PRIVACY AND COOKIES POLICY  ART AND CAT

www.ravavik.com

 

  1. General Information
  2. This document outlines the privacy rules for the website www.ravavik.com.
  3. Pursuant to Article 4(7) of the GDPR, the Data Controller is ART and CAT Sp. z o.o., Cegielniana 4a/15, 30-404 Kraków, KRS: 0000619221, NIP: PL6172209249, REGON: 364492018, District Court Kraków Podgórze, share capital: PLN 30,000.
  4. This Privacy Policy is for informational purposes.
  5. Personal data collected by the Controller are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter GDPR), the Personal Data Protection Act of 10 May 2018, and the Act of 18 July 2002 on the Provision of Electronic Services (Journal of Laws 2002, No. 144, item 1204, as amended).
  6. The Controller exercises due diligence in selecting and applying appropriate technical measures, including programming and organizational measures, to ensure the protection of processed data, particularly safeguarding it against unauthorized access, disclosure, loss, destruction, unauthorized modification, or processing in violation of applicable legal provisions.
  7. Personal data are processed in accordance with the principles set out in Article 5 of the GDPR, i.e.:
    1. processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness, and transparency”);
    2. collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes (“purpose limitation”);
    3. adequate, relevant, and limited to what is necessary for the purposes for which they are processed (“data minimization”);
    4. accurate and, where necessary, kept up to date (“accuracy”);
    5. kept in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed (“storage limitation”);
    6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
  8. As part of the Controller’s use of tools supporting its ongoing operations, such as those provided by Google, the Customer’s personal data may be transferred to a country outside the European Economic Area, in particular to the United States of America (USA) or another country where an entity cooperating with the Controller maintains tools for processing personal data in collaboration with the Controller.

 

  1. Purposes and Legal Bases for Processing
  2. Providing personal data is voluntary for contact forms and subscription to the Controller’s newsletter. The Controller collects the following data via contact forms and for newsletter subscription: name, email address, phone number.
  3. Personal data are used to identify the Customer, establish commercial contact with them, provide service quotes, conduct commercial negotiations, and potentially conclude and perform a contract.
  4. Personal data are primarily processed based on the data subject’s consent (Article 6(1)(a) GDPR), as well as Article 6(1)(b) GDPR, i.e., processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  5. Upon separate consent, pursuant to Article 6(1)(a) GDPR, data may also be processed for the purpose of sending commercial information electronically or making telephone calls for direct marketing purposes, in accordance with Article 10(2) of the Act of 18 July 2002 on the Provision of Electronic Services or Article 172(1) of the Act of 16 July 2004 – Telecommunications Law, respectively.
  6. The Customer’s personal data may also be processed based on:
    1. applicable legal provisions – when processing is necessary to fulfill a legal obligation incumbent on the Controller, e.g., when the Controller settles concluded contracts based on tax or accounting regulations (Article 6(1)(c) GDPR);
    2. necessity for purposes other than those listed above, arising from the legitimate interests pursued by the Controller or a third party, in particular to establish, pursue, or defend claims, and to correspond with Customers (Article 6(1)(f) GDPR).

 

  1. Personal Data Processing Period
  1. Personal data will be processed by the Controller for the time necessary to respond to inquiries, provide service quotes, resolve issues, conduct negotiations, or handle the matter for which the personal data were provided, and further for the duration of contract performance or service provision, as well as the period during which the Controller is obliged to retain sales documents and pursue claims.
  2. If collected for another purpose for which the user has given consent, the data will be processed until the consent for processing for that purpose is withdrawn.

 

  1. Recipients of Personal Data
  2. The list of recipients of personal data processed by the Controller arises from legal provisions, the Customer’s consent, and the scope of services used by the Customer.
  3. Recipients of the data may include entities processing orders on behalf of the Controller and handling them: employees, collaborators, accounting firms, IT solution providers, payment service providers, banks, marketing service providers, telecommunications service providers, law firms, and authorized state authorities.

 

  1. Your Rights Regarding Personal Data Protection
  2. Given the voluntary nature of providing your personal data, you have the right to:
    1. access your personal data (Article 15 GDPR);
    2. rectify your personal data (Article 16 GDPR);
    3. erase your personal data (“right to be forgotten” – Article 17 GDPR);
    4. restrict the processing of your personal data (Article 18 GDPR);
    5. data portability (Article 20 GDPR);
    6. object to processing (Article 21 GDPR).
  3. If you believe that the processing of your personal data violates GDPR provisions, you have the right to lodge a complaint with the President of the Personal Data Protection Office. Their website is available at: https://uodo.gov.pl/.
  4. Consent to the processing of personal data may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of processing carried out by the Controller based on consent before its withdrawal.

 

  1. Personal Data Breach
  2. In the event of a personal data breach, the Controller shall, without undue delay and no later than 72 hours after becoming aware of the breach, notify the supervisory authority (President of the Personal Data Protection Office), unless it is unlikely that the breach would result in a risk to the rights or freedoms of natural persons. If the notification to the supervisory authority is made after 72 hours, the Controller shall include an explanation of the reasons for the delay. If the personal data breach is likely to result in a high risk to the rights or freedoms of natural persons, the Controller shall inform the data subject of the breach without undue delay.

 

  1. Cookies Policy
  2. The Controller uses cookies.
  3. Cookies are IT data, in particular text files, stored on Users’ devices and intended for use with websites.
  4. The cookies used by the Controller are safe for the User’s devices. In particular, it is not possible for viruses, unwanted software, or malicious software to infiltrate Users’ devices through this method. These files allow identification of the software used by the User and customization of services to each User individually. Cookies typically contain the domain name from which they originate, the duration of their storage on the device, and an assigned value.
  5. Based on the purpose of collection, the following types of cookies are distinguished:
    1. **Essential**: necessary for the proper functioning of the website – processed based on the Controller’s legitimate interest (Article 6(1)(f) GDPR);
    2. **Statistical**: allow analysis of website traffic, understanding user preferences, analyzing their behavior on the website, and enabling interactions with external networks and platforms – processed based on the User’s voluntary consent (Article 6(1)(a) GDPR);
    3. **Marketing**: allow tailoring displayed advertisements and content to user preferences and conducting personalized marketing campaigns – processed based on the User’s voluntary consent (Article 6(1)(a) GDPR).
  6. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the way the User uses the Website. For this purpose, information about the User’s navigation path or time spent on a given page may be retained.
  7. Regarding information about User preferences collected by the Google advertising network, the User can view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/.
  8. The User can independently and at any time change cookie settings, specifying the conditions for their storage and access to the User’s device via cookies. These changes can be made through the web browser settings or service configuration. These settings can be adjusted, in particular, to block the automatic handling of cookies in the browser settings or to notify the User each time cookies are placed on their device. Detailed information about the possibilities and methods of handling cookies is available in the software (web browser) settings.
  9. To learn how to manage cookies, including how to disable them in your browser, you can refer to your browser’s help file. You can access this information by pressing the F1 key in your browser. Additionally, relevant instructions can be found on the following pages, depending on the browser you use:
  10. Firefox
  11. Chrome
  12. Safari
  13. Internet Explorer / Microsoft Edge
  14. Limiting the use of cookies may affect some functionalities available on the website.
  15. The Website also collects external cookies, so-called third-party cookies, which originate from external servers.
  16. We use the following services:
    1. Google Analytics, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), for website traffic analytics. This provides us with statistics showing how you and other users interact with the Website.
    2. Facebook (cookie administrator: Facebook Ireland Ltd., based in Ireland).

 

  1. Final Provisions
  1. The Data Controller reserves the right to amend this Privacy and Cookies Policy.
  2. Any changes or new terms will be made available through our Website.

 

This version of the Privacy and Cookies Policy is effective as of 23 June 2022.