PRIVACY POLICY
elicab.pl
The Polish version is binding. It is a translation and may contain linguistic errors.
§ 1 General Provisions
§ 2 Basis for Processing, Purposes, and Retention of Personal Data
Users' personal data are processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act, the Personal Data Protection Act of May 10, 2018, and the Act on the Provision of Electronic Services of July 18, 2002, along with their subsequent amendments, and for the purpose of making a notification under Article 16(1) of the Regulation of the European Parliament and the Council (EU) 2022/2065 of October 19, 2022, on a single market for digital services and amending Directive 2000/31/EC (Digital Services Act) (OJ L 2022.277.1 as amended; "DSA"), also based on Article 3(h) of the DSA.
The Administrator may collect the following data for the following purposes:
Users' personal data are stored no longer than is necessary to achieve the purpose of processing, i.e., until the withdrawal of consent if processing is based on such consent, until the expiration of claims between the Administrator and the other party regarding the performance of concluded contracts (in the case of sales contracts/service agreements, 2 years from the end of the year) and until the completion of a query submitted by e-mail or until the resolution of a complaint. After this period, the client's personal data will be processed by the Administrator based on Article 6(1)(f) of the GDPR, i.e., for purposes arising from legitimate interests pursued for marketing campaigns.
To the extent necessary for the proper functioning of the website and its features, the site uses user metadata. Metadata refers to the process of reading and recognizing the configuration and components of the user's computer system by the website to adjust the site to its capabilities and establish a secure connection between the user's computer and the website. Importantly, such metadata cannot lead to the identification of the User and are in no way harmful to the data stored on the computer. However, the User has the right to withdraw consent for metadata processing at any time by properly configuring their browser or downloading the appropriate plugin provided by the browser manufacturer. In this regard, you should consult the software manufacturer and its recommendations.
The Administrator may use profiling for direct marketing purposes, but decisions made based on it do not concern the conclusion or refusal to conclude a contract or the ability to use electronic services. The result of profiling may be, for example, granting a discount to a person, sending a discount code, reminding them of incomplete purchases, sending a product offer that may match their interests or preferences, or offering better terms compared to the standard offer. Despite profiling, the individual freely decides whether to take advantage of the received discount or better terms and make a purchase. Profiling involves the automatic analysis or forecasting of a person’s behavior on the Administrator's website, e.g., by adding a specific product to the cart, viewing a specific product page, or analyzing their past activity on the website. The condition for such profiling is that the Administrator has the person's personal data in order to send, for example, a discount code.
To the extent necessary for the proper functioning of the website, its features may, during its use by the User, collect other information, including but not limited to:
a) IP address,
b) device, hardware, and software information, such as hardware identifiers, mobile device identifiers (e.g., Apple Identifier for Advertising [“IDFA”] or advertising identifier on Android devices [“AAID”]),
c) platform type,
d) settings and components,
e) data regarding the web browser, including browser type and preferred language;
Considering the nature, scope, context, and purposes of processing and the risk of rights or freedoms of natural persons with varying probabilities and severity of threats, the Administrator implements appropriate technical and organizational measures to ensure that processing complies with the regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The Administrator uses technical measures to prevent unauthorized access to or modification of personal data transmitted electronically.
§ 3 Data Sharing
The Administrator ensures that all collected personal data is used to fulfill obligations to users. This information will not be shared with third parties except in situations where:
a) explicit consent has been previously given by the persons concerned for such action, or
b) if the obligation to provide this data results or will result from applicable law, e.g., to law enforcement authorities.
Additionally, personal data of service recipients and clients may be shared with the following recipients or categories of recipients:
The Administrator may share anonymized data (i.e., data that does not identify specific Users) with external service providers to better understand the attractiveness of ads and services for users. In this regard, due to the service providers' locations, data may be transferred – ensuring their protection – to third countries that comply with standard contractual clauses approved by the European Commission or have the appropriate authorization for such action based on bilateral data processing agreements between the European Union and the third country, which is not part of the European Economic Area. These entities, in the case of the Administrator, are:
The Administrator always informs about the intention to transfer personal data outside the EEA at the stage of data collection.
The Administrator continually assesses risk to ensure that personal data is processed securely – ensuring that access to data is granted only to authorized individuals and only to the extent necessary based on the tasks they perform. The Administrator ensures that all operations on personal data are recorded and performed only by authorized employees and associates.
The Administrator takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator.
Third-party analytical technologies integrated with the Administrator's services (including SDK [Software Development Kit] and API [Application Programming Interfaces]) may combine data collected from the user's use of the Administrator's site with information that has been gathered separately over time and/or across different platforms. Many of these companies collect and use information based on their own data protection policies, which can be found on their websites. The Administrator encourages users to review these policies.
The Administrator's site may use the functionality of Google Analytics, a web analytics service provided by Google, LLC. ("Google"). Google Analytics uses cookies to help website operators analyze how visitors use the site. Information generated by the cookie about visitors' use of the website is typically transmitted to Google and stored on servers in the United States. In accordance with current IT standards, the IP addresses of users visiting the Administrator's site are shortened. Only in exceptional cases is the full IP address sent to a Google server in the United States and shortened there. On behalf of the Administrator, Google will use this information to evaluate the website for its users, prepare reports on website traffic, and provide other services related to website traffic and internet usage to website operators. Google will not associate the IP address transmitted as part of Google Analytics with any other data held by Google. More information about how Google Analytics collects and uses data can be found on the official Google page at: www.google.com/policies/privacy/partners. Additionally, any user can prevent Google from collecting and processing data about their use of the website by downloading and installing a browser plugin available at: http://tools.google.com/dlpage/gaoptout.
When sharing data with third parties, the Administrator makes every effort to ensure that this is done only to entities meeting the criteria and requirements set out in Article 46 or 49 of the GDPR. Where appropriate, the Administrator will rely on EU standard contractual clauses and other safeguards to facilitate transfers outside the EEA. Following the Court of Justice of the European Union’s ruling of July 16, 2020, the Administrator continues to assess the legal system of the countries to which data is transferred and updates measures as necessary to ensure adequate levels of protection.
Regarding data transfers to the United States, the Administrator, when sharing data with third parties, ensures that this is done, in accordance with the European Commission's decision of July 10, 2023, only to entities and organizations in the USA that comply with the new "EU-US Data Privacy Framework." A list of these organizations has been published by the U.S. Department of Commerce. Transfers of personal data from the EEA to organizations participating in the "EU-US Data Privacy Framework" and listed on this list can occur without the need for additional permits or legal instruments such as standard contractual clauses or binding corporate rules. However, if a data importer in the USA has not joined the "EU-US Data Privacy Framework," transfers to them will be possible only under the conditions set forth in Article 46 or 49 of the GDPR. In such cases, the Administrator will rely on EU standard contractual clauses and other safeguards to facilitate transfers outside the EEA.
A user whose personal data is being processed has the right to:
a) Access, rectification, restriction, deletion, or data portability - the person whose data is being processed has the right to request from the Administrator access to their personal data, its rectification, deletion ("right to be forgotten"), or restriction of processing, and also has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising these rights are outlined in Articles 15-21 of the GDPR.
b) Withdrawal of consent at any time - if personal data is processed by the Administrator based on consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR), the person has the right to withdraw their consent at any time without affecting the legality of the processing carried out based on the consent before its withdrawal.
c) Filing a complaint with a supervisory authority - if a person’s data is being processed by the Administrator, they have the right to file a complaint with a supervisory authority in the manner and mode specified in the GDPR and Polish law, in particular the Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection in Warsaw.
d) Objection - the person whose data is being processed has the right to object at any time – for reasons related to their particular situation – to the processing of their personal data based on Article 6(1)(e) (public interest or tasks) or Article 6(1)(f) (legitimate interest of the administrator), including profiling based on these provisions. In such cases, the Administrator may no longer process these personal data unless they demonstrate the existence of valid legally justified grounds for processing, overriding the interests, rights, and freedoms of the data subject, or for establishing, pursuing, or defending claims.
e) Objection regarding direct marketing - if personal data is processed for direct marketing purposes (based on the Administrator's legitimate interest, not based on the data subject's consent), the person concerned has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.
These rights can be exercised based on a request sent by the user to the email address office@elicab.eu. Such a request should include the user's first and last name.
The user ensures that the data they provide or publish on the site is correct.
Cookies are understood as IT data, in particular, text files, stored on users' end devices (usually on a computer's hard drive or a mobile device) to allow the user's browser to save specific settings and data for using websites. These files allow the user's device to be recognized and the website displayed accordingly, ensuring convenience during its use. Storing cookies enables the website and its offerings to be properly customized to the user's preferences – the server recognizes the user and remembers preferences such as visits, clicks, previous actions.
Cookies particularly contain the domain name of the website they originate from, the time of storage on the end device, and a unique number used to identify the browser connecting to the website.
Cookies are used for:
a) Customizing website content to user preferences and optimizing website use,
b) Creating anonymous statistics, which help determine how the user uses websites to improve their structure and content,
c) Providing users with website content tailored to their interests.
Cookies are not used to identify the user, and their identity is not established based on them.
The primary division of cookies is their distinction into:
a) Essential cookies - absolutely necessary for the proper functioning of the website or the functionalities that the user wants to use, without which we could not provide many of the services we offer. Some of them also ensure the security of services provided electronically.
b) Functional cookies - important for the operation of the website because they:
- enrich the website's functionality; without them, the website will function correctly but will not be tailored to the user's preferences,
- ensure a high level of website functionality; without them, the website's functionality may be reduced, but the site should remain usable,
- provide most of the website's functionality; blocking them will result in certain functions not working correctly.
c) Business cookies - enable the realization of the business model on which the website is based; blocking them will not result in the website becoming unavailable, but it may reduce the level of service provision due to the lack of the ability for the site owner to generate revenues supporting its operation. This category includes, for example, advertising cookies.
d) Website configuration cookies - allow the setting of functions and services on websites.
e) Security and reliability cookies - enable verification of authenticity and optimization of website performance.
f) Authentication cookies - allow information when a user is logged in, so the website can display relevant information and functions.
g) Session cookies - store information about how users use the website. They can refer to the most frequently visited pages or potential error messages displayed on certain pages. Session cookies help improve services and enhance the comfort of browsing the pages.
h) Process cookies - allow the website and its available functionalities to function efficiently.
i) Advertising cookies - enable the display of ads that are more interesting to users and more valuable to publishers and advertisers; cookies may also be used for personalizing ads and displaying them outside of websites.
j) Location cookies - allow adjusting the displayed information to the user's location.
k) Analytics cookies - allow the website owner to better understand user preferences and, through analysis, improve and develop products and services. Usually, the website owner or a research firm collects information anonymously and processes data about trends without identifying personal data of individual users.
l) Harmless cookies - include cookies essential for the proper functioning of the website and needed to enable the website's functionality, although their operation is unrelated to tracking the user.
m) Tracking cookies - used to track users, but they do not include information that can identify a specific user without other data.
The use of "cookies" to adapt the content of websites to user preferences does not generally mean collecting any information that allows for the identification of the user, although this information may sometimes be of the nature of personal data, i.e. data that allows for the attribution of certain behaviors to a specific user. Personal data collected using "cookies" files may be collected only for the purpose of performing specific functions for the user. Such data is encrypted in a way that prevents access by unauthorized persons.
Cookies used by this website are not harmful to the user or the end device used by him, therefore, in order for the website to function properly, it is recommended not to disable their support in browsers. In many cases, software used to browse websites (internet browser) by default allows for the storage of information in the form of "cookies" files and other similar technologies on the user's end device. The user may change the way in which the browser uses "cookies" files at any time. To do this, change the browser settings. The method of changing the settings differs depending on the software used (internet browser). You will find appropriate instructions on the subpages, depending on the browser you are using.
Cookies are also used to facilitate logging into a user's account, including via social media, and to enable switching between subpages on websites without having to log in again on each subpage. At the same time, cookies are used to secure websites, e.g. to prevent access by unauthorized persons.
As part of cookie technology, the Administrator may use tracking pixels or clear GIF files to collect information on how the user uses its services and how they respond to marketing messages sent by e-mail. A pixel is a software code that allows an object to be embedded on a website, usually a pixel-sized image, which allows for tracking user behavior on websites on which it is placed. After expressing appropriate consent, the browser automatically establishes a direct connection to the server storing the pixel, therefore the processing of data collected by the pixel takes place within the framework of the data protection policy of the partner who administers the aforementioned server.
The Administrator may use Internet log files (which contain technical data such as the user's IP address) to monitor traffic within its services, troubleshoot technical issues, detect and prevent fraud, and enforce the User Agreement.
The Administrator informs that the site does not respond to DNT (Do Not Track) signals, but the user can disable certain forms of online tracking, including some analytics and personalized ads, by changing the cookie settings in their browser or using our cookie consent tools (if applicable).
Detailed information on changing the settings for Cookies and their independent removal in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the appropriate link):
a) Google Chrome
b) Mozilla Firefox
c) Microsoft Edge
d) Opera
e) Safari macOS
Detailed information about managing cookies on a mobile phone or other mobile device should be found in the user manual for the mobile device.