Article 1. Privacy principles
a. Apart sp. z o.o. ul. Stara Droga 3, 62-002 Suchy Las,
b. E-R2 spółka z ograniczoną odpowiedzialnością S.K.A., ul. Powstańców Wielkopolskich 91, 62-002 Suchy Las;
c. E-R2 sp. z o.o., ul. Powstańców Wielkopolskich 91, 62-002 Suchy Las;
d. R2 Center sp. z o.o., ul. Powstańców Wielkopolskich 91, 62-002 Suchy Las
(hereinafter referred to jointly as "Apart Group").
2. The personal data controller, i.e. the entity from Apart Group that decides about the method of personal data use, shall be always the entity providing the service (or sale). In case of any doubts with respect to the identification of such entity, the regulations determining the principles for the provision of this service (or sale) specify precisely the personal data controller.
3. Controller shall select and apply appropriate technical and organisational measures ensuring protection of personal data processing with due diligence. Personal data concerning Customers and other persons whose data have been provided by the Customer are protected by the controller against their provision to unauthorised persons, and against any other cases of disclosure or loss or unauthorised modification of the indicated data and information.
4. The recipients of personal data are persons acting on behalf of Apart Group, responsible for handling website elixa.net and entities providing services in this respect for Apart Group (e.g. companies rendering Internet provision services, entities providing service). Recipients may also be entities authorised to receive data under applicable law, including competent judicial authorities.
Article 2. Basis of personal data processing
1. Providing the personal data is voluntary; however, failure to provide the data may hinder or prevent the proper execution of service or sale or provision of after-sales service.
2. Personal data are processed based on: a) Customer's acceptance of the regulations of a particular service or conducted sale, b) necessity to exercise the contract for the Customer or d) legitimate interest of the controller (e.g. protection against claims or in case of data of third parties provided by Customers - specification of the address for delivery of another person).
3. Controller my process personal data of third parties provided by Customers for the purposes of communication, recommendations, using controller's services, including in particular conclusion or exercising the agreement concluded through provided tools on website elixa.net. By entering such data the Customer declares that he/she has obtained from the data subject the necessary consent to provide his/her data to the controller.
4. Customer's data may be provided to other Customers in case when it is necessary to exercise the agreement.
Article 3. Scope of personal data processing
1. Personal data are processed by the controller according to the law and only for the purposes related to the controller's operations or operations of a company from Apart Group, including for the purpose of sales agreements conclusion and execution (handling transactions of Product sale, communication with Customers and complaints processing), conducting the loyalty programme, and archiving of the performed services or transactions.
2. Data provided by the Customer are used for sending information to Customers about Apart Group, the controller and controller's services, the execution of services provided by the controller, as well as for statistical purposes.
3. The controller may use IP addresses collected during Internet connections in order to protect the interests of Customers or to clarify facts when handling disputes, irregularities or abuses or for technical purposes related to server administration. Moreover, IP addresses are used to collect general, statistical demographic information (e.g. about the region from which the collection originates in order to determine the default language of the user interface for a given region).
4. Personal data are stored for a period necessary for the execution of orders or for maintaining the Customer's account at elixa.net After that period, data may be processed based on: legal obligations of the controller (e.g. within the scope of storage of accounting documents) or the legitimate interest (protection against claims that people may be entitled to against the controller).
5. When the Customer is using websites in elixa.net domain, IT records (cookies files) are recorded on the terminal device of the user (e.g. computer, laptop, smartphone, tablet) and used to store information for the functionality purposes - e.g. saving data and saving browsing preferences. The purpose of cookies is to facilitate browsing of the website resources during subsequent visits. The user can decide independently on which cookies and how are stored through the internet browser settings (commonly used: Mozilla Firefox, Internet Explorer, Google Chrome, Opera, Safari). Default settings of browsers allow for the storage of cookies files.
Article 5. Control of personal data processing
1. Controller shall ensure that the data subject can exercise the rights under the law, including the right of access to the content of the data subject's personal data, their rectification, changing, erasure or transfer, and also the right to request the restriction of the personal data processing and the right to object to such processing under the principles set forth in relevant regulations.
2. In case of granting voluntary consent on data processing, each person whose data are processed has the right to revoke the consent for data processing.
3. Any data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.
Article 6. Personal data transmission and provision
1. Customer's data may be provided to the entities authorised to receive them under applicable law, including to competent judicial authorities.
2. Personal data processed by an entity from Apart Group may be transferred between companies from Apart Group under an agreement for co-management.
3. Personal data of Customers may be provided to third parties - in cases not specified by the controller or the law - only with the consent of the data subject.
4. Personal data may be transferred to third countries (outside the EU countries) in connection with the Product delivery ordered by Customers.