Valid from [25.05.2018]
1.1 The data controller for data of the Website users is one of the local Wagon Service Ostróda entitiy (“WSO” or “Data Controller” or “Company”) .
1.2 The Data Controller undertakes to respect the confidential nature of the data col-lected when users use the Website.
1.3 The Data Controller respects the privacy of its customers/Website users and all visitors to the Website (including all its pages).
1.5 “Non-Personal Data” are information that is not personally identifiable, either alone or together with other information. WSO may collect some information about the user, such as age and sex, and also about the areas of the Website visited by the user. This information may be compiled and analysed, both for individuals and in aggregate. This information can cover: the Uniform Resource Locator (“URL”) of the website from which the user came and the URL they will visit next, the browser used, and the user’s IP address (“IP”). A URL is a global address of Internet sites and other resources. An IP address is an ID of a computer or device in a network using the Transmission Control Protocol/Internet Protocol (“TCP/IP”), such as the Internet. Networks use the TCP/IP protocol to send information on the basis of the IP address of the destination. In other words, an IP address is a number which is automatically assigned to the user’s computer when the user surfs the Internet, enabling Internet servers to locate and identify the user’s com-puter. Computers require IP addresses so that users can communicate online and surf the Internet.
2 Information collected by WSO
2.1 Personal Data
WSO may collect Personal Data if the user:
2.1.1 enquires about the services provided by WSO;
2.1.2 contacts WSO;
2.1.3 asks for information about WSO cars; or
2.1.4 sends information to WSO in another manner.
2.2 Non-Personal Data
This Website collects some non-personal information about the user. This process uses Clickstream technology, which may not be fully understandable to the user. Non-identifiable data are not combined with Personal Data.
3 Data processing rules
3.1 The personal data of the Website users will be processed in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repeal-ing Directive 95/46/EC (“GDPR”).
4 Data processing: Purposes and operations
4.1 The Data Controller collects data of the people who log into the Website, com-pleted the contact form or signed up for a newsletter.
4.2 The Personal Data of Website users will be processed for the purposes of admin-istrating the user account on the Website, communicating with the user, sending a newsletter and carrying out marketing activities, as well as for other purposes consistent with applicable laws, provided that it is required for the purposes of the agreement to provide electronic services in the form of administering an account for the user, and also for direct marketing of the Data Controller’s services, i.e. under Article 6.1(a), (b) and (f) of the GDPR.
4.3 Depending on the form of using the Website, a user may be asked to provide more or less information, including Personal Data, necessary to fulfil their re-quests.
4.4 The Personal Data of Website users will be stored until the user withdraws their consent to the newsletter and for the period necessary to perform the agreement to provide electronic services in the form of administering an account for the user, to which the user is a party, and after termination of the agreement, for 3 years in an archived form. The Data Controller will process the Personal Data provided by the user for the purposes of direct marketing for the duration and for 12 months after termination of the agreement, unless the user objects to the processing of their Personal Data for this purpose.
5 User rights
5.1 A user has the right to access their data and to modify them, request that they be deleted or the processing be limited, withdraw their consent to Personal Data pro-cessing if the Personal Data is processed on the basis of consent, object to pro-cessing, transfer the data provided and complain to the supervisory authority for personal data protection in case they conclude that the processing of the user’s Personal Data by the Data Controller is contrary to the provisions of the GDPR.
5.2 The provision of Personal Data is voluntary but necessary to perform the agree-ment. Refusal to provide data will make it impossible to enter into an agreement and to perform the agreements concluded with the Data Controller, and will pre-vent the Data Controller from performing such services as sending a newsletter.
5.3 Depending on the decision communicated when filling out the relevant form on the Website, the Personal Data provided, in particular the email address and the mobile number, may be used by the Data Controller to send commercial infor-mation.
5.4 Moreover, where separate consent is given, the Data Controller may periodically send a newsletter prepared by it to the email address provided by the user.
6 Information provided by WSO to other entities
6.2 WSO enters into agreements with other companies (e.g. website developers) who provide certain services to WSO in order to create/maintain this Website. In some cases, the partners can have access to Personal Data but they are contractually obliged to keep them secret and use them solely to provide services to WSO.
6.3 The agreements signed with those companies prohibit them from using the infor-mation provided by WSO for their own marketing purposes or provide that infor-mation to entities other than WSO.
6.4 The Data Controller entered into an agreement with the hosting company DATA Quest, concerning the processing of the Personal Data necessary to provide ser-vices related to details entered by the Website users in relevant contact forms (e.g. name, surname, address, email address). The Data Controller intends to provide data to the above-mentioned service provider after receiving them from users.
6.6 Notwithstanding the above rules, WSO may disclose a user’s Personal Data to relevant third parties if WSO is required to do so by law or believes that it is nec-essary:
6.6.1 to comply with obligations imposed by law (e.g. search order, court sum-mons or court order);
6.6.2 to protect the rights and property of the Company;
6.6.3 to analyse reports of fraud, users sending materials using a fake email address or users sending harassing, threatening or offensive messages;
6.6.4 to prevent improper or unauthorised use of this website; or
6.6.5 in emergencies, for example when WSO believes that the physical safety of a given person is or may be at risk.
8.1 Subject to the consent of the Website user, the Data Controller may store some information in cookies on the user’s computer.
8.2 Cookies are not used to obtain any information about the Website users Cookies used on the Website do not store any Personal Data or any other information col-lected from users. They are used to help user log in (e.g. save username when the user signs up or logs in), remember some preferences of the user, and support the Controller in improving the Website, among other things.
8.3 The Website uses two basic cookie types: session cookies and persistent cookies. Session cookies are temporary files stored on the user’s end device until the user logs out, leaves the website or closes the software (web browser). Persistent cookies are stored on the user’s end device for the time specified in the parame-ters of the cookies or until deleted by the user.
8.4 In many cases, the default settings of the web browsing software (web browser) enable cookie storage on the user’s end device. Website users may change their cookie settings at any time. These settings can be changed in particular to block automatic cookie handling, which requires changing the web browser settings, or to inform the Website user any time cookies are sent to their device. For detailed information on cookie handling, see your software (web browser) settings.
8.5 A user can give their consent referred to above through the settings of the soft-ware installed on their end IT device or the service configuration – i.e. to disable or restrict cookies, the user can change the settings of their web browser. However, this may result in incorrect operation of or lack of access to some pages of the Website.
8.6 The following types of cookies are used on the Website:
(a) strictly necessary cookies, which enable use of the services available on the Website, e.g. authentication cookies used for services that require authentication on the Website;
(b) cookies that ensure security, e.g. those used for detecting authentication abuses on the Website;
(c) performance cookies, which help us collect information about how the pages of the Website are used;
(d) functionality cookies, which remember choices made by the user and person-alise the interface, e.g. regarding language, the user’s region, font size, page de-sign, etc.;
8.7 The Data Controller informs you that restricting cookies can affect some functions of the Website.
8.8 For more information on cookies, visit http://www.allaboutcookies.org/.
9 Risk related to using the Website.
9.1 A user should be aware that data sent by the public telecommunications network between their device and the Website are not entirely safe. The Data Controller is unable to ensure full protection and safety for these data during communication with the Website. However, the Controller guarantees that it will take appropriate measures to secure the data sent to it by electronic means, in particular Personal Data provided by the user via online forms.
9.3 Therefore, the Data Controller bears no responsibility for the content directly or indirectly linked to from this Website or to which references are made on this Website. The sole responsibility for the content of such a site lies with the operator of the site linked to or site referred to on this Website. The Data Controller will remove links or references to sites containing illegal content immediately upon becoming aware of them and as soon as realistically possible.
9.4 The Data Controller shall not be responsible for posts or messages published or sent by forum users, published in visitors books or on mailing lists on this Website.
9.5 Some elements of the Website can be particularly interesting for children, but WSO has no intention to collect the Personal Data of persons under 13 years old. Should it turn out at any time that WSO collected any Personal Data of persons under 13, these Data will be immediately deleted.
10 Control transfer
10.1 Under certain circumstances the Data Controller may decide to sell or transfer some or all of its enterprise or assets. In such a case, users’ Personal Data may be transferred or provided to third parties by the Data Controller as part of or in connection with the planned transaction. In such situations, the Controller will en-sure that the third parties undertake to ensure adequate protection of the Personal Data collected through the Website. In addition, the Data Controller will inform Website users of such circumstances and the users will have the right to demand that their data be deleted.
11 Contacting us
Should you have any questions about the processing of Personal Data by the Data Con-troller, please contact the Data Controller:
Wagon Service Ostróda Sp. z o.o
Ul. 11-go Listopada 26
Tel: +48 89 642 74 00
Fax: +48 89 646 50 19