PRIVACY POLICY

 

I. INTRODUCTION

  1. The controller of personal data collected, in particular, through a website operating at https://www.gkpge.pl/pge-baltica (hereinafter referred to as: Site), i.e. the entity deciding on how your personal data will be used, is PGE Baltica Sp. z o.o. with its registered office at ul. Mokotowska 49, 00-542 Warsaw (hereinafter referred to as: the Controller). You may contact the Controller by phone: 22 340 50 60 and by e-mail address: sekretariat.pgebaltica@gkpge.pl.

The controller shall be responsible for the security of the personal data providedand for the processing thereof in accordance with the provisions of law.

  1. The Controller has appointed the Data Protection Officer (hereinafter referred to as: DPO) who can be contacted in matters related to the processing of personal data and the exercise of rights of users in accordance with the provisions of law on personal data protection via e-mail address: iod.pgebaltica@gkpge.pl.
  2. Your data shall be processed pursuant to the provisions of Regulation (EU) 2016/679of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: the GDPR), and other generally applicable provisions of law on personal data protection.
  3. While visiting the Site, the following shall be collected:
    1. personal data provided by the Site user,
    2. data collected and recorded automatically.
  4. The purpose and scope of the personal data used by the Controller have been further specified in the Privacy Policy.

II. DATA COLLECTED – BASIC INFORMATION

  1. The following information shall apply to all uses by the Controller of the personal data provided by you, as specified in sections III and IV.
  2. Your data shall not be used to decision-making based solely on automated processing of personal data, including profiling within the meaning of Article 22 of the GDPR.
  3. Subject to all data security guarantees, personal data processed through the Website may be transferred - in addition to persons authorized by the Controller - to other entities, includingthe following:
    1. the entities entitled to obtain it in accordance with the provisions of law,
    2. entities processing them on behalf of the Controller, e.g. technical and hosting service providers, analytical service providers, counselling service providers,
    3. to other data controllers to the extent necessary for the performance of the agreement, provision of services and legal requirements, e.g. to notary or legal offices, contractors providing services to the Controller on the basis of concluded agreements.
  4. The Controller hereby informs that your personal data shall not be transferred to countries outside the European Economic Area.
  5. The Controller hereby informs that in connection with the processing of personal data obtained through the Site, each data subject shall have the right to submit an application concerning:
    1. access to data (information on the processing of personal data or a copy of data),
    2. rectification of data (should they be found incorrect),
    3. deletion of personal data (the right to be forgotten),
    4. restriction of the processing of personal data,
    5. transferring of data to another controller,
    6. objecting to the processing of personal data where the basis for the processing is the data Controller’s legitimate interest,
    7. withdrawal of consent if the Controller processes personal data on the basis of consent, at any time and by any means, without affecting the lawfulness of processing basedon consent before its withdrawal

– in accordance with the principles set out in the GDPR.

  1. Each and every data subject has the right to lodge a complaint with the supervisory authority (President of the Office for Personal Data Protection, https://uodo.gov.pl/pl/83/155) if they believe that the processing of personal data is carried out against the provisions of law.
  2. The data was obtained by the Controller directly from you. The Controller may also process:
  1. data of third persons provided by the user while using the services described in this privacy policy,
  2. personal data obtained from entities with which the Controller cooperates on the basisof concluded agreements (e.g. business data of employees to be contacted for purposes related to the performance of the agreement),
  3. personal data obtained from entities and third parties cooperating with the Controller, whereas the data have been rendered available to the Controller on the basis of your consent,
  4. data obtained from publicly available sources, e.g. from the National Court Register, Central Register and Information on Economic Activity, websites, social media.

III. PERSONAL DATA PROVIDED BY THE USER

III. A. E-MAIL OR TELEPHONE CONTACT

  1. The Controller shall process personal data, in particular first and last name and contact telephone number or e-mail address and other information provided by you, to the extent necessaryto handle requests and execute an inquiry, including communication and answeringquestions asked via the contact telephone number and e-mail address provided on the Site(legal basis - Article 6 (1) (f) of the GDPR) - "legitimate interest".
  2. The Controller shall have the right to process personal data for the period necessary to execute the inquiry, including to respond to communication sent or the request/question submitted during the telephone conversation.
  3. The provision of data is voluntary, however it is necessary in order to respond to the submitted question or for the proper handling of the request and the execution of the inquiry. Failureto provide personal data may result in the inability to provide an answer or execute an inquiry.

III. B. MARKETING COMMUNICATION

  1. The Controller shall process your personal data in order to carry out:
    1.  marketing communication via means of electronic communication (in particular electronic mail, telephone calls, SMS messages, RSS channels) on the basis of a separate consent to the processing of data for this purpose (legal basis – Article 6 (1) (a)of the GDPR) – "consent";
    2. direct marketing, including sending information on products and servicesof the Controller and entities from the PGE Group and partners cooperating withthe Controller (legal basis - Article 6 (1) (f) of the GDPR) - "legitimate interest",

taking into account the provisions of the Telecommunications Law and the provisionsof the Act on Providing Services by Electronic Means.

  1. Providing data to receive marketing communication via the selected communication channel is voluntary, however necessary to receive commercial information. Failure to provide personal data will result in the unavailability of marketing content to be received.
  2. The Controller shall have the right to process personal data for the period necessary to execute the aforementioned purposes. Depending on the legal basis, this shall be respectively:
  1. time until the objection is made,
  2. time until the consent is withdrawn.
  1. Withdrawal of consent may take place in particular by contacting the Controller or the DPO(via the contact channels indicated herein above). Withdrawal of the consent shall not affectthe lawfulness of the use of data during the period when such consent was in force.

IV. AUTOMATICALLY COLLECTED DATA

  1. Using the Site involves sending queries to the server, which are automatically recorded in event logs.
  2. Event logs shall record user session data. In particular, these are: IP address, type and nameof the device, date and time of visit to our Site, information about the web browserand operational system.
  3. The data recorded in event logs shall not be associated with the particular individuals.
  4. The contents of event logs shall be made accessible to persons authorized by the Controllerto administrate the Site.
  5. Chronological recording of information about events shall only be construed as an auxiliary material used for administrative purposes. The analysis of event logs enables, in particular,the detection of threats, ensuring adequate security of the Site and the generation of statisticsin order to better understand how the users use the Site.
  6. User session data are used to diagnose problems with the functioning of the Site and to analyze possible security breaches, to manage the Site and to generate statistics (legal basis - Art. 6 (1) (f) of the GDPR) - "legitimate interest".
  7. The Site uses cookies for its operation. For more information on this issue, please referto the "Cookies Policy" available at: https://www.gkpge.pl/pge-baltica-en/privacy-policy.

V. FINAL PROVISIONS

  1. This privacy policy is for information purposes only and applies in particular to the website operating at https://www.gkpge.pl/pge-baltica.
  2. The Site may contain links to other websites, including websites of companies from the PGE Capital Group cooperating with the Controller of partners, service providers and other external entities (e.g. LinkedIn, Facebook, Twitter, Marketplanet OnePlace purchasing platform).The Controller recommends that each user, after switching to other websites, should read privacy policies in force there.
  3. The Controller reserves the right to introduce changes to the applicable privacy policy,in particular in the case of:
    1. technological advancements,
    2. changes/amendments to generally applicable provisions of law, including personal data protection and/or information security,
    3. Site development.
  4. The Controller shall notify users of changes in the content of the privacy policy by posting a notice on the Site.

 

gkpge_baltica_site