PRIVACY POLICY
The owner and operator of the service http://zarys.com (Service) is ZARYS International Group sp. z o.o. sp.k. with headquarters in Zabrze at ul. Pod Borem 18, 41-808 Zabrze (Administrator).
Data confidentiality and privacy protection are our priorities. We have established this privacy policy (Policy) to ensure the security of Service users’ data (Users) and to comply with applicable law. This includes the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). The Policy defines the principles for collecting, processing, and using personal data of Service Users.
I. DEFINITIONS
– Administrator – ZARYS International Group sp. z o.o. sp.k. with headquarters in Zabrze at ul. Pod Borem 18, 41-808 Zabrze.
– Personal data – any information about an identified or identifiable natural person who can be identified based on one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity. This includes device IP addresses, location data, internet identifiers, and information collected through cookies and similar technologies, if such data enables User identification.
– Privacy Policy – this document.
– GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
– Service – the internet service operated by the Administrator, available at http://zarys.pl and through mobile applications,
– Cookies – small text files stored on the User’s device (computer, phone, tablet, etc.) when visiting the Service. These files allow for recording and retrieving information that the Administrator or its service providers use for various purposes, such as analytics or statistics.
– User – any natural person who visits the Service or uses any of its functionalities.
– Inspector – data protection officer designated by the Administrator.
– European Economic Area, EEA – a free trade zone and common market encompassing European Union member states and European Free Trade Association (EFTA) countries, with the exception of Switzerland.
II. PERSONAL DATA ADMINISTRATOR
ZARYS International Group sp. z o.o. sp.k. is the administrator of personal data for all Service Users.
III. INSPECTOR
For matters concerning personal data processing, you can directly contact the data protection officer appointed by the Administrator through:
– email correspondence at: ochrona.danych@zarys.pl,
– or by mail to the Administrator’s headquarters address with a note: “Data Protection Officer.”
IV. PURPOSES AND LEGAL BASIS FOR PERSONAL DATA PROCESSING
1. When using the Service, the Administrator collects only data necessary to provide specific services. Additionally, the Administrator collects information about User activity in the Service, including IP address, location, internet identifiers, and information gathered through cookies and similar technologies.
2. The Administrator processes personal data for the following purposes:
– To fulfill legal obligations (Article 6(1)(c) GDPR)
The Administrator processes personal data when necessary to comply with legal obligations.
– For purposes arising from legitimate interests pursued by the Administrator or a third party (Article 6(1)(f) GDPR)
The Administrator may process personal data based on legitimate interests when: handling User contact through a contact form, pursuing or defending against claims, and ensuring IT security of the Service.
3. Processing of Complaints and Inquiries
Personal data processing is also necessary for handling complaints and inquiries. In such cases, the processing includes:
a) Personal information that identifies the individual submitting the request, such as full name, email address, phone number, mailing address, and signature,
b) case identifier in the Administrator’s internal system and information describing the subject of the request or complaint,
c) information about how the case was handled, including correspondence with the individual concerned,
f) in case of a telephone call, the caller’s voice is also processed.
The Administrator also processes personal data for secondary purposes, which include:
a) for archival and evidentiary purposes when there is a legally justified need or obligation to demonstrate facts, particularly to show compliance with GDPR obligations (under Article 6(1)(f) GDPR),
b) for the establishment, pursuit, or defense of claims (based on Article 6(1)(f) GDPR).
V. DATA TRANSFERS OUTSIDE THE EEA
When using the Service, your personal data may be transferred outside the European Economic Area (EEA) to the United States through our use of Google and Facebook tools. The Administrator ensures all personal data transfers to third countries maintain adequate protection levels by:
1. cooperation with entities that process personal data in countries for which the European Commission has issued an adequacy decision,
2. using standard contractual clauses issued by the European Commission,
3. applying binding corporate rules approved by the competent supervisory authority. These criteria are met for the tools mentioned above. Users have the right to obtain a copy of these data.
VI. DATA PROCESSING PERIOD
Personal data will be processed only for the time needed to fulfill the specific purposes for which it was collected, particularly:
– for fulfilling legal obligations – for the period specified in the regulations;
– for the duration required to fulfill the Administrator’s legitimate interests, such as the time needed for pursuing potential claims.
VII. PERSONAL DATA RECIPIENTS
Based on the services provided and specific activities, Users’ personal data may be transferred to:
1. authorized personnel of ZARYS International Group sp. z o.o. sp.k.,
2. entities that process personal data on behalf of the Administrator, including:
– IT service providers;
– advisory service providers, including accounting firms;
– entities collaborating with the Administrator;
3. entities processing personal data in their own name, such as:
– payment processing entities;
– postal or courier service providers;
– telecommunications service providers.
VIII. RIGHTS CONCERNING PERSONAL DATA PROCESSING
1. Users have the following rights regarding their personal data:
– request access to their personal data (Article 15 GDPR) – Users have the right to know what data is being processed about them,
– rectification of personal data (Article 16 GDPR) – if errors occurred during data collection or if the data has changed, Users have the right to provide correct and up-to-date information, and the Administrator must correct or update it,
– erasure of personal data (Article 17 GDPR) – if Users believe their data is no longer necessary for the purposes for which it was collected, they have the right to request that the Administrator delete it,
– restriction of processing (Article 18 GDPR) – if Users question whether the Administrator is properly processing their personal data, they can request to restrict this processing,
– data portability (Article 20 GDPR) – Users have the right to receive their personal data from the Administrator in a structured format and transfer it to another entity,
– to withdraw at any time any previously given consent for personal data processing, where such processing is based on that consent (Article 7 GDPR),
– to object to the processing of personal data when it’s based on legitimate interests pursued by the Administrator or a third party, for reasons related to your specific situation, and to object to data processing for direct marketing purposes (Article 21 GDPR),
– to file a complaint with the President of the Personal Data Protection Office.
2. To exercise any of the above rights, please submit a request via email to ochrona.danych@zarys.pl or by mail to the Administrator’s headquarters address. The Administrator may verify your identity to protect against unauthorized access to your personal information.
3. Users have the right to lodge a complaint about personal data processing with the appropriate supervisory authority. In the Republic of Poland, this authority is the President of the Personal Data Protection Office.
IX. VOLUNTARY PROVISION OF PERSONAL DATA
Providing personal data is voluntary, but in some cases necessary, such as when contacting us through our contact form or via the email address provided. The Administrator collects only the personal data necessary to achieve specific purposes.
X. ORIGIN OF PERSONAL DATA
In some cases, Users’ personal data may not come directly from the Users themselves, but from entities with which the Administrator collaborates.
XI. ACTIVITY IN THE SERVICE
The Administrator informs Users that when they connect to the http://zarys.pl service, our system logs automatically record information about the connecting device’s number (including IP address or MSISDN number) and type. The Administrator also lawfully processes data regarding connection times and other operational activities within the service. This information is processed solely for technical purposes and to compile general statistical information.
The Service automatically collects data from cookies to gather information about site usage, maintain login sessions across subpages, customize the Service to users’ needs, and generate page view statistics. Users can delete existing cookies or block new ones through their internet browser settings at any time. However, the Administrator cautions that removing or blocking cookies may impair Service functionality or make certain features unusable.
Cookies are small text files sent from website and application servers and stored by internet browsers on users’ devices. They enable high-quality service delivery and improve user experience. These files identify visitors during subsequent visits or within a single session to enhance specific functions, such as login processes or personalized content delivery. The Service Owner uses three types of cookies: (i) session cookies, (ii) persistent cookies, and (iii) third-party cookies.
– SESSION COOKIES
These are necessary cookies that enable navigation within the website and use of its basic functions. They exist only during a single browsing session. Session cookies are anonymous and serve to optimize and increase the efficiency of the Administrator’s services.
– PERSISTENT COOKIES
Persistent cookies enable specific functions not only during a single session but for the entire period a file remains stored on the computer. These files enhance service performance and functionality.
These cookies collect information about website usage, including which subpages users visit and any errors encountered. Functionality-related cookies enhance service delivery by remembering user settings, making the website easier to navigate.
Persistent cookies collect the following information about users: IP address and data about the source from which the user came to the site. Beyond the IP address, the Administrator does not collect any additional information that could reveal the user’s identity. These data are processed anonymously and are used only to improve website operation and to understand visitors’ interests.
The Administrator uses them to:
– optimize and enhance service efficiency,
– remember user preferences for page layout, text size, and color settings,
– share information with the Administrator’s partners to deliver services. Any information shared this way is used solely for providing services or functions and not for any other purposes.
– THIRD-PARTY COOKIES
Third-party cookies facilitate collaboration with external companies or services. These include research cookies that provide analytical systems with data about the service’s popularity. They also include cookies related to features such as ‘like’ or ‘share’ buttons. The third-party cookies we use include:
– connections to social networks (such as Facebook), which may subsequently use information about users’ visits to target advertisements on other websites,
– sharing analytics data with research companies about website and application traffic, such as Google Analytics.