The following Privacy Policy is an integral part of the Service Regulations, which sets out the rules, rights and obligations of Users using the Service.

§1 Definitions

• Service – the “MIROLA” internet service operating at the address https://mirola.pl
• External Service – internet services of partners, service providers or service recipients cooperating with the Administrator
• Service Administrator / Data Administrator – The Service Administrator and Data Administrator (hereinafter referred to as the Administrator) is the company “MIROLA Sp. z o.o.”, conducting business at the address: ul. Mikołowska 129, 43-180 Orzesze, with the assigned tax identification number (NIP): 6351001850, with the assigned KRS number: 0000962885, providing electronic services through the Service
• User – a natural person for whom the Administrator provides electronic services through the Service.
• Device – an electronic device with software through which the User gains access to the Service
• Cookies (cookies) – text data collected in the form of files placed on the User’s Device
• RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
• Personal Data – means information about an identified or identifiable natural person („the data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
• Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• Restriction of processing – means marking stored personal data with the aim of limiting their processing in the future
• Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
• Consent – of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
• Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
• Pseudonymisation – means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
• Anonymisation – Anonymisation of data is an irreversible process of operations on data that destroys / overwrites “personal data” making it impossible to identify, or link a given record to a specific user or natural person.

§2 Data Protection Inspector

Pursuant to Art. 37 of the RODO, the Administrator has not appointed a Data Protection Inspector.

In matters concerning the processing of data, including personal data, please contact the Administrator directly.

§3 Types of Cookies

• Internal Cookies – files placed and read from the User’s Device by the Service’s IT system
• External Cookies – files placed and read from the User’s Device by the IT systems of External Services. Scripts of External Services, which may place Cookies on Users’ Devices, have been consciously placed in the Service through scripts and services made available and installed in the Service
• Session Cookies – files placed and read from the User’s Device by the Service or External Services during a single session of a given Device. After the end of the session, the files are deleted from the User’s Device.
• Permanent Cookies – files placed and read from the User’s Device by the Service or External Services until they are manually deleted. The files are not automatically deleted after the end of the Device session unless the User’s Device configuration is set to delete Cookie files after the end of the Device session.

§4 Data Storage Security

• Mechanisms for storing and reading Cookie files – The mechanisms for storing, reading and exchanging data between Cookie files stored on the User’s Device and the Service are implemented through built-in mechanisms of internet browsers and do not allow for the downloading of other data from the User’s Device or data from other websites visited by the User, including personal data or confidential information. The transfer of viruses, Trojans and other worms to the User’s Device is also practically impossible.
• Internal Cookies – the Cookies used by the Administrator are safe for Users’ Devices and do not contain scripts, content or information that could threaten the security of personal data or the security of the Device from which the User is using the Service.
• External Cookies – The Administrator takes all possible actions to verify and select service partners in terms of User security. The Administrator chooses well-known, large partners with global social trust for cooperation. However, it does not have full control over the content of Cookies coming from external partners. The Administrator is not responsible for the security of Cookies, their content and their license-compliant use by scripts installed in the service, coming from External Services, to the extent permitted by law. A list of partners is included in the further part of the Privacy Policy.
• Control of Cookie files
  • The User may at any time, independently change the settings regarding the storage, deletion and access to data stored in Cookie files by each website
  • Information on how to disable Cookies in the most popular computer browsers can be found on the page: how to disable cookies or from one of the indicated providers:
    • Managing cookies in the Chrome browser
    • Managing cookies in the Opera browser
    • Managing cookies in the FireFox browser
    • Managing cookies in the Edge browser
    • Managing cookies in the Safari browser
    • Managing cookies in the Internet Explorer 11 browser
  • The User may at any time delete all Cookies stored so far by using the tools of the User’s Device, through which the User uses the Services.
• Threats on the User’s side – The Administrator uses all possible technical measures to ensure the security of data stored in Cookies. However, it should be noted that ensuring the security of this data depends on both sides, including the User’s activity. The Administrator is not responsible for the interception of this data, impersonation of the User’s session or its deletion, as a result of conscious or unconscious activity of the User, viruses, Trojans and other spyware, which may be or have been infecting the User’s Device. Users should follow the principles of increasing their cyber security in order to protect themselves against these threats.
• Storage of personal data – The Administrator ensures that all efforts are made to ensure that personal data voluntarily provided by Users is secure, access to it is limited and carried out in accordance with its purpose and the purpose of processing. The Administrator also ensures that all efforts are made to secure the data against loss, by using appropriate physical and organisational security measures.

§5 Purposes for which Cookies are used

• Improving and facilitating access to the Service
• Personalisation of the Service for Users
• Conducting statistics (users, number of visits, types of devices, links etc.)

§6 Purposes of processing personal data

Personal data provided voluntarily by Users is processed for one of the following purposes:

• Provision of electronic services:
• Communication of the Administrator with Users in matters related to the Service and data protection
• Ensuring the legally justified interest of the Administrator

Data about Users collected anonymously and automatically is processed for one of the following purposes:

• Conducting statistics
• Ensuring the legally justified interest of the Administrator

§7 Cookies of External Services

The Administrator uses scripts and web components of partners in the Service who may place their own cookies on the User’s Device. Remember that in your browser settings you can decide for yourself which cookies are allowed to be used by individual websites. Below is a list of partners or their services implemented in the Service, which may place cookies:

• Conducting statistics:
  • Google Analytics
• Other services:
  • Google Maps

Services provided by third parties are beyond the control of the Administrator. These entities may at any time change their terms of service, privacy policies, data processing purposes and methods of using cookies.

§8 Types of collected data

The Service collects data about Users. Some data is collected automatically and anonymously, and some data is personal data provided voluntarily by Users when registering for individual services offered by the Service.

Anonymous data collected automatically:

• IP address
• Browser type
• Screen resolution
• Approximate location
• Opening subpages of the service
• Time spent on a given subpage of the service
• Operating system type
• Previous page address
• Referring page address
• Browser language
• Internet connection speed
• Internet service provider

Data collected during registration:

• Name / surname / nickname
• E-mail address
• Residential address
• Phone number
• IP address (collected automatically)

Data collected when subscribing to the Newsletter service

• E-mail address

Some of the data (without identifying data) may be stored in cookies. Some of the data (without identifying data) may be transferred to the statistics service provider.

§9 Access to personal data by third parties

As a rule, the only recipient of personal data provided by Users is the Administrator. Data collected in connection with the provision of services is not transferred or sold to third parties.

Access to data (usually on the basis of a Data Processing Entrustment Agreement) may be held by entities responsible for maintaining the infrastructure and services necessary for the operation of the service, i.e.:

§10 Method of processing personal data

Personal data provided voluntarily by Users:

• Personal data will not be transferred outside the European Union, unless it has been published as a result of individual User action (e.g. entering a comment or post), which will make the data available to anyone visiting the service.
• Personal data will not be used for automated decision making (profiling).
• Personal data will not be sold to third parties.

Anonymous data (without personal data) collected automatically:

• Anonymous data (without personal data) will be transferred outside the European Union.
• Anonymous data (without personal data) will not be used for automated decision making (profiling).
• Anonymous data (without personal data) will not be sold to third parties.

§11 Legal basis for the processing of personal data

The Service collects and processes User data on the basis of:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  • art. 6 par. 1 lit. f
    processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
• Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2018, item 1000)
• Act of 16 July 2004 Telecommunications Law (Journal of Laws of 2004 No. 171, item 1800)
• Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws of 1994 No. 24, item 83)

§12 Period of processing personal data

Personal data provided voluntarily by Users:

As a rule, the indicated personal data is stored only for the period of providing the Service within the Service by the Administrator. They are deleted or anonymised within 30 days from the end of the provision of services (e.g. deletion of a registered user account, unsubscribing from the Newsletter, etc.)

An exception is a situation that requires securing legally justified purposes of further processing of this data by the Administrator. In such a situation, the Administrator will store the indicated data, from the time of requesting their deletion by the User, no longer than for a period of 3 years in the case of breach or suspicion of breach of the service regulations by the User

Anonymous data (without personal data) collected automatically:

Anonymous statistical data, not constituting personal data, is stored by the Administrator for the purpose of conducting service statistics for an indefinite period of time

§13 User rights related to the processing of personal data

The Service collects and processes User data on the basis of:

• Right of access to personal data
  Users have the right to obtain access to their personal data, implemented upon request submitted to the Administrator
• Right to rectification of personal data
  Users have the right to request the Administrator to immediately rectify personal data which is incorrect or / and to supplement incomplete personal data, implemented upon request submitted to the Administrator
• Right to erasure of personal data
  Users have the right to request the Administrator to immediately erase personal data, implemented upon request submitted to the AdministratorIn the case of user accounts, deletion of data consists in anonymising data enabling User identification. The Administrator reserves the right to suspend the implementation of the request for data deletion in order to protect the legally justified interest of the Administrator (e.g. when the User has committed a breach of the Regulations or the data was obtained as a result of conducted correspondence).
  In the case of the Newsletter service, the User has the possibility to independently delete their personal data by using the link placed in each sent e-mail message.
• Right to restriction of processing of personal data
  Users have the right to restrict the processing of personal data in cases indicated in art. 18 of the RODO, including questioning the correctness of personal data, implemented upon request submitted to the Administrator
• Right to data portability
  Users have the right to receive from the Administrator, personal data concerning the User in a structured, commonly used machine-readable format, implemented upon request submitted to the Administrator
• Right to object to the processing of personal data
  Users have the right to object to the processing of their personal data in cases specified in art. 21 of the RODO, implemented upon request submitted to the Administrator
• Right to lodge a complaint
  Users have the right to lodge a complaint with a supervisory authority dealing with the protection of personal data.

§14 Contact to the Administrator

The Administrator can be contacted in one of the following ways

• Postal address – MIROLA Sp. z o.o., ul. Mikołowska 129, 43-180 Orzesze
• E-mail address – info@mirola.pl
• Telephone contact – +48 32 32 36 400
• Contact form – available at: /contact

§15 Service Requirements

• Limiting the recording and access to Cookie files on the User’s Device may cause incorrect operation of some functions of the Service.
• The Administrator is not responsible for incorrectly functioning Service functions in the case where the User limits in any way the possibility of recording and reading Cookie files.

§16 External links

In the Service – articles, posts, entries or User comments may contain references to external websites with which the Service owner does not cooperate. These links and pages or files indicated under them may be dangerous for Your Device or pose a security threat to Your data. The Administrator is not responsible for the content located outside the Service.

§17 Changes to the Privacy Policy

• The Administrator reserves the right to make any changes to this Privacy Policy without the need to inform Users about it in the scope of applying and using anonymous data or using Cookie files.
• The Administrator reserves the right to make any changes to this Privacy Policy in the scope of processing Personal Data, about which it will inform Users having user accounts or subscribed to the newsletter service, by e-mail within 7 days from the change of the regulations. Further use of the services means getting acquainted with and accepting the introduced changes to the Privacy Policy. In the case where the User does not agree with the introduced changes, he/she is obliged to delete his/her account from the Service or unsubscribe from the Newsletter service.
• The introduced changes in the Privacy Policy will be published on this subpage of the Service.
• The introduced changes come into force from the moment of their publication.