This Privacy Policy is an integral part of the Service Terms and Conditions, which define the rules, rights, and obligations of Users using the Service.
1. What definitions do we use in our Privacy Policy?
In our Privacy Policy, we use general definitions that facilitate the understanding of the Policy’s content. Below, we present the definitions of these terms.
- Service – the website “MIROLA” operating at the address https://mirola.pl
- External Service – websites of partners, service providers, or recipients collaborating with the Administrator
- Service Administrator / Data Administrator – The Service Administrator and Data Administrator (hereinafter referred to as the Administrator) is the company “MIROLA Sp. z o.o.”, operating at the address: ul. Mikołowska 129, 43-180 Orzesze, with the tax identification number (NIP): 6351001850, with the KRS number: 0000962885, providing electronic services through the Service
- User – a natural person for whom the Administrator provides electronic services through the Service.
- Device – an electronic device with software, through which the User accesses the Service
- Cookies – text data collected in the form of files placed on the User’s Device
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Personal Data – means information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person
- Processing – means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
- Restriction of Processing – means the marking of stored personal data with the aim of limiting their processing in the future
- Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements
- Consent – means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them
- Personal Data Breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed
- Pseudonymisation – means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
- Anonymisation – Anonymisation of data is an irreversible process of operations on data that destroys/overwrites “personal data,” making it impossible to identify or link a specific record to a particular user or natural person.
2. Why do we apply a Privacy Policy, and what regulations oblige us to do so?
The obligation to include information about the processing of personal data on the website arises from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the EU L 119, 4.5.2016, p. 1–88, referred to as “GDPR.”
3. Information about the Data Protection Officer
Under Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.
3.1. Who can I contact regarding my personal data, and how?
You can find this information in point 15 of this Privacy Policy.
3. What are cookies, and what are they used for?
- Internal Cookies – files placed and read on the User’s Device by the Service’s IT system
- External Cookies – files placed and read on the User’s Device by the IT systems of external services. Scripts of external services that may place cookies on Users’ Devices have been deliberately included in the Service through scripts and services provided and installed in the Service
- Session Cookies – files placed and read on the User’s Device by the Service during a single session of the Device. After the session ends, the files are deleted from the User’s Device.
- Persistent Cookies – files placed and read on the User’s Device by the Service until they are manually deleted. The files are not automatically deleted after the Device’s session ends, unless the User’s Device is configured to delete cookies after the session ends.
5. Is my personal data secure?
- Mechanisms for storing and reading cookies – The mechanisms for storing, reading, and exchanging data between cookies stored on the User’s Device and the Service are implemented through the built-in mechanisms of web browsers and do not allow the retrieval of other data from the User’s Device or data from other websites visited by the User, including personal data or confidential information. The transfer of viruses, Trojan horses, and other worms to the User’s Device is also practically impossible.
- Internal Cookies – The cookies used by the Administrator are secure for Users’ Devices and do not contain scripts, content, or information that could compromise the security of personal data or the security of the Device used by the User.
- External Cookies – The Administrator makes every effort to verify and select the Service’s partners in terms of User security. The Administrator chooses well-known, large, and globally trusted partners. However, it does not have full control over the content of cookies from external partners. The Administrator is not responsible for the security of cookies, their content, or their licensed use by scripts installed in the Service, originating from external services, to the extent permitted by law. The list of partners is provided later in the Privacy Policy.
- Cookie Control
- The User can at any time change the settings regarding the storage, deletion, and access to data stored by cookies for each website
- Information on how to disable cookies in the most popular browsers is available on the page: how to disable cookies or from one of the following providers:
- The User can at any time delete all cookies stored so far using the tools of the User’s Device through which they use the Service’s services.
- Risks on the User’s side – The Administrator uses all possible technical means to ensure the security of data stored in cookies. However, it should be noted that the security of this data depends on both parties, including the User’s activities. The Administrator is not responsible for the interception of this data, the hijacking of the User’s session, or their deletion due to the User’s intentional or unintentional actions, viruses, Trojan horses, or other spyware that may have infected or could infect the User’s Device. Users should follow the rules to enhance their cybersecurity to protect themselves against these threats.
- Storage of personal data – The Administrator ensures that it makes every effort to ensure that the personal data processed and voluntarily provided by Users are secure, access to them is limited, and they are processed in accordance with their purpose and the objectives of processing. The Administrator also ensures that it makes every effort to secure the data in its possession against loss by using appropriate physical and organisational security measures.
6. For what purposes do we use cookies?
- Improving and facilitating access to the Service
- Personalising the Service for Users
- Conducting statistics (users, number of visits, types of devices, connection, etc.)
7. For what purpose do we process the personal data entrusted to us?
Providing personal data by Users of the Service is voluntary. If the User decides not to provide personal data, the Service’s functionality remains unchanged, except for forms whose completion is necessary for their proper functioning.
Personal data voluntarily provided by Users are processed for one of the following purposes:
- Provision of electronic services:
- Communication between the Administrator and Users regarding the Service and data protection
- Safeguarding the legitimate interest of the Administrator
- Sending responses to questions submitted in forms
- Sending newsletters
Some personal data that are not required to contact the User are collected anonymously and automatically processed for the following purposes:
- Conducting statistics
- Improving the Service’s functionality
- Safeguarding the legitimate interest of the Administrator
8. Information about cookies from external services
The Administrator uses JavaScript scripts and web page elements from partners in the Service, which may place their own cookies on the User’s Device. Remember that in your browser settings, you can decide which cookies are allowed to be used by individual websites. Below is a list of partners or their services implemented in the Service that may place cookies:
- Conducting statistics:
- Other services:
Services provided by third parties are beyond the control of the Administrator. These entities may change their terms of service, privacy policies, purposes of data processing, and methods of using cookies at any time.
9. What data do we collect?
The Service collects data about Users. Some data is collected automatically and anonymously, while some data is personal data voluntarily provided by Users when registering for the various services offered by the Service.
Automatically collected anonymous data:
- IP address
- Browser type
- Screen resolution
- Approximate location
- Pages opened in the Service
- Time spent on the relevant page of the Service
- Operating system type
- Type of end device
- Address of the previous page
- Address of the referring page
- Browser language
- Internet connection speed
- Internet service provider
Data collected during registration:
- Name / surname / pseudonym
- Email address
- Residential address
- Phone number
- IP address (collected automatically)
Data collected when subscribing to the Newsletter service
- Email address
Some data (without identification data) may be stored in cookies. Some data (without identification data) may be transferred to the statistics service provider.
10. Which personal data do external companies have access to?
As a rule, the only recipient of personal data provided by Users is the Administrator. Data collected as part of the services provided are not transferred or sold to third parties.
Access to data (usually under a data processing agreement) may be granted to entities responsible for maintaining the infrastructure and services necessary to operate the Service, including:
- The Service hosting administrator
- Business partners who prepare marketing materials for the newsletter
- Online store administrators
- Service administrators
11. What do we do with your personal data, and how do we process it?
Personal data voluntarily provided by Users:
- Personal data will not be transferred outside the European Union unless they have been published as a result of an individual action by the User (e.g., entering a comment or post), which will make the data accessible to anyone visiting the Service, in accordance with legal requirements and to protect the User’s interests.
- Personal data will not be used for automated decision-making (profiling).
- Personal data will not be sold to third parties.
Automatically collected anonymous data (without personal data):
- Anonymous data (without personal data) will be transferred outside the European Union.
- Anonymous data (without personal data) will not be used for automated decision-making (profiling).
- Anonymous data (without personal data) will not be sold to third parties.
12. What legal basis allows us to process your personal data?
The Service collects and processes Users’ data on the basis of:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
- Article 6(1)(f)
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
- Article 6(1)(f)
- Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)
- Act of 16 July 2004 on Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
- Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)
13. How long do we process your personal data?
Personal data voluntarily provided by Users:
As a rule, the indicated personal data are stored only for the duration of the provision of services within the Service by the Administrator. They are deleted or anonymised within 30 days of the termination of the service (e.g., deletion of a registered user account, unsubscribing from the newsletter, etc.).
An exception is made in cases where it is necessary to safeguard the legitimate interests of the Administrator for further processing of these data. In such a case, the Administrator will store the indicated data, from the time of the User’s request for deletion, for no longer than 3 years in the event of a breach or suspected breach of the Service’s terms and conditions by the User.
Automatically collected anonymous data (without personal data):
Anonymous statistical data, which do not constitute personal data, are stored by the Administrator for the purpose of Service statistics for an indefinite period.
14. What rights do you have regarding the processing of personal data?
- Right of access to personal data
Users have the right to obtain access to their personal data, upon request to the Administrator - Right to rectification of personal data
Users have the right to request the Administrator to immediately rectify inaccurate or incomplete personal data, upon request to the Administrator - Right to erasure of personal data
Users have the right to request the Administrator to immediately erase their personal data, upon request to the Administrator. In the case of user accounts, the deletion of data involves the anonymisation of data enabling the identification of the User. The Administrator reserves the right to suspend the execution of the deletion request to protect the legitimate interests of the Administrator (e.g., if the User has violated the Terms and Conditions or if the data were obtained as a result of correspondence).
In the case of the Newsletter service, the User can delete their personal data themselves using the link provided in each email sent. - Right to restriction of processing
Users have the right to restrict the processing of their personal data in the cases specified in Article 18 of the GDPR, including when the accuracy of the personal data is contested, upon request to the Administrator - Right to data portability
Users have the right to receive from the Administrator their personal data in a structured, commonly used, and machine-readable format, upon request to the Administrator - Right to object to processing
Users have the right to object to the processing of their personal data in the cases specified in Article 21 of the GDPR, upon request to the Administrator - Right to lodge a complaint
Users have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data.
15. Contact with the Administrator
You can contact the Administrator in one of the following ways:
- Postal address – MIROLA Sp. z o.o., ul. Mikołowska 129, 43-180 Orzesze
- Email address – info@mirola.pl
- Phone call – +48 32 32 36 400
- Contact form – available at: /contact
16. Service requirements
- Restricting the storage and access to cookies on the User’s Device may cause some functions of the Service to malfunction, but this will not result in legal consequences and will not be grounds for any claims by the User against the Administrator and the Service Owner.
- The Administrator is not responsible for the malfunctioning of the Service’s functions if the User restricts the ability to store and read cookies in any way.
17. Information about external links
In the Service – articles, posts, entries, or comments by Users – there may be links to external websites with which the Service Owner does not cooperate. These links and the pages or files they point to may be dangerous for your Device or pose a threat to the security of your data. The Administrator is not responsible for the content located outside the Service.
18. Can the provisions of the Privacy Policy be changed?
- The Administrator reserves the right to change this Privacy Policy at any time without informing Users about the use and processing of anonymous data or the use of cookies.
- The Administrator reserves the right to change this Privacy Policy regarding the processing of Personal Data, of which Users with user accounts or subscribed to the newsletter service will be informed by email within 7 days of the changes. Continued use of the services means that you have read and accepted the changes to the Privacy Policy. If the User does not agree with the changes made, they are obliged to delete their account from the Service or unsubscribe from the Newsletter service.
- Changes to the Privacy Policy will be published on this page of the Service.
- Changes will take effect upon their publication.