- The ioze.pl website (hereinafter referred to as the “Website”) is maintained by Enerko Energy Sp. z o. o., ul. Skrajna 41a, 25-650 Kielce, entered into the Register of Entrepreneurs kept by the District Court in Kielce, 10th Commercial Division of the National Court Register under KRS no.: 0000408089, NIP (Tax Identification Number): 9591947172, REGON (National Business Register Number): 260578795, holding share capital of PLN 50,000 (hereinafter referred to as the “Controller”).
- Data of the Website’s Users (hereinafter referred to as the “Users”), including personal data, may be collected, processed and used within the scope of the Website’s operation.
- The Users’ data may be collected as a result of their voluntary provision by the Users, or the use of both first-party and third-party cookies.
- The controller of Users’ personal data is Enerko Energy Sp. z o. o., ul. Skrajna 41a, 25-650 Kielce, entered into the Register of Entrepreneurs kept by the District Court in Kielce, 10th Commercial Division of the National Court Register under KRS no.: 0000408089, NIP (Tax Identification Number): 9591947172, REGON (National Business Register Number): 260578795.
- Through the Website, the Controller may collect and subsequently process personal data for purposes such as:
- contacting the User, provided that they completed the contact form, which constitutes a legitimate interest of the Controller, pursuant to Art. 6 sec. 1 (f) of the GDPR;
- conducting direct marketing of the Controller’s products and services, particularly sending a newsletter, which constitutes a legitimate interest of the Controller, pursuant to Art. 6 sec. 1 (f) of the GDPR;
- maintaining statistics and analysing the Users’ behaviour on the Website, which constitutes a legitimate interest of the Controller, pursuant to Art. 6 sec. 1 (f) of the GDPR.
- The Controller may make personal data available to its subcontractors (entities whose services the Controller uses for data processing), including:
- IT service providers (e.g. email tool providers, hosting providers);
- marketing service providers.
- The Controller shall not transfer personal data beyond the European Economic Area, except for making personal data available to Google LLC, which processes such data on behalf of the Controller in connection with the Controller’s use of Google Analytics. Data transfers beyond the European Economic Area as part of this service shall be made based on the standard contractual clauses.
- Personal data are processed for the purposes of:
- contacting the User – personal data are processed for a period of 10 years from the date of their collection;
- conducting direct marketing of the Controller’s products and services – personal data are processed until an objection is raised against their processing for this purpose, the consent is withdrawn (for the receipt of commercial information), or the Controller decides to erase the data;
- maintaining statistics and analysing the Users’ behaviour on the Website, which constitutes a legitimate interest of the Controller – personal data are processed for a period of 10 years from the date of their collection.
- The Data Subject is entitled to the following rights:
- the right to access the personal data provided and obtain a copy of such personal data;
- the right to rectify personal data;
- the right to erase personal data;
- the right to request the restriction of personal data processing;
- the right to transfer personal data;
- the right to object to the processing of personal data;
- the right to submit a complaint to the supervisory body.
- If the processing of personal data takes place based on the consent granted by the Data Subject, the Data Subject has the right to withdraw such consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing which had been carried out based on such consent before its withdrawal.
- The Data Subjects may contact the Controller in order to fulfil the aforementioned provisions.
- Cookies are IT data, particularly text files, which are stored on the User’s end device and intended for the use of websites. Cookies usually contain the name of the website from which they were derived, the period of their storage on the end device, the content (e.g. action identifiers) and a unique number.
- The cookies are used for:
- adjusting the content of the Website to the User’s preferences and optimising the use of the Website. Specifically, these files enable recognising the User’s device and adequately display the Website by adjusting its form to the User’s needs and preferences;
- compiling statistics and analyses regarding the use of the Website.
- The Website uses two basic types of cookies: “session” cookies (session storage) and “persistent” cookies (local storage). “Session” cookies are temporary files stored on the User’s end device until the session expires (e.g. the User exits the Website, deletes cookies, or disables software). “Persistent” cookies are kept on the User’s end device for a period set in the cookies parameters or until the cookies are deleted by the User.
- The default settings of web browsers usually allow for the storing of cookies on the end devices of websites’ users. The default settings may be changed by the User.
- The Controller informs that, according to the provisions of the Telecommunications Law, the consent granted by the end user to store data, or to gain access to data already stored in the end user’s telecommunication end device may also be expressed by the User via software settings installed on the User’s end device. In the event the User does not wish to grant such consent, they should change their web browser settings.
- Detailed information on the method of changing the web browser’s cookie settings and deleting them may be found on the official websites of individual web browsers. In particular, the above information may be found on the following websites:
Tools applied on the Website
- On the Website, the Controller uses Google Analytics provided by Google.
- Google LLC has its registered office in the USA, which is beyond the European Economic Area.
- Data transfers beyond the European Economic Area as part of this service shall be made based on the standard contractual clauses.
- The Users may prevent the use of their personal data by Google Analytics. For more information on how to do this, see https://tools.google.com/dlpage/gaoptout.
- The Controller uses Facebook Pixel.
- This tool is provided by Facebook, Inc. which has its registered office in the USA and thus beyond the European Economic Area. Facebook, Inc. has joined the EU-U.S. Privacy Shield programme and ensures an appropriate level of data protection.
- Facebook Pixel is a tool which allows displaying advertisements adjusted to the User’s preferences on facebook.com and aiding in measuring the effectiveness of advertisements.
- For more information on rules of data processing by Facebook, Inc., see https://www.facebook.com/privacy/explanation.
- On the Website, the Controller uses the Hotjar tool.
- This tool is provided by Hotjar Limited, which has its registered office in Malta.
- The tool aims to analyse the User’s behaviour during the use of the Website. Hotjar records how the User navigates on the Website (e.g. the cursor movement). However, the Controller does not obtain any other User’s data by means of this tool. The Controller uses Hotjar only to analyse and optimise the functioning of the Website.
- The User may disable the possibility of having their behaviour on the Website analysed. For more information, see https://www.hotjar.com/legal/compliance/opt-out.
- he Controller uses the Albacross tool.
- This tool is provided by Albacross Nordic AB, which has its registered office in Sweden.
- Albacross allows identifying anonymous visits to the Website and determining (in some cases) with which business the User may be linked.
- Information collected from cookies stored in the Users’ end devices that may constitute personal data shall be processed by Albacross Nordic AB. Albacross Nordic AB offers services related to the identification and targeting of advertisements. The purpose of data processing by Albacross Nordic AB is to improve services provided by the Controller (e.g. “Lead Generation” service) by adding the data into a database of businesses maintained by Albacross Nordic AB. The aforementioned database shall also be used to target businesses in terms of advertising purposes and share data with third-party service providers (targeted advertisements concern businesses and not individual persons). The data collected and used by Albacross to fulfil this objective consist in the information on the IP address used by the User to visit the Website and technical information that allows Albacross to distinguish the Users using the same IP address. Albacross stores the domain from the input form in order to correlate the IP address with the employer of the User.
- The User may submit a request for Albacross Nordic AB to cease such processing of the User’s personal data at any time. Such a request may be submitted directly to the Controller or Albacross Nordic AB, at Albacross Nordic AB, Kungsgatan 26, 111 35 Stockholm, Sweden, www.albacross.com, email@example.com.
- For more information on the functioning of Albacross, see https://albacross.com/privacy-policy/.