I. BASIC TERMS
- Administrator - one.bid sp z o. o. with his registered office at ul. Franciszka Klimczaka 17/107, 02-797 Warsaw, Poland, on the basis of the entry in KRS 0000914354, VAT id: PL7122494202, e-mail address:
- Mobile Application - software intended to be installed on mobile devices, enabling the use of the Administrator's services.
- User - any natural person whose personal data is processed by the Administrator,
- Personal Data - all information relating to an identified or identifiable natural person through one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, as well as device IP, location data, an online identifier and information collected through cookies and other similar technology.
- GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
- Website - an IT solution available at the web address one.bid and possibly at other web addresses, which comprises, among other things, a range of services provided by electronic means to Users.
- Processing of Personal Data - any operations performed on personal data, such as collection, recording, storage, adaptation, alteration, making available and erasure, in particular those performed within IT systems.
- Personal Data Breach - a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
II. PROCESSING OF PERSONAL DATA AND INFORMATION ON FORMS
- The personal data of Website Users may be processed by the Data Administrator:
- when the Website User gives their consent to do so in the forms available on the Website, in order to take actions to which these forms relate (Article 6(1)(a) of the GDPR),
- when processing is necessary for the performance of a contract to which the Website User is a party (Article 6(1)(b) of the GDPR),
- for the purpose of handling complaints - the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR),
- for compliance with a legal obligation to which the Administrator is subject (Article 6(1)(c)),
- for possible establishment, exercise or defence of legal claims - the legal basis for processing is the legitimate interest pursued by the Administrator consisting in protecting his rights (Article 6(1)(f) of the GDPR),
- for marketing purposes of the Administrator, consisting in informing the User about the current offer and new functionalities of the Website - the legal basis for processing is consent (Article 6(1)(a) of the GDPR).
- The Administrator shall process the personal data of Website Users to the extent necessary for the purposes set forth in Section 1 above and for the period necessary to achieve such purposes, or until the Website User withdraws its consent. Failure to provide data by the Website User may in some situations result in the impossibility of achieving the purposes for which the provision of data is necessary.
- The Administrator may send commercial e-mails, provided that the Website User has given their consent to do so.
- The Administrator shall keep a register of the persons authorised to the processing of data. The persons authorised to process data shall be obliged to keep the personal data and the methods of securing it in strict confidence.
- The Administrator and persons authorised to process such data shall apply technical and organisational measures to ensure the protection of the personal data processed.
- By means of forms available on the Website or in order to perform contracts which may be entered into within the Website, the following personal data of the Website User may be collected: first name, surname, address of residence, e-mail address, telephone number.
- The data contained in the forms, provided to the Administrator by the Website User, may be transferred by the Administrator to third parties, cooperating with the Administrator in connection with the achievement of the purposes set out in Section 1.
- A third party having access to personal data shall process it only on the basis of a personal data processing agreement and only upon the Administrator's instructions.
- Data provided in forms available on the Website shall be processed for the purposes resulting from the function of a particular form; furthermore, it may be used by the Administrator also for archival and statistical purposes. The consent of the data subject shall be given by ticking the appropriate box in the form.
- The Website User, where the Website so provides, by ticking the appropriate box in the registration form, may give their consent to receive commercial information by electronic means of communication, in accordance with the Act of 18 July 2002 on Electronic Provision of Services (Journal of Laws of 2002, No. 144, item 1024, as amended). If the Website User has consented to receive commercial information by electronic means of communication, they shall have the right to withdraw such consent at any time. The right to withdraw the consent to receive commercial information shall be exercised by sending by e-mail to the Administrator's address a relevant request together with the first name and surname of the Website User.
- The Administrator shall processes the personal data of Users visiting the Administrator's social media profiles (Facebook, Instagram, YouTube). This data shall be processed in order to inform Users about the Administrator's activities, to offer services, as well as to communicate with Users through the tools available in social media. The legal basis for the processing of personal data for this purpose shall be the legitimate interest pursued by the Administrator (Article 6(1)(f) of the GDPR), consisting in promoting his own brand and the services he offers, as well as building and maintaining a brand-related community.
- Within the Website, the Administrator may automatically adjust certain content to the User's needs, i.e. carry out profiling, using the personal data provided by the User. Such profiling consists mainly in the automatic assessment of the products in which the User may be interested, based on their previous online behaviours, including on the Administrator's websites, and displaying product advertisements profiled in this manner. The profiling carried out by the Administrator does not result in making decisions that produce negative legal effects with regard to the User or affect the User in any other significant way.
III. USER RIGHTS
- Everyone whose data is processed has the following rights:
- the right of access to data and to information on the processing of personal data (Article 15 of the GDPR) - the person making such a request shall be granted access by the Administrator to their data and shall be provided with information about the processing of personal data, the purposes and legal bases for processing, the scope of the data held, the entities to which the personal data is disclosed and the planned date of its erasure;
- the right to obtain a copy of data (Article 15(3) of the GDPR) - the Administrator shall provide a copy of the processed data concerning the person making the request as far as this is possible and does not violate the rights of third parties;
- the right to rectification (Article 16 of the GDPR) - the User has the right to request the rectification of inconsistencies or errors regarding the personal data processed, and to complete or update it if it is incomplete or has changed;
- the right to erasure (Article 17 of the GDPR) - the User may demand erasure of data the processing of which is no longer necessary for any of the purposes for which it was collected;
- the right to restriction of processing (Article 18 of the GDPR) - on this basis the Administrator may cease performing operations on personal data, with the exception of operations to which the data subject has given the consent, and its storage in accordance with the adopted rules of retention, or until the reasons for the restriction of data processing cease to exist (e.g. a decision is issued by a supervisory authority allowing further processing);
- the right to data portability (Article 20 of the GDPR) - on this basis, to the extent that the data is processed in connection with the contract concluded or the consent given, the Administrator may make available the data provided by the data subject;
- the right to object to the processing of data for marketing purposes (Article 21(2) of the GDPR) - the data subject may at any time object to the processing of personal data for marketing purposes, without having to justify such objection;
- the right to object to other purposes of data processing (Article 21 of the GDPR) - the data subject may object to the processing of personal data at any time. The objection in this respect should contain a justification and is subject to the Administrator's review;
- the right to withdraw consent (Article 7(3) of the GDPR) - if the data is processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of processing carried out before the withdrawal of the consent;
- the right to lodge a complaint (Article 77 of the GDPR) - if the processing of personal data is considered to violate the provisions of the GDPR or other data protection legislation, the data subject may lodge a complaint with the supervisory authority - the President of the Personal Data Protection Office: https://uodo.gov.pl/en/484
- A request regarding the exercise of the rights of data subjects may be submitted:
- in writing to the address: ul. Franciszka Klimczaka 17/107, 02-797 Warsaw, Poland
- by e-mail to the following address:
- Any such requests shall be responded to within one month of their receipt If it is necessary to extend this period, the Administrator shall inform the requesting party about the reasons for such extension.
- Responses shall be sent to the e-mail address from which the request was sent, and in the case of requests sent by letter, by registered mail to the address specified by the requesting party, unless the requesting party states in the letter that they want feedback to be sent to the e-mail address (in this case, please provide e-mail address).
IV. COOKIES AND SIMILAR TECHNOLOGY
- Cookie files (so-called "cookies") are computer data, in particular text files, which are stored on the Website User's end device and are intended for using the Website. Cookies usually contain the name of the website from which they originate, their storage time on the end device and a unique number.
- Cookies are used, among others, for the following purposes:
- compiling statistics which help understand how Website Users use websites;
- maintaining the Website User's session thanks to which the User does not have to re-enter the login and password on each sub-page of the Website;
- profiling the User in order to display tailored content in advertising networks, in particular the Google network.
- The Website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored in the User's end device until logging out, leaving the website or disabling the software (web browser). Persistent cookies are stored on the User's end device for the time specified in the parameters of cookies or until they are deleted by the User.
- Web browsing software (web browser) usually allows cookies to be stored on the User's end device by default. Website Users may change their settings in this regard. Web browsers make it possible to delete cookies. It is also possible to automatically block cookies. Detailed information in this respect can be found in the help section or in the web browser documentation.
- monitoring traffic on the Administrator's websites;
- collecting anonymous, aggregate statistics which make it possible to understand how Users use the Administrator's website;
- controlling how often the selected content is shown to Users;
- controlling how often Users choose a particular service;
- examining subscriptions to newsletters;
- using a communication tool;
- integrating with a social networking site;
- online payments.
V. SERVER LOGS
- Using the website involves sending queries to the server that hosts the website. Every inquiry sent to the server is saved in the server logs.
- Logs include, among others, the User's IP address, server date and time, and information about the web browser and the operating system used. Logs are saved and stored on the server.
- The data saved in server logs are not associated with specific website users and are not used by the Administrator to identify the User.
- Server logs only support the website administration, and their content is not disclosed to anyone except those authorised to administer the server.
V. FINAL PROVISIONS
VI. GDPR INFORMATION OBLIGATION
GDPR information obligation