In accordance with the provisions of the Data Protection Act, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation), hereinafter referred to as “GDPR”, Yellow Boson S.A. informs you that the controller of your personal data is: Rzymowskiego 53, 01-001 Warsaw, KRS No. 0000746465, NIP 5213838356, REGON 381139441. For any questions relating to the processing of your personal data, you can contact the data controller at: firstname.lastname@example.org.
Your personal data may be processed in accordance with the purpose for which it was collected, based on the following criteria:
article 6(1)(a) GDPR for one or more of the above purposes for which you have consented to the processing of personal data – to the extent included in the consent, unless the processing of personal data is based on another of the following grounds (e.g. consent to receive newsletters, registration for stationary events/trips organised by Yellow Boson S.A., e.g. training, and the provision of certificates/certificates of attendance);
6(1)(b) RODO for the purpose and to the extent necessary for the conclusion and performance of the contract to which the data subject is a party (only applicable in the case of the conclusion of a contract with Yellow Boson S.A. or the performance of acts at the request of the data subject prior to the conclusion of the contract), in particular the provision of services related to the shipment of the ordered goods, the preparation of accounting and customs documents, the processing of payments, the processing of complaints;
6(1)(c) of the VAT Act to fulfil the statutory obligations of the administrator, including obligations under the tax laws or other special laws (e.g. requirements for licensing and installation of gas appliances, requirements for filing documents, obligation to issue and keep accounting records);
6(1)(a) and (f) of the GDPR in order to respond to your request, call you back or deal with the matter with which you have contacted the controller, e.g. via a contact form, Facebook chat or email, for information and marketing activities, including direct marketing of the controller’s products and services, including via automated calling systems (in particular sending marketing and sales information about products, competitions, events, training, etc.), as well as invitations to events organised by the controller. direct marketing of products and services of the Controller, including via automated calling systems (in particular sending marketing and sales information about products, competitions, events, training, etc.), as well as invitations to events organised by the Controller.), as well as invitations to the Administrator’s events, advertising for the Administrator’s fan page), providing technical support for the Administrator’s products and services, checking your solvency and creditworthiness, e.g. when deciding whether to enter into a cooperation or grant a credit limit, as well as for securing payments due (guarantee agreements and other legal forms of security);
article 6(1), para. (f) RDPO for analytical and statistical purposes in accordance with the legitimate interest of the Administrator, which consists in particular in the need to carry out business and market analyses and to collect information on the preferences of business partners, inter alia. in order to develop or improve the products and services offered, to ensure the correct presentation of the content of the Operator’s website or profile on social networks, to ensure security and the possibility of rectifying any technical malfunctions, to control and analyse traffic on the website or Facebook fan page, to create personalised offers and advertisements, to display on the operator’s website data about the entities with which the operator cooperates, including indicating their location on a map, to record third-party visits to the company’s premises as part of preventive measures, e.g.. E.g. to prevent the spread of the COVID 19 epidemic;
6(1)(f) RDPO to protect the rights of Yellow Boson S.A., including the assertion or defence of claims, in particular the assertion of unpaid claims in the context of collection and legal proceedings.
If justified by the processing purpose mentioned above, your personal data may be transferred to third parties with whom the controller cooperates, such as: Providers of IT systems, hosting services, cloud services or other services related to IT systems and software, entities involved in the maintenance and technical operation of the controller’s website or email, monitoring and analysis of website traffic, administrators of social networks used by the controller, such as: Facebook, Instagram, LinkedIn, Twitter, companies providing services to Yellow Boson S.A.: e.g. accounting, legal, marketing, financial, accounting, tax, auditing, training, archiving, etc., postal service providers and couriers, banks for payment processing, debt collection companies, regional technical and commercial consultants, commercial agents, subcontractors (e.g. installation of photovoltaic systems), financial institutions offering financing to the company’s clients for the purchase of goods or services from Yellow Boson S.A.. (banks, leasing companies) and to bodies that are legally entitled to receive your data. As a general rule, your personal data will be kept for as long as necessary to fulfil the purpose for which it was collected, but at least for as long as required by the obligations imposed on the controller by law or until the expiry of the limitation period for any claims where the processing of personal data is necessary to enable the controller to bring, exercise or defend such claims. Subject to the foregoing, data processed on the basis of consent shall in principle be processed until consent is withdrawn or the activity to which the consent relates ceases, unless the controller has a compelling legitimate interest in the further processing which overrides the interests, rights and freedoms of the data subject.
The provision of personal data is mandatory where required by law and voluntary where necessary for the above purposes.
You can revoke your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of the processing carried out prior to the withdrawal, nor the possibility for the controller to process the data on another basis. Please revoke your consent in writing or by e-mail to: email@example.com.
In the cases provided for by law, you have the right to request information about the content of your personal data at any time, the right to rectification, erasure or restriction of processing, the right to object to processing and the right to data portability. You also have the right to lodge a complaint with the competent supervisory authority for the protection of personal data, i.e. the President of the Office for the Protection of Personal Data, if you believe that the processing of your personal data violates the provisions of the Personal Data Protection Act.
The administrator uses two types of cookies:
– performance cookies (which collect information about how visitors use the website, e.g. the most frequently visited pages or error messages, etc.)
– functional (storage of user settings, e.g. language, consent, etc.), e.g.
via google-analytics.com cookies – are used to compile statistics for the website;
o inspectlet.com cookies – used to determine how users use the website;
o Session cookies – this is temporary information that is stored in the browser’s memory until the session ends.
– on youtube.com – including user preferences and number of clicks;
– player.vimeo.com and av.vimeo.com – to allow you to log in, and cookies that advertisers use to personalise content and advertising formats.