Privacy policy on the website GrupaEurocash.pl
1.1. admin — Eurocash S.A. with its registered office in Komorniki, ul. Wiśniowa 11, 62-052 Komorniki.
1.2. Personal data information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, psychological, economic, cultural or social identity, including device IP, location data, web identifier and information collected through cookies and other similar technology.
1.3. politics — this Privacy Policy.
1.4. SHOWS — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
1.5. Service — website maintained by the Administrator at www.grupaeurocash.pl.
1.6. User — any natural person visiting the Website or using one or more services or functionalities described in the Policy.
2.1. In connection with the User's use of the Website, the Administrator collects data to the extent necessary for the provision of individual services offered, as well as information about the User's activity on the Website. The following describes the detailed rules and purposes of processing Personal Data collected during the use of the Website by the User.
USE OF THE SERVICE
3.1. Personal data of all persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the Administrator in order to:
3.1.1. provision of electronic services in the scope of making available to Users the content collected on the Website — then the legal basis for processing is the necessity of processing for the performance of the contract (Article 6 (1) (b) of the GDPR);
3.1.2. analytical and statistical — then the legal basis for processing is the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR), consisting in conducting analyses of Users' activity, as well as their preferences in order to improve the functionalities used and the services provided;
3.1.3. technical, administrative, related to the security of the IT system and the management of this system and the provision of services - then the legal basis for processing is the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR), consisting in conducting IT and administrative work aimed at maintaining the security and proper functioning of the Website;
3.1.4. possible establishment and enforcement of claims or defense against claims — the legal basis for processing is the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR), consisting in the defense of its economic interests;
3.1.5. Marketing of the Administrator — the rules of processing Personal Data for marketing purposes are described in the Social Networks section.
3.2. The User's activity on the Website, including his Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and actions that concern the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for the purposes related to the provision of services. The Controller also processes them for technical, administrative purposes, for the purposes of ensuring the security of the IT system and managing this system, as well as for analytical and statistical purposes — in this regard, the legal basis for processing is the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR). consisting in providing and improving the functionalities offered to Users.
3.3. The administrator provides an opportunity to contact him using electronic contact forms. Using the form requires providing Personal Data necessary to establish contact with the User and respond to the request. You may also provide other data in order to facilitate contact or to handle your enquiry. The provision of data marked as mandatory is required in order to accept and handle the request, and failure to provide them results in the inability to handle them. The provision of other data is voluntary.
3.4. Personal data are processed in order to handle the inquiry sent by the contact form provided on the Website — the legal basis for processing is the necessity of processing for the performance of the service contract (Article 6 (1) (b) of the GDPR); in the field of data provided optionally, the legal basis for processing is consent (Article 6 (1) (a) of the GDPR).
3.5. As part of the contact form available on the Website, you can also contact another company from the Eurocash Group, but in this case Eurocash S.A. is not the administrator of the personal data contained in the contact form.
3.6. The Administrator processes personal data of Users visiting the Administrator's profiles maintained on social media (YouTube, LinkedIn). These data are processed solely in connection with the maintenance of a profile, including in order to inform Users about the activities of the Administrator and to promote various types of events, services and products and for analytical and statistical purposes. The legal basis for the processing of personal data by the Administrator for this purpose is his legitimate interest (Article 6 (1) (f) of the GDPR) consisting in promoting his own brand and analyzing the preferences and activity of Users visiting the Administrator's profiles on social media in order to improve the functionalities used and services provided.
3.7. The above information does not apply to the processing of data by the administrators of social networks (YouTube, LinkedIn). Detailed information on the purpose and scope of data collection by social networks can be found at the following links:
3.7.1. YouTube: https://policies.google.com/privacy
3.7.2. LinkedIn: https://www.linkedin.com/legal/privacy-policy
4.1. Cookies are small text files installed on the User's device. Cookies collect information that facilitates the use of the website — for example by remembering information about the User, for example regarding login or language preferences. The administrator of the data processed in connection with the use of cookies is Eurocash S.A. On the Website, the Administrator uses its own files, which are installed directly by the Website. Third-party cookies are also used - which are cookies from a domain other than the domain of the visited website - primarily for analytical and advertising activities of the Administrator.
4.2. The Website uses cookies primarily to ensure the correct functioning of the website, to remember the User's choices on the website — and in the case of the User giving the appropriate consent — also to analyse and track traffic on the Website. As part of the Website, based on the consent obtained, cookies are also installed allowing the use of social media functionality.
4.3. Below you will find detailed information about cookies that the Administrator uses on the Website. The Administrator regularly uses tools for scanning the Website, in order to determine which cookies are stored on the User's device, so that the list of cookies used is as accurate as possible. The administrator uses the following categories of files: necessary, functional, analytical and social media cookies.
4.4. The use by the Administrator of the necessary cookies is necessary for the proper functioning of the website. These files are installed in particular for the purpose of remembering login sessions or filling in forms, as well as for the purpose of setting privacy options.
4.5. The legal basis for data processing in connection with the use of the necessary cookies is the necessity of processing for the performance of the contract (Article 6 (1) (b) of the GDPR).
4.6. If the User wishes to obtain more information about individual files from this category, i.e. the name of individual cookies, description of operation, validity period and origin, click on the “Manage cookies” button, which is located in point 6 of the Privacy Policy or the button with the same content available in the footer of each subpage of the Service. After the cookie banner appears, select the “Manage cookies” button and then expand the “Necessary cookies” list, then the “Details” button located below.
4.7. Functional cookies are used in order to remember and adapt the Website to the User's choices, among others in terms of language preferences. Functional cookies may be installed by the Administrator and its partners via the Website.
4.8. Analytical cookies make it possible to obtain information such as the number of visits and sources of traffic on the Website. They are used to determine which pages are more popular and which are less popular and to understand how Users navigate the site by keeping statistics about traffic on the Website. Data processing is carried out in order to improve the performance of the Service. The information collected by these cookies is aggregated, so it is not intended to establish your identity. Functional cookies may be installed by the Administrator and its partners via the Website.
4.9. The legal basis for the processing of Personal Data in connection with the use of functional and analytical cookies by the Administrator is its legitimate interest (Art. 6 para. 1 lit. f GDPR), consisting in ensuring the highest quality of services provided on the Website, in connection with the consent given by the User to save them (separate for analytical files, separate for functional files).
4.10. The processing of Personal Data in connection with the use of functional and analytical cookies is subject to obtaining the User's consent to the use (separately) of functional and analytical cookies through the cookie consent management platform. This consent can be withdrawn at any time through this platform.
4.11. If the User wishes to obtain more information about individual files of these categories, i.e. the name of individual cookies, description of operation, validity period and origin, click on the “Manage cookies” button, which is located in section 6 of the Privacy Policy — “Manage cookies” or the button with the same content available in the footer of each subpage of the Service. After the cookie banner appears, select the “Manage cookies” button and then expand the “Analytical cookies” or “Functional cookies” list, then the “Details” button located under each list.
4.12. These cookies are installed by the Administrator's partners to match the displayed content on social media used by the User. Based on the information from these cookies and activity on other websites or on social media, a profile of interests is built. Thanks to this, the displayed content is tailored to individual needs. Social media cookies do not store personal data directly, but identify the web browser and equipment, and if the User uses the Website using a mobile device, also their location. If the User does not allow the use of these cookies, the Administrator will not be able to prevent the display of the same content or allow likes and shares of the content posted by the Administrator on social media.
4.13. If the User wishes to obtain more information about individual files from this category, i.e. the name of individual files, description of operation, validity period and origin, click on the “Manage cookies” button, which is located in section 6 of the Privacy Policy — “Manage cookies” or the button with the same content available in the footer of each subpage of the Service. After the cookie banner appears, select the “Manage cookies” button and then expand the “Social media cookies” list, followed by the “Details” button located below.
5.1. The Administrator and its Partners use various solutions and tools used for analytical and marketing purposes. Below is the basic information about these tools. Detailed information in this regard can be found in the privacy policy of the respective partner.
5.2. The current and complete list of Partners of the Administrator is available at the following link: situ https://grupaeurocash.pl/zaufani-partnerzy-grupy-eurocash.
5.3. Google Analytics cookies are files used by Google in order to analyze how the User uses the Website, to create statistics and reports on the functioning of the Website. Google does not use the collected data to identify you or combine this information for identification purposes. Detailed information on the scope and rules of data collection in connection with this service can be found at the following link: situ https://www.google.com/intl/pl/policies/privacy/partners.
5.4. The LinkedIn plugin is a tool that allows Service Users to access and view content on LinkedIn pages. The tool may display information available on LinkedIn, search fields that link to information found on LinkedIn.com, LinkedIn ads, or advertisements for third-party products. In addition, as part of the tool, LinkedIn may capture data in order to analyze and track the User's traffic on the Website or to determine his preferences. Detailed information on the scope and rules of data collection in connection with this service can be found at the following link: https://www.linkedin.com/legal/privacy-policy#data
6.1. The use of cookies to collect data through them, including access to data stored on the User's device, requires the User's consent. On the Website, the Administrator receives consent from the User through the cookie consent management platform. This consent may be withdrawn at any time in accordance with the rules described in section 7.4 below.
6.2. Consent is not required only in the case of cookies, the use of which is necessary for the provision of a telecommunications service (data transmission in order to display content) — the User does not have the possibility to opt out of these cookies if he wishes to use the Website.
6.3. In order to receive advertising tailored to the User's preferences, in addition to agreeing to the installation of cookies through the cookie consent management platform, it is necessary to maintain the appropriate browser settings, allowing cookies from the Website to be stored in the User's terminal device.
6.4. Withdrawal of consent to the collection of cookies on the Website is possible through the cookie consent management platform. The user can return to the banner by clicking on the “Manage cookies” button below
or a button with the same content available in the footer of each subpage of the Service.
6.5. After displaying the banner, the User can withdraw his consent by clicking on the button”COOKIE MANAGEMENT“. Then move the slider next to the selected category of cookies and press the button”SAVE SETTINGS AND CLOSE”.
6.6. The user also has the possibility to withdraw consent by changing the browser settings. Detailed information on this can be found at the following links:
6.6.1. Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet explorer-delete-manage-cookies7
6.6.2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
6.6.3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
6.6.4. Opera: http://help.opera.com/Windows/12.10/pl/cookie.html/
6.6.5. Safari: situ https://support.apple.com/kb/PH5042?locale=en-GB.
6.7. You can check the status of your current privacy settings for the browser used at any time using the tools available at the following links:
6.7.1. http://www.youronlinechoices.com/pl/twojewybory
6.7.2. situ http://optout.aboutads.info/?c=2&lang=EN.
6.8. To exercise your rights to access, correct, delete, restrict, transfer, object to the processing of personal data, file a complaint or ask any other question in the field of cookies, please send a request to eurocash@eurocash.pl or other contact details of the Administrator indicated in the Privacy Policy.
7.1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the data are processed for the duration of the provision of the service or the handling of the inquiry, until the withdrawal of the expressed consent or the filing of an effective objection to the processing of data in cases where the legal basis for data processing is the legitimate interest of the Administrator.
7.2. The data processing period may be extended in the event that the processing is necessary for the establishment and exercise of possible claims or defense against claims. After the end of the processing period, the data is irretrievably deleted or anonymized.
RIGHTS OF DATA SUBJECTS
8.1. Data subjects have the following rights:
8.1.1. right to information about the processing of personal data — on this basis, the Administrator provides information about the processing of data to the natural person making the request, including, first of all, the purposes and legal bases of the processing, the scope of the data held, the entities to whom they are disclosed, and the planned date of deletion of the data;
8.1.2. the right to obtain a copy of the data — on this basis, the Administrator provides a copy of the processed data concerning the natural person making the request;
8.1.3. right to rectification — The Controller is obliged to remove any inconsistencies or errors in the processed Personal Data and to supplement them if they are incomplete;
8.1.4. right to erasure of data — on this basis, it is possible to request the deletion of data whose processing is no longer necessary to fulfil any of the purposes for which they were collected;
8.1.5. right to restriction of processing — in the event of such a request, the Controller ceases to perform operations on Personal Data — with the exception of operations to which the data subject has consented — and their storage, in accordance with the adopted retention rules or until the reasons for the restriction of data processing cease (e.g. a decision of the supervisory authority authorizing further processing of data will be issued);
8.1.6. right to data portability — on this basis — to the extent that the data are processed in an automated manner in connection with the concluded contract or given consent — the Controller issues the data provided by the data subject in a format that allows the data to be read by the computer. It is also possible to request the sending of these data to another entity, however, provided that there are technical possibilities in this regard both on the part of the Administrator and the indicated entity;
8.1.7. right to object to the processing of data for marketing purposes — if applicable, the data subject may object to the processing of Personal Data for marketing purposes at any time, without having to justify such objection;
8.1.8. right to object to other purposes of data processing — The data subject may at any time object — for reasons related to his particular situation — to the processing of Personal Data, which is carried out on the basis of the Controller's legitimate interest (e.g. reasons related to the protection of property); the objection in this regard should contain a justification;
8.1.9. right to withdraw consent — if the data is processed on the basis of the consent given, the Data Subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal;
8.1.10. right to complain — if it is considered that the processing of Personal Data violates the provisions of the GDPR or other provisions on the protection of Personal Data, the Data Subject may lodge a complaint with the supervisory authority responsible for the place of habitual residence of the Data Subject, his place of work or the place of commission of the alleged infringement. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
9.1. A request regarding the exercise of the rights of Data Subjects can be made:
9.1.1. in writing to the Administrator's address;
9.1.2. by e-mail to the following e-mail address: iod_ec@eurocash.pl
9.2. The request should, as far as possible, indicate precisely what the request relates to, i.e. in particular:
9.2.1. what right the applicant wishes to exercise (e.g. the right to receive a copy of the data, the right to delete the data, etc.);
9.2.2. what processing process the request relates to (e.g. use of a particular service, activity on a particular website, etc.);
9.2.3. what processing purposes the request relates to (e.g. for purposes related to the provision of services, etc.).
9.3. If the Administrator is unable to identify a natural person on the basis of the submitted request, he will ask the applicant for additional information. Providing such data is not mandatory, but failure to provide them will result in refusal to fulfill the request.
9.4. The request can be made in person or through a proxy (e.g. a family member). For the sake of data security, the Administrator encourages the use of a power of attorney in the form certified by a notary or an authorized legal adviser or lawyer, which will significantly speed up the verification of the authenticity of the request.
9.5. The response to the application should be given within one month of its receipt. If it is necessary to extend this deadline, the Administrator informs the applicant of the reasons for this action.
9.6. In the case where the request is sent to the Administrator electronically, the answer shall be given in the same form, unless the applicant has requested a response in a different form. In other cases, the answer is given in writing. In the event that the deadline for the execution of the request makes it impossible to answer in writing, and the scope of the applicant's data processed by the Administrator allows contact by electronic means, the answer must be given electronically.
10.1. The procedure for applications submitted is free of charge. Charges can only be charged in the case of:
10.1.1. submitting a request for the issuance of the second and each subsequent copy of the data (the first copy of the data is free of charge); in this case, the Administrator may request payment of a fee of PLN 250. The above fee includes the administrative costs associated with the execution of the request;
10.1.2. reporting excessive (e.g. extremely frequent) or manifestly unjustified requests by the same person; in this case, the Administrator may demand payment of a fee of PLN 250. The above fee includes the costs of conducting communication and the costs associated with taking the requested actions;
10.2. In the event of a dispute over the decision to impose a fee, the data subject may lodge a complaint with the supervisory authority responsible for the data subject's habitual residence, place of work or place of the alleged infringement. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
11.1. In certain cases, insofar as it is necessary to achieve the purposes described above, Personal Data will be disclosed to external entities providing services to the Controller (e.g. IT service providers, providers of analytical and marketing tools, analytical and marketing agencies).
11.2. The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
12.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when it is necessary and with an adequate level of protection, in particular by:
12.1.1. cooperation with processors of Personal Data in countries in respect of which the relevant decision of the European Commission has been issued on the determination to ensure an adequate level of protection of Personal Data (for details see herein);
12.1.2. the use of standard contractual clauses issued by the European Commission; together with the additional security measures required, they provide Personal Data with the same protection as they are entitled to in the European Union; model contracts can be found herein;
12.1.3. the application of binding corporate rules approved by the competent supervisory authority.
12.2. In connection with the Administrator's use of Webflow Inc. services, Users' Personal Data is transferred outside the EEA, i.e. to the USA, in order to provide hosting services by this entity to the Administrator. The transfer of Personal Data to a subcontractor of Webflow Inc. in the USA is carried out on the basis of the adequacy decision referred to in point 12.1.1 above, in connection with the subcontractor obtaining an entry in the list of self-certified entities under the program Data Privacy Framework. Current information about the subcontractor's entry in the list of this program is available at the link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TT9jAAG&status=Active
13.1. The Controller carries out a risk analysis on an ongoing basis in order to ensure that Personal Data is processed by him in a secure manner — ensuring, first of all, that only authorized persons have access to the data and only to the extent necessary for the tasks performed by them. The Controller ensures that all operations on Personal Data are recorded and carried out only by authorized employees and collaborators.
13.2. The Controller shall take all necessary measures to ensure that its subcontractors and other cooperating entities guarantee the use of appropriate security measures in each case when they process Personal Data on the Controller's behalf.
14.1. Contact with the Administrator is possible via e-mail kontakt.ogolny@eurocash.pl or the corresponding address of the Administrator.
14.2. The Administrator has appointed a Data Protection Officer, who can be contacted by email iod_ec@eurocash.pl or in writing to the address of the Controller's registered office in any matter concerning the processing of Personal Data.
15.1. The policy is reviewed on an ongoing basis and updated as necessary.
15.2. The current version of the Policy has been adopted and is valid from 20.07.2023.
