1. General Terms
Administrator. Its purpose is to define the principles, manner of processing and use of data
and information collected from users of websites administered by the Administrator and
from individuals making their data available to the Administrator in other electronic or paper
form. It also contains information on the rights of natural persons in relation to personal
data made available by them.
2. Administrator Danych Osobowych
2.1. Administrator of data shared by users isARTRAMA Sp. z o.o., 02-561 Warszawa, ul. J.Dąbrowskiego 37, NIP: 522-10-19-093, e-mail: firstname.lastname@example.org, tel.: 22 5408200
2.2. The Administrator takes the utmost care to ensure that any personal data are processed in accordance with the purpose to which they were they collected and used in accordance with processed data premises or categories permitted by law.
3. Purpose of processing personal data and legal basis
3.1. Each individual transferring personal data to Administrator is informed about specific
purpose of data processing and legal basis of processing.
3.2. The Administrator uses personal data only for indicated purposes. In particular, in the event of giving consent to process personal data, these data shall be used to execute projects run by Administrator, to contact within specified form with a data subject and for purposes resulting from legally based objectives pursued by the Administrator, including keeping records and financial accounts.
3.3. Furthermore, certain data, in particular IP addresses, are collected to obtain general demographic statistics (e.g. about the region of connection).
3.4. User’s personal data processed based on given consent shall be processed till the consent withdrawal or termination of purpose for which the data was collected. The given consent may be withdrawn at any time without consequences on lawfulness of data processing, carried out based on the given consent priori to its withdrawal.
Processed data due to conclusion and execution of an agreement, shall be processed in accordance with regulations in force, but no longer than the expiry of period in which the Administrator or user may pursue claims in terms of concluded agreement, unless the Law states a longer period.
4. Data security, storage and processing rules
4.1. The Administrator ensures personal data security by appropriate technical and
organizational measures to prevent unlawful data processing or its accidental loss,
destruction or damage.
4.2. The Administrator takes the utmost care to process personal data in accordance with regulations of processing data specified in Article 5 of GDPR, i.e.
- regulation 1 - lawfully, fairly and in transparent manner;
- regulation 2 - collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- regulation 3 - adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- regulation 4 - accurate and, where necessary, kept up to date;
- regulation 5 - kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- regulation 6 - processed in a manner that ensures appropriate security of the personal data;
- regulation 7 - in a manner that does not violate rights of data subject;
- regulation 8 - to do not transfer without appropriate protection to countries outside European Economic Area or to international organizations.
5. Collecting data
5.1. Collecting any personal data, the Administrator shall note their origin.
5.2. Personal data are collected by:
- online forms - data is gathered through online forms available at Administrator’s websites which are used for contact purposes, questions, submitting applications and comments;
- contact outside the website - at the Administrator’s websites are available telephone and fax numbers, e-mail addresses, via which you can contact us;
- telephone contact - any calls with Administrator representatives by numbers indicated at Administrator’s websites may be recorded;
- traffic data and statistics regarding frequency of site visits on Administrator’s websites - we maintain an information record on traffic data which are automatically registered by our server, such as user IP address, URL visited before our site, URL visited after our site and other visited websites. We also gather statistics regarding number of site visits and site views. Administrator is not able to determine directly user’s identity basing on traffic data and website statistics.
- While using websites managed by the Administrator - the information about user are collected by “cookies” or “web beacons”.
Cookies - small text files transferred from the website and stored on user’s computer, used
to adjust the content and services to individual needs and interests of Administrator’s
website user. Cookies let the website “remember” who the user is. The user may at any
time disable the “accept cookies” option in the Internet browser, although it should be
remembered that user may lose the possibility to use certain Administrator’s websites.
After session termination by e.g. accessing another website, the recorded information will
be deleted. The majority of Internet browsers is automatically configured to allow cookies
transfer, but while using Internet Explorer or Netscape Navigator browsers of Microsoft,
there is a possibility to configure them to limit the cookies access or block it completely,
although it may impact the quality of visited websites.
Web beacons - electronic graphic items (also called web bugs, clear gifs or trackers) allowing to determine number of users who visited the websites having clicked on the advertisement about our products or services on other company’s website. Web beacons gather information in the restricted range, including cookie number, time and date of accessing the website, along with description of the page, where web beacon is located. Our websites do not include web beacons located by other advertisers, but we use third parties’ services to collect those data for us. As the web beacons are used along with cookies, they can be disabled by disabling cookies or changing settings of cookies acceptance in the Internet browser.
6. User rights
6.1. The Administrator respects any individual rights in terms of processing of its personal
data. In particular, any individual whose data are being processed has a right to:
a) obtain information about processing its personal data,
b) access data, request its correction, competition or change,
c) erase data (“right to be forgotten”),
d) limit data processing,
e) transfer data,
f) refuse processing its data in justified purposes of the Administrator acting as data administrator, including direct marketing of its products and services, profiling, as well as right to not to be subject of decision based solely on automated processing.
6.2. The Administrator shall stipulate that due to lack of possibility of individual absolute identification, for example in terms of its given data, it may refuse taking actions on the request of the data subject by informing the concerned person about it, unless the person provides additional information enabling its identification.
6.3. Each user that has shared its personal data has a possibility to its verification, modification or erasure with a notification by e-mail sent to mail address of the Administrator or by letter sent via traditional post.
6.4. The Administrator informs that it does not have any obligation to erase data (“right to be forgotten”) if its processing is necessary:
a) to exercise the right to freedom of information and expression,
b) to comply with the legal obligation of processing under the law of European Union or Polish law, or to perform a task carried out in the public interest,
c) for archiving purposes in public interest, research, historical or statistic purposes,
d) to establish, exercise or defend claims.
6.5. If the user objects further processing, profiling or transferring personal data to another data administrator, the objections is respected. Although, the Administrator may leave in dataset those data identifying natural person, solely to omit reuse of this individual’s data in purposes covered by the objection.
6.6. If personal data are processed based on the consent given by a data subject or based on concluded agreement, and processing is automated, the user shall have the right to obtain following its request its personal data in structured, generally used machine- readable format, as well as to request transferring its data in mentioned format to indicated data administrator. A data subject submitting a request to transfer personal data shall determine if its personal data should be subsequently erased (“right to be forgotten”) by the Administrator and shall submit proper request regarding this issue.
6.7. The user may use the right to information and of access to data, not more than once every six months. Under the request of data subject, data administrator is obliged to provide necessary information within 30 days. More frequent exercise of the right to information and of the access to data shall be charged in the amount of 50 zlotys paid to a bank account of the Administrator priori to the execution by the Administrator of the submitted request. This fee is justified cost incurred by the Administrator regarding exercise of the right to access of data and is legitimate.
7. Scope of user data sharing
The Administrator declares that it does not sell, share or
transfer collected to process users personal data to other individuals or institutions, unless
it happens under explicit user consent or upon its request, or upon request of authorized
under the law national authorities for the proposes of the conducted proceeding or actions
in terms of security or defense, for objectives performed in general interest defined by law,
if it is necessary to perform legitimate interests of the Administrator. Personal data
processed by the Administrator to execute its projects may also be shared with entities
cooperating in terms of their execution, including Artrama Sp. z o.o., Studio Interfilm Sp. z
o.o. and Studio Online Sp. z o.o. in the scope necessary to execute these projects,
including the shared data minimization principle.
Personal data processed by the Administrator may also be available to web hosting provider: OVH Sp. z o.o., Karola Miarki 6-10 lok. 3-4, 50-306 Wrocław, NIP (Tax identification number): 8992520556 in the scope of website and e-mail server maintenance. In any case the entity to which the users personal data are available, won’t become anyhow an administrator of personal data processed by the Administrator.
We may also disclose websites, advertising agencies cooperating with us, collective, general statistical summary. These summaries shall generally include: site views and does not enable particular users identification (anonymized data). This information may be used to: track website traffic data or site views.
8. Sharing outside Europe
8.1. The Administrator shall not transfer personal data outside European Economic Area.
10. Right to complaint