skip to Main Content

Polityka prywatności

I. BASIS

I.1. This document is a description of the privacy policy of Navitel Sp. z o.o. with registered office in 39300 Mielec, at Wojska Polskiego 9, registered in the Register of Entrepreneurs of the National Court Register kept by the District Court in Rzeszów, 12th Commercial Division of the National Court Register under No. 0000295869, share capital PLN 100,000.00 – paid in full; holding the tax identification number 8172062563, e-mail address: navitel@navitel.pl

 

Its purpose is to define the principles, method of processing and using data and information from users of online systems, websites administered by Navitel Sp. z o.o., including the clients of Navitel Sp. z o.o., and also contains information on the rights of natural persons with respect to the personal data provided by them.

 

I.2. Navitel Sp. z o.o. in its privacy policy, he is guided by the overriding principle:

 

in no case does he sell or make available to third parties personal or address data of clients / users of his services, services, bulletins and applications.

 

I.3. Please read this policy carefully. By going to the Navitel Sp. z o.o. or using them and sending us any personal data, the user accepts the terms of this privacy policy.

 

I.4. Please note that when you leave our site (for example, by going to a page in another domain via a link), the user goes to an area where this privacy policy does not apply.

 

Navitel Sp. z o.o. is not responsible for the rules of privacy policy applicable on websites operated by other entities.

 

I.5. Navitel Sp. z o.o. appointed a Data Protection Officer (IOD), with whom it is possible to contact via e-mail at: iod@navitel.pl in any matter regarding the processing of personal data

II. DEFINITIONS

Administrator: Navitel Sp. z o.o. with its registered office in Mielec 39-300, ul. Wojska Polskiego 9.

 

User: A natural person, a legal person and an organizational unit without legal personality, visiting the Website or using the Website, Navitrack Service.

 

Consumer: A user who is a natural person, making a purchase not directly related to his professional or business activity.

 

Website: Websites and Websites maintained by the Administrator on terminal and mobile terminal devices, through which the Administrator provides content, digital or electronic files to Users, and provides other services specified in each of the Website Terms and Conditions.

 

Shop: A separate part of the Services through which the Administrator carries out the Sale of Files on the terms specified each time in the Store Regulations.

 

File: An electronic or digital file in which content is contained (in particular an application, electronic library, plugin, e-book, audiobook, e-press, multimedia applications) intended for use, reading, listening or other reproduction (as described in the description in the Navitrack System, the Store, materials) using the Electronic Device.

 

Electronic Device: A device intended, among others for downloading and saving digital files (eg personal computer, smartphone, tablet, reader).

 

File sale: the File is made available by the Administrator for the User’s order, carried out through the Navitrack System, Store enabling unlimited use of the File only with the use of Electronic Devices – on terms and conditions specified in the Regulations.

 

Additional services: Services provided by the Administrator to Users registered on the Website (ie having an Account).

 

Account: An individual website of the User registered on the Website, through which a registered User can use the Basic and Additional Services – on the terms specified in each time in the Regulations of the Website.

 

Payment operator: payment institutions within the meaning of art. 2 points 10A) of the Act of 19 August 2011 on Payment Services (consolidated text Journal of Laws of 2017, item 2003), with which the Website cooperates.

 

Payment of the Order: Payment Operator’s bank account or payment card confirmed by the Payment Operator, the amount specified in the order.

 

RODO: Regulation of the European Parliament and of the Council of Europe 2016/679 of 27 April 2016 on the protection of individuals with regard to processing and on the free movement of such data.

III. PROCESSING AND PROTECTION OF PERSONAL DATA

III.1. Collection and processing of data in connection with the use of the Website

III.1.1. In connection with the User’s use of the Website, the Administrator collects data in the scope necessary to provide individual services offered on the Website, as well as information about the User’s activity on the Website.

 

By collecting any personal data, the Administrator saves from where they were obtained.

 

III.1.2. Personal data is obtained directly from the User by:

 

forms filled in online – information is collected thanks to the forms available on the Administrator’s website, used for contact purposes, asking questions, submitting applications and expressing comments;

contact outside of the website – on the Administrator’s website there are telephone and fax numbers and e-mail addresses where you can contact them;

telephone contact – conversations with representatives of the Administrator at the numbers indicated on the Administrator’s website can be recorded. If there is such a situation, the User will be informed about it every time;

data on network traffic and statistics on the frequency of visits on the Administrator’s pages – a record of information about traffic data is kept, which is automatically registered by our server, such as the user’s IP address, URL visited before visiting our website, URL visited after visiting the website our website and websites visited. Statistics on the number of visits to the site and page views are also collected. The administrator is not able to directly identify the user’s identity based on traffic data and statistics on the use of the website.

when using the resources of websites managed by the Administrator – information about users is collected via files such as “cookies”.

III.1.3. Below are presented detailed rules and purposes of processing personal data collected when the User uses the Website.

 

III.2. Goals and legal grounds for data processing on the Website

III.2.1. Using the Website

Personal data of all persons using the Website (including the IP address or other identifiers and information collected via cookies or other similar technologies), and not being registered Users (ie persons without an Account) are processed by the Administrator:

 

in order to provide electronic services in the scope of presenting and selling Files in the System and Store and maintaining content posted by Users (eg entries, comments) – then the legal basis for processing is the necessity of processing to perform the contract (Article 6 paragraph 1 lit. (b) the GDP),

for analytical and statistical purposes – then the legal basis of the processing is a legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in analyzing Users’ activity, as well as their preferences, in order to improve the functionalities and services provided;

in order to possibly determine, investigate or defend against claims – the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the RODO) consisting in the protection of its rights;

for marketing purposes of the Administrator and other entities, in particular related to the presentation of behavioral advertising – the principles of processing personal data for marketing purposes are described in section III.2.5. Marketing.

The User’s activity on the Website, including his personal data, is recorded in system logs (a special computer program used for storing a chronological record containing information on events and activities regarding the IT system used to provide services by the Administrator). Information collected in logs is processed primarily for purposes related to the provision of services. The administrator also processes these data for technical and administrative purposes, to ensure the security and management of the IT system, as well as for analytical and statistical purposes – in this respect the legal basis for processing is the legitimate interest of the administrator (Article 6 paragraph 1 point f) ) RODO). III.2.2. Registration on the Website

 

The persons who register on the Website are requested to provide the data necessary to create and service the account, or to provide this data by e-mail. Providing data in the form of an e-mail address is obligatory, i.e. failure to do so results in the inability to set up an account. When setting up an account by the Administrator, the User changes login details after the first login.

 

Personal data is processed:

 

in order to provide services related to running and servicing an account on the Website – the legal basis for processing is the necessity of processing to perform the contract (Article 6 paragraph 1 letter b) OF THE REDO), and in the field of data provided optional – the legal basis for processing is consent (art. 6 (1) (a) of the RODO);

for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (Article 6 (1) (f) of the GDPR), consisting in analyzing the Users’ activity on the Website and how to use the account, as well as their preferences, in order to improve functionalities;

in order to possibly determine, investigate or defend against claims – the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the RODO) consisting in the protection of its rights;

for marketing purposes of the Administrator and other entities – the principles of processing personal data for marketing purposes are described in section III.2.5. Marketing.

In the case of registration or logging in to the Account on the Website, the Website, after prior consent of the User, will only download the data necessary for registration and account servicing.

 

If the User places any personal data of other people on the Website (including their name, address, telephone number or e-mail address), they can do so only on condition that they do not violate applicable law and personal rights of such persons.

 

III.2.3. Placing orders (using paid services on the Website)

The sale of the File to the User involves the processing of his personal data.

 

Placing an order requires having an Account on the Website or providing an e-mail address in the purchase process. Providing the address data is necessary to issue and deliver an invoice.

 

Personal data is processed:

 

in order to execute the order – the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the RD0); in the field of optional data, the legal basis for processing is consent (Article 6 (1) (a) of the RODO);

in order to fulfill the statutory obligations imposed on the Administrator, resulting in particular from tax regulations and accounting regulations

– the legal basis for processing is the legal obligation (Article 6 (1) (c) of the GDPR);

 

for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (Article 6 (1) (f) of the GDPR), consisting in analyzing the Users’ activity on the Website, as well as their shopping preferences, in order to improve the functionalities used;

in order to determine, investigate or defend against claims – the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the RODO), consisting in the protection of its rights.

III.2.4. Contact forms

The administrator provides the opportunity to contact him using electronic contact forms. Using the form requires providing personal data necessary to contact the User and to answer the inquiry. Failure to do so results in the lack of possibility of its service.

 

Personal data is processed:

 

in order to identify the sender and handle his inquiry sent by the form provided – the legal basis of the processing is the necessity of processing to perform the contract for the provision of the service (Article 6 paragraph 1 letter b) OF THE RODO);

for analytical and statistical purposes – the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in keeping statistics of queries submitted by Users via the Website in order to improve its functionality.

III.2.5. Marketing

The Administrator processes Users’ personal data in order to carry out marketing activities, which may consist in:

 

displaying to the User marketing content that is not adapted to its preferences (including contextual advertising);

displaying to the User marketing content corresponding to his interests (behavioral advertising);

directing e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service);

conducting other types of activities related to direct marketing of goods and services (sending commercial information by electronic means).

In order to implement marketing activities, the Administrator may use profiling in some cases. It means that thanks to the automatic processing of data, the Administrator evaluates shopping preferences in order to optimize the offer in the future.

 

III.2.6. advertisement

The Administrator processes Users’ personal data for marketing purposes in connection with advertising to Users, including contextual advertising (ie advertising that is not suited to the User’s preferences).

 

The processing of personal data for this purpose takes place in relation to the legitimate interest of the administrator (Article 6 (1) (f) of the RODO).

 

III.2.7. Behavioral advertising

The Administrator processes Users’ personal data, including personal data collected via cookies and other similar technologies for marketing purposes, in connection with the targeting of behavioral advertising to Users (ie advertising that is tailored to the User’s preferences).

 

The processing of personal data for this purpose may also include profiling of Users.

 

 

 

III.2.8. Newsletter

For those who have given their e-mail address for this purpose, the Administrator provides the newsletter service. Providing the data is required in order to provide the newsletter service, and their failure to submit or request the removal of data results in the inability to send it.

 

Personal data is processed:

 

in order to provide the newsletter delivery service – the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) OF THE REDO);

in the case of sending marketing content to the User as part of the newsletter – the legal basis for processing, including profiling, is the Administrator’s interest (Article 6 (1) letter f) of the RODO) in connection with the consent to receive the newsletter;

for analytical and statistical purposes – the legal basis of the processing is a legitimate interest of the Administrator, (Article 6 point 1 letter f) OF THE RODO) based on conducting analyzes of Users’ activity on the Website in order to improve the functionalities used;

for possible determination, investigation or defense against claims – the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR).

III.2.9. direct marketing

The User’s personal data may also be used by the Administrator to send marketing content to him via e-mail. Such actions are taken by the Administrator only if the User has expressed in this respect the consent that the User may withdraw at any time.

 

III.2.10. Social media

III.2.10.1. The administrator processes the personal data of Users visiting the navitel profile maintained on the social networking site Facebook. These data are processed only in connection with running the profile, including to inform Users about the activity of the Administrator, promotion of the Services, as well as to provide answers to short queries sent via the Facebook messenger.

 

The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest (Article 6 (1) (f) of the GDPR), which consists in promoting its own brand and necessity of processing to fulfill its obligations (Article 6 (1) b) RODO) to the extent to which inquiries sent through the Facebook messenger concern complaints.

III.2.10.2. Personal data provided by the User on sites belonging to the Administrator when sending comments to articles, forum replies, etc. are available to all visitors of sites containing these data. The Administrator has no technical means to protect the User from private individuals or companies that use this data to send the User unidentifiable content.

 

Therefore, these data are not subject to the Privacy Policy.

 

In this situation, the User must be aware that they provide personal data at their own risk and responsibility.

 

III.2.11. Cookies and similar technology

Cookies are small text files installed on the User’s device that browses the Website. Cookies usually contain the domain name of the website they come from, the time they are stored on the end device and a unique number. In this Policy, cookies information also applies to other similar technologies used on the Website.

 

Disabling the use of cookies may make it difficult to use certain services as part of our Services, in particular those requiring login.

 

Disabling the option of accepting cookies does not cause the lack of the ability to read or view the content posted on the Administrator’s websites, subject to those to whom access requires login.

 

III.2.11.1. “Service” cookies

The administrator uses the so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services.

 

Therefore, the Administrator and other entities providing its analytical and statistical services use cookies by storing information or accessing information already stored in the User’s telecommunications terminal equipment (computer, telephone, tablet, etc.).

 

Cookies used for this purpose include:

 

cookies with data entered by the User (session id) for the duration of the session (user input cookies);

authentication cookies used for services requiring authentication for the duration of the session (authentication cookies);

cookies used to ensure security, e.g. used to detect user centric security (cookies);

session cookies for multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);

permanent cookies used to personalize the User interface, for the duration of the session or a bit longer (user interface customization cookies),

cookies used to monitor traffic on the website, i.e. data analytics, including cookies:

* Google Analytics (these are files used by Google – ie an entity entrusted by the Administrator to the processing of personal data – in order to analyze the use of the Website by the User, including the creation of statistics and reports on the functioning of the Website).

III.2.11.2. “Marketing” cookies

The administrator also uses cookies for marketing purposes, including in relation to behavioral advertising to Users. For this purpose, the Administrator stores information or accesses information already stored in the User’s telecommunications terminal equipment (computer, telephone, tablet, etc.).

 

The use of cookies and personal data collected through them for marketing purposes, in particular as regards the promotion of services and goods of third parties, requires the User’s consent.

 

This consent can be withdrawn at any time.

 

III.3. The period of personal data processing

III.3.1. The period of data processing by the Administrator depends on:

 

time of completion of the contract, and after that time, in other legitimate purposes related to the contract. In the absence of a contract – until the completion of the service;

the time when the Administrator fulfills the obligations set out in individual laws or the performance of tasks carried out in the public interest;

raise objections to the processing or until the contracts with the Administrator expire;

withdrawal of granted consents;

the time of fulfilling the legitimate interests of the Administrator constituting the basis for processing or opposition to such processing, no longer than for a period of 5 years;

period of maintaining the User Account.

III.3.2. All data is processed at the time of taking action before entering into the contract, performing the contract, fulfilling the legal obligation of the Administrator, based on the Administrator’s legally justified interest, validity of the consent and the account and immediately deleted or irreversibly anonymised after the processing period or opposition to processing.

 

Anonymisation leads to irreversible failure to identify the person. All data that could enable identification is blackened, which allows creating a set of data that can not be identified by a specific natural person. Identifiers are removed from the document – information such as names, names, addresses, dates of birth, PESEL numbers and NIP numbers. Documents that have been anonymized are not subject to the law on the processing of personal data and may be made available to applicants or made public without the consent of the data subjects.

 

The purpose of anonymisation is to prevent the use of personal data or a person susceptible to be identified by “all the means that a” data controller “or a third party can use.

 

Moreover, the data is deleted or irreversibly anonymised after submitting an effective objection to the processing of data in cases where the legal basis for data processing is the justified interest of the Administrator.

 

III.3.3. Not all data may be anonymized immediately after requesting the deletion of personal data. Anonymizing the documents, the Administrator checks whether the statutory period of their storage has expired and this is for tax documents – 5 years from the end of the calendar year in which the tax payment deadline expired.

 

III.4. The data processing period may be extended if the processing is necessary to establish, investigate or defend against possible claims, as well as at the request of competent public authorities, and after this period, only in the case and to the extent required by law . After the processing period, the data is irreversibly deleted or anonymized.

 

III.5. User permissions

III.5.1. The Administrator respects the rights of each User related to the processing of his personal data. In particular, every person whose data is processed has the right to:

 

obtaining information about the processing of personal data,

the right to access data, to request their rectification, completion and amendment,

the right to delete data (“the right to be forgotten”),

the right to limit data processing,

the right to transfer data,

the right to object to the processing of its data in the justified purposes of the Administrator, including direct marketing of its products and services, and profiling.

the right to lodge a complaint with the supervisory body dealing with the protection of personal data.

III.5.2. To the extent that User’s data are processed on the basis of consent, it can be withdrawn at any time by contacting the Administrator via the communication channels indicated in the Regulations of the Website or the Store Regulations.

 

III.5.3. The Administrator reserves that in the case when the User can not be identified unconditionally (for example due to the scope of data provided by him), he may refuse to take action at the request of the User whose data concerns the User at the same time, unless the User provides additional information allowing him to identify.

III.5.4. If the User objects to further processing for marketing purposes, profiling or transfer of personal data to another data controller, the opposition is considered. The administrator may, however, leave in the file data identifying a natural person only to avoid re-use of that person’s data for the purposes covered by the objection.

 

III.5.5. If personal data are processed on the basis of the consent of the data subject or on the basis of a contract concluded and the processing takes place in an automated manner, the User has the right to receive personal data concerning it in a structured, commonly used machine-readable format at its request, as well as apply for transfer of its data in such a format to the indicated data administrator. The data subject submitting the application for the transfer of personal data must specify whether the personal data concerning him or her should be deleted at the same time (the “right to be forgotten”) by the Administrator and submit an appropriate application in this regard.

 

III.5.6. The User may exercise the right to information and access to his data, not more often than once every six (six) months. At the request of the data subject, the Administrator is obliged to provide the necessary information within 30 (thirty) days.

 

More frequent use of the right to information and access to data will be subject to fees in the amount of 50 (fifty) zlotys paid to the account in PKO BP

 

98102034660000930200626028, each time prior to the implementation of the submitted application by the Administrator. This fee is a reasonable cost incurred by the Administrator in connection with the implementation of the right of access and is legally permissible.

III.6. The right to object

The user has the right to object at any time to the processing of his data for the purposes of direct marketing, including profiling, as well as the right not to decide, which is based only on automated processing, if the processing takes place in relation to the legitimate interest of the administrator.

 

The User also has the right to object to the processing of his data at any time for reasons related to his special situation in cases where the legal interest of the data processing is legitimate interest of the Administrator (eg in connection with the implementation of analytical and statistical purposes, including profiling).

 

III.7. Recipients of data

III.7.1. The Administrator declares that he does not sell, share or transfer Users’ personal data to any other person or institution, unless it is done with the express permission or at the request of the User, or

 

at the request of state authorities authorized by law to carry out proceedings or activities related to security or defense, for tasks defined for the public good, as well as when it is necessary to fulfill legally justified goals of the Administrator.

 

III.7.2. In connection with the provision of services, personal data will be disclosed to external entities, in particular suppliers responsible for the operation of IT systems serving the provision of services, entities such as banks and payment operators, research companies, entities providing accounting, analytical services, couriers (in connection with the implementation of the order), marketing agencies (in the field of marketing services) and entities associated with the Administrator.

 

In the case of obtaining the User’s consent, his data may also be made available to other entities for their own purposes, including for marketing purposes.

 

III.7.3. The Administrator reserves the right to disclose information about the User to the competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the applicable law.

 

III.7.4. In particular, data recipients may be:

 

Orange Polska A. al. Jerozolimskie 160, 02-326 Warsaw.

Netia SA with its registered office at ul. Poleczki 13, 02-822 Warsaw;

Poczta Polska Spółka Akcyjna with its registered office in Warsaw (00-940), ul. Spanish Families 8;

PayU S.A. with registered office in Poznań (60-166) at ul. Grunwaldzka 182;

PayPal (Europe) S.à.l. & Cie, S.C.A with registered office at address L-1150 in Luxembourg;  Europejski Fundusz Leasingowy S A with its registered office in Wrocław (53-605) at Pl. Eaglets

PKO BP Puławska 15, 02-515 Warsaw

 

III.8. Transmission of data outside the European Economic Area

The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law.

 

For this reason, the Administrator transfers personal data outside the EEA only when it is absolutely necessary and with an adequate level of protection, primarily through:

 

cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued;

use of standard contractual clauses issued by the European Commission;

applying binding corporate rules, approved by the competent supervisory authority;

in the event of data transfer to the USA – cooperation with entities participating in the Privacy Shield program, approved by the European Commission.

The administrator always informs about the intention to transfer personal data outside the EEA at the collection stage.

III.9. Security of personal data

III.9.1. The administrator ensures the security of personal data through appropriate technical and organizational measures to prevent unlawful processing of data and their accidental loss, destruction and damage.

 

III.9.2. Administrator makes special care that personal information should be processed in accordance with the principles of processing personal data referred to in Article. 5 RODO, i.e .:

 

principle 1 – legally, reliably and transparently,

Principle 2 – collected for specific and legitimate purposes and not further processed in a manner inconsistent with these purposes;

Principle 3 – adequate, relevant and limited to what is necessary for the purposes for which it is processed;

rule 4 – correct and updated as necessary;

Principle 5 – stored in a form that permits the identification of the data subject for no longer than is necessary for the purposes for which the data are processed;

principle 6 – processed in a manner that ensures adequate security of personal data;

principle 7 – in a manner that ensures the implementation of the rights of data subjects;

principle 8 – not transferred without adequate protection to countries outside the European Economic Area or international organizations.

III.9.3. The administrator conducts risk analysis on an on-going basis to ensure that personal data is processed in a secure manner, ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks performed by them. .

 

III.9.4. The administrator makes sure that all operations on personal data are registered and made only by authorized employees and associates who have appropriate, personal authorizations of the Administrator.

 

III.9.5. The Administrator undertakes all necessary actions, so that its subcontractors and other cooperating entities would guarantee that appropriate security measures will be applied whenever they process personal data at the request of the Administrator.

IV. FINAL PROVISIONS

IV.1. This Privacy Policy is available on the Navitel Website and at the Administrator’s office.

The Privacy Policy document, at the User’s request sent by e-mail to the e-mail address: iod@navitel.pl, will be provided to the User free of charge in electronic form to the e-mail address provided by the User.

 

IV.2. This Privacy Policy may be changed by the Administrator.

 

The Administrator will inform registered Users with a 14-day notice about the planned change of the Privacy Policy regarding the provision of Additional Services.

 

Within 14 days of receiving the information about the change, the User may refuse to accept it – by e-mail sent to the address: navitel@navitel.pl

In this case, the User’s Account will be closed on the effective date of the change.

Purchases made at the Navitel or Store, which took place before the amendments come into force, are subject to the previous provisions.

 

Each User is subject to the current Privacy Policy.

 

IV.3. The Privacy Policy does not apply to websites and companies whose contact details are provided on the websites and descriptions of the application and software belonging to the Administrator.

 

IV.4. If you do not agree to the above Privacy Policy, please do not visit our services, do not subscribe to the newsletters belonging to the Administrator and do not purchase products and services offered by the Administrator.

 

IV.5. Privacy Policy in the wording of the Regulation of the European Parliament and Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC ( general regulation on data protection) from 25 May 2018.

Back To Top