Privacy Policy

Privacy Policy

By using our services, you supply to us your personal data. The protection of the personal data of our Users is our upmost priority, that is why we make every effort to ensure their safety. This Privacy Policy clarifies the rules and scope in which we process our User’s personal data, presents our User’s rights and our duties as personal data Controller.

  1. Who Controls Your Personal Data?

The Controller of your personal data is Selena FM S.A. with registered office in Wrocław (53-611) ul. Strzegomska 2-4, registered in the National Court Register of the District Court in Wrocław-Fabryczna, VI Commercial Department of the National Court Register under KRS number: 0000292032 (herein: The Controller).

  1. Where Do We Store Your Personal Data?

The data we collect is stored within the European Economic Area (herein: EEA). Each transfer of personal data is performed in accordance with applicable laws. If data is transferred outside the EEA, the Controller applies standard contractual clauses and Privacy Shield, as means of protection in regard to countries which the European Commission has found to apply inadequate levels of data protection.

  1. Who Has Access to Your Personal Data?

We do not pass, sell or exchange your personal data with third parties for marketing purposes.

  1. What Are the Legal Grounds for Data Processing?

Personal data is processed in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (herein: GDPR).

At the time of collecting your personal data we will inform you of the legal grounds for its processing, of whether you are obliged to pass your personal data and of the possible consequences if you refuse to consent. We can process your data based on your consent, in order to perform the contract but also with regard to our legitimate interest. If we collect your personal data based on your consent, it is always fully voluntary, however, the lack of such consent disables such options as registering at our webpage.

  1. What Personal Data do We Collect?

We collect and process the following data (required to register the User and set up an Account): e-mail address, password, first name and surname, country of origin, the name of the company, Tax Identification Number and phone number.

We collect, process and use the personal data you submit to us voluntarily – and only when you agree to it.

The information you submit is processed particularly for the purpose of supplying our service properly. At the point of data collection you will always be informed of the grounds and purpose for which we collect your data.

  1. How do We Use Your Personal Data?

We only use the information you have provided in the way which is specified in this document, taking into account the type consent you have given. Before this information is used differently than specified in this document, we will inform you of the way and purpose for which it is to be used and in each case we will request your separate consent.

The User’s personal date is primarily used for the purpose of the proper maintenance of this webpage and the provision of service by electronic means, in particular:

– to conduct the registration process,

– to create an Account,

– to log into the Account,

– to provide service and ensure the proper functioning of the webpage,

– to enable contact between the service recipient and the service administrators.

Your personal data may be used for sending commercial information directly from the Service Provider and for sending the newsletter containing information on this service, new items and other information on the subject of this site – but only if you had expressed your consent during Registration.

We use Cookies in order to adapt the Service to your needs. You may refuse to give your consent to store the data you have entered and which you could use the next time you visit this website. Other website owners will not have access to data specified in this section. If you do not consent to personalise this website, you may disable Cookies by changing your browser settings. Details on Cookies are specified in our Cookies Policy, available here.

We follow general rules applied to Internet connections to use data from our system logs, e.g. the IP address. All data collected in system logs, including operating data which record your website activity, are used by the Service in accordance with applicable laws, in particular for technical and statistical purposes.

  1. How Long do We Store Your Personal Data?

We store your personal data over the period in which you use this Service, i.e. as long as you keep your Account. When you cancel your Account, your data will also be deleted.

  1. What Are Your Rights?

You have the following rights with regard to the processing of your personal data:

  • You can withdraw your consent at any time without stating the reason.

Your request may concern the purpose of the processing, e.g. you may withdraw your consent to receive marketing information, or it may address all purposes for which your data can be processed. Withdrawal of the consent to process your data for all purposes will result in the deletion of your account and we will no longer process your data. Withdrawal of the consent has no effect on past actions.

  • The right to access your data

You are entitled to request to receive information on what personal data we store on you at any time. In order to do so, please contact us by e-mail on [·] and you will receive that information by e-mail.

  • The right to transfer

When we process your personal data by automated means, based on your consent or agreement, you have the right to receive a copy of your personal data in a structured, commonly used and readable format. The copy can be sent to you or another data controller. Remember that this right is only applicable to the personal data provided.

  • The right to correct you data

You can request the correction of your personal data at any time if it is inaccurate and to supplement incomplete data. In order to effect this right, you can edit your personal data from your personal account or contact us by e-mail on rodo@selena.com and you will receive the confirmation of changes applied by e-mail.

  • The right to erase your data

You have the right to erase the data we are processing. We will inform you if such erasure is not possible.

  • The right to limit:

You have the right to request that we limit the scope of data processing under the following conditions:

– if you report that your personal data is incorrect, we must limit the processing until we verify its accuracy,

– if the processing is unlawful, you may not agree to the deletion of your personal data and instead, you may request that we limit its usage,

– if we no longer need your personal data but it is prerequisite that we keep it for the purpose of filing or dismissing a claim.

  1. How Can You Use Your Rights?

We are serious about protecting your personal data, that is why we have created a dedicated e-mail address to which you can send all your questions regarding your personal data. In order to do so, please contact us by e-mail on rodo@selena.com.

  1. Data Protection Officer:

In order to guarantee that your data is always processed in a transparent and lawful way, we have appointed a Data Protection Officer. In order to contact our DPO, please write an e-mail on: rodo@selena.com, adding in the subject “DPO”.

  1. What Can You Do if We Process Your Data Improperly?

If you believe that we process your data improperly, please contact us by e-mail on rodo@selena.com. You can also submit a complaint to the Inspector General for the Protection of Personal Data.

  1. Security Measures.

We make every effort to ensure the best possible protection of your personal data, in particular, from data loss, improper use, unauthorised access or disclosure.

We are accountable for ensuring the confidentiality of your Account access data – your e-mail and password.

Please report any suspicions regarding the threat of data breach or unauthorised access on: rodo@selena.com.

Despite of the use of advanced technical measures, we cannot fully guarantee the confidentiality of data stored and transferred on the Internet.

  1. Revision of Our Privacy Policy.

We cannot rule out that we will have to update our Privacy Policy in the future. The most recent version will always be available at our website. In addition, we will notify our users of every change in the content of this document, such as the change of the purpose for which we are using your personal data, ways of contacting us or your rights.

  1. Final Provisions.

If you do not accept the provisions of this document you should cease to use this Service and delete your Account.

This document will apply from 25.05.2018.

­­­
­­­

REALIZATION OF THE RIGHTS OF THE DATA SUBJECTS

1. It is our duty to ensure that the rights of data subjects that they have in connection with the processing of their personal data are respected. The implementation of the rights of persons burdens the persons responsible for individual data processing activities, which determine the manner of handling the applications of natural persons in this respect. Nevertheless, as part of our organization, any person who processes personal data may receive such a request, hence it is important to know the rights that the data subjects may pursue.

2. This paragraph describes key elements related to the exercise of the rights of data subjects, however, if such rights are exercised by those persons towards the Company, persons responsible for their implementation should strictly apply the provisions of Articles 16-22 of the GDPR.

3. Each person has the right to control the processing of data concerning him, contained in data files, in particular the right to:
1) obtain comprehensive information on the processing of data, and to determine the data controller, address of its registered office and full name,
2) obtain information about the purpose, scope and method of data processing,
3) obtain information as from when data concerning him or her is processed, until when it is planned to be processed and given in a generally understandable form the content of such data,
4) obtain information about the source from which the data relating to him or her originate, unless the Controller is obliged to keep confidential information secret or keep professional secret in this respect.,
5) obtain information on the method of data sharing, in particular information on the recipients or categories of recipients to whom these data are made available,
6) obtain information about the right to lodge a complaint to the supervisory authority,
7) obtain information on automated decision making, including profiling,
8) request rectification of inaccurate personal data,
9) request for the erasure of personal data concerning him or her, if circumstances arise from article 17 (1) of the GDPR (right to be forgotten),
10) demand from the controller restriction of processing, in the cases described in Article 18 (1) of the GDPR,
1) data portability in accordance with Article 20 of the GDPR,
11) when data processing takes place due to the legitimate interest of the Company, submitting:
a. written, motivated request to cease processing of its data due to its special situation,
b. object to the processing of his or her data, if the Controller intends to process it for marketing purposes or to transfer his or her personal data to another data controller.

4. In the event of a request for information about personal data being processed on a written application from the data subject, the reply must be made within 30 days from the date of its receipt. The answer may be given in writing or in another form indicated by the applicant.

5. The data subject may request information, not more often than once every six months. For any further copies requested by the data subject, the Company will charge a reasonable fee resulting from administrative costs.

6. If a person objects to the processing of his or her data, the information on objection is forwarded to the Personal Data Protection Coordinator. Further processing of the data in question is unacceptable. However, the Personal Data Protection Coordinator may leave in the collection the name and surname of the person, as well as the ID number or address only in order to avoid re-use of that person’s data for the purposes covered by the objection.

7. The data subject has the right to request the Company to erasure of personal data concerning him or her without undue delay and the Company shall have the obligation to erase personal data without undue delay if the conditions for sending such a request are met. If, during the course of the business, the Company  has made the personal data public, it takes reasonable steps, including available technology and implementation cost, including technical measures to inform the controllers processing this personal data that the data subject requests the erasure by such controllers of any links to, or copy or replication of, those personal data.. This does not apply to the transfer of data for the purpose of implementing legal provisions or pursuing claims.

8. Execution of the right to data portability may take place only when processing data on the basis of consent or for the purpose of contract performance. In this case, the data subject has the right to receive, in a structured, commonly used format, readable personal data about him or her that he or she has provided to the Company.

9.
TASKS OF PERSONS RESPONSIBLE FOR DATA PROTECTION

1. Responsible for data security are:
1) Controller,
2) Data Protection Officer, if established, and in the absence of his appointment Personal Data Protection Coordinator,
3) IT Network Administrator,
4) employees authorized to process personal data.

2. Tasks of the DPO / Personal Data Protection Coordinator include:
1) participating in the creation, implementation and interpretation of personal data protection documentation, standards, recommendations and procedures regarding the processing of personal data,
2) coordinating activities in the field of personal data protection,
3) monitoring compliance with the law on personal data, as well as the Policy and Instruction,
4) informing the Controller and employees who process personal data about their obligations under the law,
5) close cooperation with INA in the scope of establishing rules and supervision over the correctness of personal data processing in IT systems,
6) familiarize the persons employed in the processing of personal data with the provisions on the protection of personal data by conducting training,
7) keeping the Record of Processing Activities and Record of Processing Activities Category,
8) giving opinions on contracts regarding entrusting third parties with the processing of personal data,
9) undertaking appropriate actions in case of detection of violations or suspected security breaches,
10) participation in the Data Protection Impact Assessment,
11) contact with the supervision authority,
12) acting as a contact point for the supervisory authority in matters related to processing, including prior consultations referred to in Article 36 of the GDPR.

3. Tasks of IT Network Administrator include:
1) registering and unregistering system users,
2) changing the rights of system users,
3) compliance with the security procedures developed for the system,
4) maintaining the IT system in technical efficiency,
5) preventing access of unauthorized persons to the IT system in which personal data are processed,
6) configuring devices and software for processing personal data, as required,
7) updating and configuring the antivirus software,
8) responding to security breaches and removing their consequences,
9) supervision of proper use and servicing of devices and software,
10) keeping the system work log, which contains descriptions of all events relevant to the operation of the IT system, in particular in the event of a failure – description of the failure, cause of failure, damage resulting from a breakdown, failure removal method, description of the system after a breakdown, conclusions,
11) in the case of system maintenance – description of actions taken, conclusions,
12) making backup copies of IT databases in which personal data are processed and backup copies of information systems,
13) keeping technical documentation of systems,
14) informing the Controller or DPO about any events related to or likely to affect the security of the ICT system.

4. Employees, regardless of the legal relationship regulating the basis of their employment, are obliged to:
1) confidentiality of personal data to which they have access, as well as ways to secure this data, both during and after termination of the relationship,
2) compliance with internal regulations in force in the Company that involve the protection of personal data, including Policy and Instructions,
3) report noticed security incidents related to the protection of personal data.

We use cookies to facilitate the use of this service.
Modify the settings of your browser if you do not wish cookies to be saved on the hard drive of your computer. Read Privacy Policy. accept