1. WHAT IS THE PRIVACY POLICY?

We would like to inform you about the details of how we process your personal data, to give you full knowledge and comfort when using our website.

As we operate in the internet industry ourselves, we know how important the protection of your personal data is. Therefore, we make special efforts to protect your privacy and the information you provide to us.

We carefully select and apply appropriate technical measures, particularly those of a programming and organizational nature, ensuring the protection of processed personal data. Our website uses encrypted data transmission (SSL), which protects your identifying data.

In our Privacy Policy, you will find all the most important information regarding our processing of your personal data.

Please read it, and we promise it will not take you more than a few minutes.

1.1. Who is the website administrator?

The administrator of the website www.hejne.pl is KANCELARIA USŁUG KSIĘGOWYCH HEJNE SPÓŁKA KOMANDYTOWA with its registered office in Gdańsk, ul. Bitwy Oliwskiej 22, 80-339 Gdańsk, registered by the District Court Gdańsk-Północ in Gdańsk, VII Commercial Division of the National Court Register, KRS number: 0000593560, NIP: 5842745803, REGON: 363295770.

2. PERSONAL DATA

2.1. Which legal act regulates the processing of your personal data?

Your personal data is collected and processed by us in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1), commonly referred to as: GDPR. To the extent not regulated by the GDPR, the processing of personal data is regulated by the Personal Data Protection Act of May 10, 2018.

2.2. Who is the administrator of your personal data?

The administrator of your personal data is:
Kancelaria Usług Księgowych Hejne S.K. with its registered office in Gdańsk
ul. Bitwy Oliwskiej 22, 80-339 Gdańsk
KRS: 0000593560, NIP: 5842745803
phone: 58 58 58 913
e-mail: kancelaria@hejne.pl

You can contact us regarding your personal data via:

• traditional mail at: ul. Bitwy Oliwskiej 22, 80-339 Gdańsk,
• email at: kancelaria@hejne.pl,
• phone number: 58 58 58 913,
• the contact form available on our website.

2.3. What personal data do we process and for what purposes?

On our website, we offer you many different services, for which purposes we process various personal data, based on different legal grounds.

2.4. DATA PROCESSING PERIOD

1. Personal data will be processed by the Controller, as a rule, for the period necessary to fulfill orders, provide services and deliver functionality, conduct marketing activities, and perform other services for the customer. Personal data will be deleted by the Controller in the following cases:
   • when the data subject requests their deletion or withdraws consent;
   • when the data subject has not taken any action for more than 3 years (inactive contact);
   • upon receiving information that the stored data is outdated or inaccurate;
   • when the data subject submits a valid objection to the processing of their personal data by the Controller, where the legal basis for processing personal data is the Controller’s legitimate interest.

Certain data, such as email address, first name and last name, postal address, and telephone number, may be additionally retained by us for the period necessary to pursue potential claims or defend against claims by individuals, for evidentiary purposes regarding claims related to the services we provide, as well as for handling complaints, grievances, or other requests—until the expiration of the limitation period for claims. This data will not be used by us for marketing purposes.

Data relating to orders and paid services, to the extent necessary for maintaining accounting records and settlements, will be retained for the period required by applicable law, including in particular accounting and bookkeeping regulations.

Your data collected through cookies and similar mechanisms will be retained for a period corresponding to the lifecycle of cookies stored on devices or until you delete them from your device. Details regarding the lifespan of a particular cookie can be found in the cookie-related provisions in the further part of this document.

2.5. Voluntary provision of personal data

Providing the required personal data is voluntary, but it is a condition for us to provide services to you (e.g., sending a newsletter).

2.6. Recipients of personal data

According to Art. 4 of the GDPR, a recipient means a natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether a third party or not.

Due to the purposes of personal data processing indicated by us, your personal data may be transferred to the following categories of recipients:

• state authorities, e.g., prosecutor’s office, Police, President of the Personal Data Protection Office (PUODO), if they request it from the Administrator, indicating the legal basis for their demands;
• service providers with whom the Administrator cooperates, particularly in the scope of fulfilling sales contracts or enabling payment processing, as well as to enable the use of the Website’s pages, support and maintenance of the Website’s IT resources, and entities providing accounting services to the Administrator. Depending on contractual arrangements and circumstances, these entities act on behalf of the Administrator or independently determine the purposes and methods of their processing;
• personal data may also be transferred to other entities – providers of tools whose cookies are used. Information about these entities and the purposes of using cookies is contained in further provisions of this document.

The current list of entities to whom we disclose your personal data can be found here.

The aforementioned providers are mainly based in countries of the European Economic Area (EEA). However, we may commission certain activities to recognized subcontractors operating outside the EEA. Your personal data transferred outside the EEA will be secured with appropriate legal safeguards to ensure that the receiving providers guarantee a high level of personal data protection. These guarantees result in particular from the obligation to apply standard contractual clauses adopted by the EU Commission or binding corporate rules appropriately approved by the supervisory authority within the meaning of the GDPR.

The method of data security complies with the principles set out in Chapter V of the GDPR. You can always ask us to provide additional information on the safeguards applied in this regard, obtain a copy of these safeguards, and information on where they are disclosed. Additionally, we will inform you of any intention to transfer personal data outside the EEA at the stage of collecting personal data.

2.7. Automated decision-making

As part of our website, we undertake actions aimed at monitoring your activity and analyzing these actions, however, we do not make automated decisions with significant effects within the meaning of the GDPR, including profiling. Information about personalized advertisements can be found later in this document, concerning Cookies.

2.8. What rights do you have in connection with our processing of your personal data?

Based on the GDPR, you have the right to:

• request access to your personal data,
• request rectification of your personal data,
• request erasure of your personal data,
• request restriction of processing of personal data,
• object to the processing of personal data,
• request data portability,
• withdraw consent to the processing of personal data,
• lodge a complaint with a supervisory authority.

You can exercise all the above-mentioned rights by contacting us at the contact addresses provided above.

If you submit any of the above requests, we will provide you with information about the actions taken in response to your request without undue delay – and in any case within one month of receiving the request.

If necessary, we may extend the one-month period by another two months due to the complex nature of the request or the number of requests.

In any case, we will inform you within one month of receiving the request about the extension of the deadline and provide reasons for the delay.

2.8.1. Right of access to personal data (Art. 15 GDPR)

You have the right to obtain information as to whether we are processing your personal data.

If we are processing your personal data, you have the right to:

• access personal data,
• obtain information about the purposes of processing, categories of processed personal data, recipients or categories of recipients of such data, the planned period of storage of your data or the criteria for determining this period, your rights under the GDPR and the right to lodge a complaint with the President of the Personal Data Protection Office, the source of this data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of this data outside the European Union,
• obtain a copy of your personal data.

If you wish to request access to your personal data, please send your request to the email address: kancelaria@hejne.pl.

2.8.2. Right to rectification of personal data (Art. 16 GDPR)

If your personal data is incorrect, you have the right to request us to rectify your personal data without undue delay. You also have the right to request us to complete your personal data.

If you wish to request rectification or completion of your personal data, please send your request to: kancelaria@hejne.pl.

2.8.3. Right to erasure of personal data, the so-called “right to be forgotten” (Art. 17 GDPR)

You have the right to request the erasure of your personal data when:

• your personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
• you have withdrawn specific consent, to the extent that personal data was processed based on your consent,
• your personal data has been unlawfully processed,
• you have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing of personal data is related to direct marketing,
• you have objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by us or a third party.

Despite submitting a request for erasure of personal data, we may continue to process your data for the purpose of establishing, exercising, or defending claims, about which you will be informed.

If you wish to request the erasure of your personal data, please send your request to: kancelaria@hejne.pl.

2.8.4. Right to request restriction of personal data processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data when:

• you contest the accuracy of your personal data – in such a case, we will restrict the processing of your personal data for a period enabling us to verify the accuracy of these data,
• the processing of your data is unlawful, and instead of erasure of personal data, you request the restriction of processing of your personal data,
• your personal data are no longer needed for the purposes of processing, but they are required for the establishment, exercise, or defense of your claims,
• you have objected to the processing of your personal data – pending the verification whether our legitimate interests override the grounds indicated in your objection.

If you wish to request the restriction of processing of your personal data, please send your request to: kancelaria@hejne.pl.

2.8.5. Right to object to the processing of personal data (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data, including profiling, in connection with:

• processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by the personal data Administrator or a third party,
• processing for direct marketing purposes.

If you wish to object to the processing of your personal data, please send your request to: kancelaria@hejne.pl.

2.8.6. Right to request data portability (Art. 20 GDPR)

You have the right to receive your personal data from us in a structured, commonly used, machine-readable format and to transmit it to another personal data administrator.

By default, we will provide you with your personal data in CSV format. If you prefer the data to be provided to you in a different format, please indicate your preferred format in your request. We will endeavor to provide you with the data in your preferred format, if possible.

You may also request that we transmit your personal data directly to another administrator (if technically feasible).

If you wish to request the portability of your personal data, please send your request to: kancelaria@hejne.pl.

2.9. Right to withdraw consent to the processing of personal data

You can withdraw your consent to the processing of your personal data at any time.

The withdrawal of consent to the processing of personal data does not affect the lawfulness of processing carried out by us based on your consent before its withdrawal.

If you wish to withdraw consent to the processing of your personal data, please send your request to: kancelaria@hejne.pl.

2.10. Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

In Poland, the supervisory authority within the meaning of the GDPR is the President of the Personal Data Protection Office.

More information can be found here.

3. PERSONALIZED ADVERTISEMENTS AND SOCIAL PLUGINS

1. We may use your personal data to prepare and present personalized advertisements to you, including through the use of third-party tools and Cookies, as further specified in the Cookies section of this document.
2. Due to the possibility of us using so-called social plugins and other similarly operating social tools on social networking sites and similar platforms, such as: Facebook.com, Google.com, as well as sharing content or recommendations with other users of these services within your account with the provider of a given portal, the providers of these services may also process your personal data as independent administrators. Detailed rules for the processing of personal data by social media administrators can be found on the websites of the respective services/providers.
3. When you visit our website, the browser you use may establish a direct connection with the servers of the entities providing these plugins/tools, whereby these entities receive information about your use of our website and, among other things, your IP address. Such information may be transmitted regardless of whether you have an account with such an entity or whether you are currently logged in to it. If you have an account with such an entity and are logged in, this information may additionally be linked and assigned to your account on the social networking site.
4. If you use a plugin, information about it may also be sent directly to that entity. Certain content may also be published within the Client’s profile on social networking sites and visible to other users of such portals, particularly those with whom you establish relationships.
5. If you do not want plugin/tool/social media providers to assign your data collected during your visit to our website, you should log out of that social media service before visiting our website. You can also prevent plugins from loading on the page by using appropriate mechanisms in the browser you are using – according to its settings.
6. We strive to exercise all due diligence in selecting only software, including the aforementioned plugins, from reputable entities that broadly define their personal data protection policies. The purposes, scope, and rules for collecting and further processing personal data by these entities can be found in their privacy policies. We encourage you to familiarize yourself with them directly from the respective providers, e.g., at the following addresses: http://www.facebook.com/policy.php.

4. COOKIES

4.1. General Information

Our website uses “cookies” (hereinafter referred to as: “Cookies” or “Cookie Files”), which are small text files saved on your end device in connection with your use of our website. Their purpose is to ensure the proper functioning of our website.

These files allow us to identify the software you use and adapt our website individually to your needs.

Cookie files typically contain the name of the domain from which they originate, their storage time on the device, and an assigned value.

4.2. Security

The Cookies we use are safe for your devices. In particular, it is not possible for viruses or other unwanted or malicious software to penetrate your devices through Cookies.

4.3. Types of Cookies

We use two types of Cookies:

• Session Cookies: are stored on your device and remain there until the end of the browser session. The saved information is then permanently deleted from your device’s memory. The Session Cookie mechanism does not allow the collection of any personal data or confidential information from your device.
• Persistent Cookies: are stored on your device and remain there until they are deleted. Ending a browser session or turning off the device does not remove them from your device. The Persistent Cookie mechanism does not allow the collection of any personal data or confidential information from your device.

4.4. Purposes of using Cookies

We also use third-party Cookies for the following purposes:

• configuring our website;
• creating statistics that help understand how you use websites, which allows for improving their structure and content through Google Analytics analytical tools, administered by Google Ireland Ltd. with its registered office in Ireland. Google’s privacy policy is available at the following links: http://www.google.com/intl/pl/policies/privacy/, http://www.google.com/intl/pl/policies/privacy/partners/;
• determining your user profile to display tailored content in advertising networks, using the Google AdSense online advertising tool, administered by Google Ireland Ltd. with its registered office in Ireland. Google’s privacy policy is available at the following links: http://www.google.com/intl/pl/policies/privacy/, http://www.google.com/intl/pl/policies/privacy/partners/;
• determining your user profile to display tailored content in advertising networks, using the Google Adwords online advertising tool, administered by Google Ireland Ltd. with its registered office in Ireland. Google’s privacy policy is available at the following links: http://www.google.com/intl/pl/policies/privacy/, http://www.google.com/intl/pl/policies/privacy/partners/;
• promoting our website through the Facebook.com social network, administered by Facebook Ireland Ltd. with its registered office in Ireland. Facebook’s privacy policy is available at the following link: https://www.facebook.com/help/cookies.

To learn about the rules for using Cookies, we recommend familiarizing yourself with the privacy policies of the aforementioned companies.

4.5. Personalized Advertisements

Cookies may be used by advertising networks, particularly the Google network, to display advertisements tailored to your preferences. For this purpose, information about your browsing behavior on the network or the time you use our website may be stored.

Personalized advertisements (sometimes also referred to as interest-based advertisements) are tools that can increase the relevance of advertisements to the user’s preferences and interests.

4.6. Editing, enabling, blocking Cookies

To view and edit information about your preferences collected by the Google advertising network, you can use the tool available at: https://www.google.com/ads/preferences/.

Using your web browser settings or service configuration, you can independently and at any time change the settings regarding Cookies, specifying the conditions for their storage and access by Cookies to your device. You can change these settings to block the automatic handling of Cookies in your web browser settings or to inform you each time they are placed on your device. Detailed information on the possibilities and methods of handling Cookies is available in your software settings (web browser).

At the same time, you can also disable or withdraw consent for the use of third-party Cookies, as well as remarketing pixels, by using Network Advertising, at: https://optout.networkadvertising.org/?c=1.