PRIVACY POLICY

I. ENTRY

On May 25, 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/ 46 / EC (hereinafter: “GDPR”). The GDPR applies in the same scope in all European Union countries, and therefore also in Poland, and introduces a number of changes to the rules governing the processing of personal data that will affect many areas of life, including the use of online services, such as services provided as part of the website maintained at https://zana.pl/.

II. PERSONAL DATA ADMINISTRATOR

§ 1

1. The administrator of personal data is – Centrum Zana Holding Spółka z ograniczoną odpowiedzialnością Spółka komandytowa with its registered office in Lublin, ul. Nałęczowska 14,20-701 Lublin entered into the court register of entrepreneurs of the National Court Register kept by the District Court Lublin-Wschód in Lublin with its registered office in Świdnik, VI Commercial Division of the National Court Register under the number KRS 000050221, NIP: 7123286204, REGON: 061664646.

2. Contact with the Administrator is possible via phone (81) 458 11 90 or via the correspondence address indicated above.

3. This privacy policy was created for the website run by the Administrator at https://zana.pl. The website will hereinafter also be referred to as the “Website”.

4. The administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him are processed in accordance with the law: collected for specific, lawful purposes and not subjected to further processing inconsistent with these purposes; factually correct and adequate in relation to the purposes for which they are processed and stored in a form that allows the identification of the persons they concern, no longer than it is necessary to achieve the purpose of processing.

III. PERSONAL DATA

§ 2

Types of data processed

As part of the Website, the Administrator will process the following data of the User who directs the content contained in the contact form on the Website through the provided form – name and surname, telephone number, e-mail address.

§ 3

Purposes and legal grounds for data processing

1. Personal data concerning Users using the Website are processed in order to identify the User who directs the content contained in the contact form on the Website, to handle his inquiry sent via the provided form, to respond to the notification, to prepare and send commercial offers, to ensure full administrative service of the Website , hosting.

2. The data may be processed for marketing purposes: including profiling and for analytical purposes, as well as for the use of cookies necessary for the proper operation and display of the website.

3. The legal basis for processing is the User’s consent (Article 6(1)(b) of the GDPR);

4. The basis for processing may in some cases be the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) – which is matching the content of the Website and its functionality to the User’s interests as well as detecting abuses and statistical measurements and improving the Website.

§ 4

1. The User provides personal data voluntarily.

2. The User’s data entered in the order form are entered into the appropriate file kept by the Personal Data Administrator.

§ 5

Information about the recipients of personal data

1. Personal data to the extent indicated in § 2 may be entrusted to external entities only for purposes related to the operation of the Website.

2. Personal data in the scope indicated in § 2 may also be entrusted to companies from the “Centrum Zana group”, respectively, i.e.:

  • Centrum Zana Holding a limited liability company with its registered office in Lublin;
  • Centrum Zana Studio Residence Spółka z ograniczoną odpowiedzialnością Spółka Jawna with its registered office in Lublin;
  • Centrum Zana Studio Residence to a limited liability company with its registered office in Lublin;
  • Centrum Zana Spółka z ograniczoną odpowiedzialnością to Spółka Komandytowa Witosa with its registered office in Lublin;
  • Centrum Zana Spółka z ograniczoną odpowiedzialnością with its registered office in Lublin.

in order to identify the User who directs the content contained in the contact form on the Website and to handle his inquiry sent via the provided form, i.e. min. in order to respond to the notification, prepare and send a commercial offer in response to the notification sent via the contact form, provide full administration of the Website, hosting.

3. Transfer of personal data to the entities indicated in sec. 2 will take place only if the inquiry sent via the contact form directly or indirectly relates to the activity of this entity, the investment carried out by it, or otherwise remains in connection with this entity.

4. The entities processing personal data on behalf of the Administrator are: the entity providing cloud systems, advertising agencies, providers of IT services and analytical tools.

§ 6

The period of personal data processing

1. The period of data processing by the Administrator depends on the purpose of processing. As a rule, data is processed for the duration of the service, until the consent is withdrawn or an effective objection to data processing is submitted in cases where the legal basis for data processing is the Administrator’s legitimate interest.

2. The criteria for determining the period of data processing are as follows:

a) if the basis for processing is the consent expressed by the User – the period of personal data storage lasts until the purpose of processing ceases or the User withdraws consent to the processing of his data;

b) if the basis for processing is a legitimate interest pursued by the Administrator – the period of personal data storage depends on the circumstances indicating the existence of an interest on the part of the Administrator;

c) if the basis for processing is related to a legal obligation incumbent on the Administrator – the period of personal data storage results from specific legal provisions that impose an obligation on the administrator to store data.

3. Personal data processed in the scope of conducting marketing activities are processed for the duration of their conduct by the Administrator or the User’s objection to further processing of personal data for marketing purposes or withdrawal of consent to the sending of marketing information.

§ 7

User’s rights in relation to his personal data

1. The User has the right to request the Administrator to access their personal data, request their rectification, deletion or limitation of processing, as well as object to the processing of personal data and the right to transfer personal data, in accordance with the applicable provisions of the law on the protection of personal data.

2. The user has the right to withdraw consent to the processing of personal data at any time without affecting the legality of the processing that was made on the basis of consent before its withdrawal.

3. In cases where the processing of personal data is inconsistent with the provisions of the law on the protection of personal data, the User is entitled to lodge a complaint with the body supervising the processing of personal data of the President of the Office for Personal Data Protection.

IV. COOKIES POLICY

§ 8

1. The website does not automatically collect any information, except for information contained in cookie files.

2. Cookie files (so-called “cookies”) are IT data, in particular text files, which are stored on the Website User’s end device and are intended for using the Website. Cookie files usually contain the name of the website they come from, their storage time on the end device and a unique number.

§ 9

1. Cookies are used for the purposes of:

a) adapting the content of the Website to the User’s preferences and optimizing the use of websites; in particular, these files allow to recognize the device of the Website User and properly display the website, tailored to his individual needs;

b) advertising and statistical, i.e. creating statistics that help to understand how Website Users use websites, which allows improving their structure and content and targeting advertisements, including non-personalized and personalized (so-called remarketing).

2. This takes place relatively rarely, as it is not a typical practice of the Administrator, but trusted partners of the Administrator may use targeting and profiling to monitor preferences, interests, locations, and behavior of Users for advertising purposes.

3. For this reason, you should accept the privacy policy containing the cookie policy when you first enter the Website. Acceptance of the policy is, for reasons of a technological nature, a prerequisite for using the website. An alternative is to block cookies yourself in the browser settings.

§ 10

As part of the Website maintained by the Administrator, the following types of cookies may be used:

a) “necessary” cookies, enabling the use of services available on the Website, e.g. authentication cookies used for services requiring authentication within the website;

b) cookies used to ensure security, e.g. used to detect fraud in the field of authentication within the Website;

c) cookies, enabling the collection of information on how the Website is used;

d) “advertising” cookies, enabling the provision of advertising content to users more tailored to their interests.

§ 11

Additional information on selected companies to which we entrust data processing

The administrator uses the systems of specialized companies, which may involve entrusting them with data processing. Some of these companies are outside the European Economic Area but are covered by the EU-US Privacy Shield (www.privacyshield.gov/list).

These are advertising and analytical systems: on the servers of these companies, information about the views and clicks on the Administrator’s ads and about the content viewed on the website is collected. Thanks to the cookie file, and sometimes also the User’s email address and the fact that he logs into the systems of these companies, they are able to associate impressions and clicks with previous visits.

On this basis, the Administrator evaluates the effectiveness of marketing and may order the display of advertisements depending on what the User has previously viewed on the website (remarketing). However, this is done anonymously – the Administrator does not know whose data he is analyzing. Advertisements are displayed to a large group of anonymous users meeting certain criteria and the Administrator does not know to whom these advertisements are displayed.

These systems inform about their privacy policy and give the User influence on what information can be used by advertisers:

Google: Adwords, DoubleClick, Google Analytics (analytical and advertising functions). At any time, you can check what advertising information Google collects about you and block Google from personalizing ads: adssettings.google.com. It is possible to easily block tracking by Google Analytics: tools.google.com. You can read more about Google’s privacy policy here: policies.google.com/privacy.

Facebook (including Instagram): On this page you will find information about the privacy policy and advertising settings facebook.com/help, https://www.facebook.com/about/privacy, https://help.instagram.com/155833707900388.

It is possible to opt out of tracking by these and many other advertising systems on the website networkadvertising.org.

§ 12

In many cases, the software used for browsing websites (web browser) allows cookies to be stored on the user’s end device by default. Users can change the cookie settings at any time. These settings can be changed, in particular in such a way as to block the automatic handling of cookies in the web browser settings or inform about each time they are placed on the website user’s device. Detailed information on the possibilities and ways of handling cookies are available in the software (web browser) settings. Failure to change the cookie settings means that they will be placed on the user’s end device, and thus we will store information on the user’s end device and gain access to this information.

V. FINAL PROVISIONS

§ 13

The policy is verified on an ongoing basis and updated if necessary.