marketing, integrators and entities providing additional services within the scope of premium rate services, entities authorised on the basis of legal regulations, companies from the Polsat Plus Group.
8. TRANSFER OF DATA OUTSIDE THE EEA
User's personal data may be transferred to countries/international organisations outside the European Economic Area if, on the basis of a decision of the European Commission, these countries/organisations are deemed to ensure an adequate level of protection of personal data corresponding to the level of protection in force within the European Economic Area, or, provided that appropriate protection measures are in place, which may consist in the use of binding corporate rules, standard data protection clauses adopted by the European Commission, standard data protection clauses adopted by the President of the Personal Data Protection Office or contractual clauses authorised by the President of the Personal Data Protection Office, and copies thereof may be obtained upon request submitted in the manner specified in item 10 above.
9. SECURITY OF PERSONAL DATA
9.1. The Controller shall conduct a risk analysis on an ongoing basis in order to ensure that personal data is processed in a secure manner – ensuring in particular that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks. The Controller shall ensure that all operations on personal data are recorded and performed only by authorised employees and associates.
9.2. The Controller shall take all necessary measures to ensure that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data on behalf of the Controller.
9.3. At netia.pl we have implemented solutions ensuring a high level of protection of your data, including SSL certificate and implementation of netia.pl website IT system which meets high standards of personal data protection.
10. CONTACT DETAILS
10.1. Any requests, statements and all correspondence regarding personal data should be directed by telephone to the Customer Service Department (phone: 801802803, 227111111 or mobile: 793800300), in writing to the following address: Netia S.A. – Dział Obsługi Reklamacji, skr. pocztowa nr 597, 40-950 Katowice S105; if you are our customer, you can contact us electronically via the form on the Netia Online website as well as in writing or verbally for the record at the point of sale (service).
10.2. The Controller has appointed a Data Protection Officer who can be contacted: electronically at firstname.lastname@example.org or in writing at the above-mentioned address of the Controller’s registered seat with the additional note “ Inspektor Ochrony Danych” (“Data Protection Inspector”).
List of third-parties
List of third parties for whom the Netia Group performs marketing activities on the basis of consent granted.
|Cyfrowy Polsat S.A.
|ul. Łubinowa 4a, 03-878 Warszawa
|Polkomtel Sp. z o.o.
|ul. Konstruktorska 4, 02-673 Warszawa
|ul. Ostrobramska 77, 04-175 Warszawa
|Telewizja Polsat Sp. z o.o.
|ul. Ostrobramska 77, 04-175 Warszawa
|al. Stanów Zjednoczonych 61a, 04-028 Warszawa
|Areo2 Sp. z o.o.
|al. Stanów Zjednoczonych 61a, 04-028 Warszawa
|Plus Bank S.A.
|al. Stanów Zjednoczonych 61a, 04-028 Warszawa
|ESOLEO Sp. z o.o.
|ul. Aleja Wyścigowa 6, 02-681 Warszawa
|Usecrypt Sp. z o.o.
|ul. Puławska 2, 02-566 Warszawa
|GroupM Sp. z o.o. z siedzibą w Warszawie
|[m] Platform Ltd. Z siedzibą w Londynie
|Media & Leads
|Ringier Axel Springer Polska sp. z o.o.
|MediaCom oddział Warszawa
|GO.PL sp. z o.o.
|Amazon Web Services (AWS)
|Kerris Group Sp. z o.o.