Personal Data Processing Policy
This Personal Data Processing Policy of the Osowa Shopping Center in Gdańsk (hereinafter referred to as the “Policy” ) is informative.
In the event of doubts or contradictions between the Policy and the consents granted by a given person, regardless of the provisions of the Policy, the basis for the Administrator to undertake and define the scope of activities are always voluntarily granted consents or legal provisions. In the event of such a contradiction between the Policy and the content of the information clauses provided by the Administrator when collecting personal data, the information that the Customer should follow is provided to him under the aforementioned information clauses.
The website pays particular attention to respecting the privacy of users visiting the website in the domain www.chosowa.pl
The data collected in log logs is used only for the purposes of administering the website and delivering deliveries under the concluded distance contracts, if it results from the technical requirements of the website.
The administrator does not seek to identify users except for the requirements to fill in the forms necessary due to the provisions for the validity of individual activities having civil and legal effects. No identification data, for any purpose, is transferred to any third party, unless the User agrees to it as part of using the website or other services offered by Centrum Handlowe Osowa in Gdańsk.
Responsible entity and contact details
The administrator of personal data collected:
- via surveillance cameras
- through other sources or based on the consent of the Client
STAGE OSOWA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw at ul. Skaryszewska 7, 03-802 Warsaw, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of in Warsaw, 14th Commercial Division of the National Court Register under the number KRS 0000306183, NIP 5252426652:, REGON: 141446206, with share capital in the amount of PLN 7,389,300.00, hereinafter referred to as the “Administrator”
If you give additional consent, our partners may also be the data controllers obtained on the basis of your Internet activity using technologies such as cookies.
To contact us, write to the following address:
Legal basis for data processing
The Customer’s personal data is processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (Journal of Laws UE.L No. 119, p. 1) (hereinafter also: “GDPR” ) and other currently applicable, i.e. for the entire period of processing certain data, the provisions of the law on the protection of personal data. Personal data means information about an identified or identifiable natural person (hereinafter referred to as: “Personal Data”). An identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name and surname, identification number, location data, internet identifier or one or more specific physical, physiological, genetic, mental factors, the economic, cultural or social identity of a natural person.
The administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him are:
- processed in accordance with the law, fairly and in a transparent manner for the data subject;
- collected for specific, explicit and legitimate purposes and not further processed in a manner inconsistent with these purposes;
- adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- correct and updated as necessary;
- kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed;
- processed in a manner ensuring adequate security of Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.
As indicated in the introduction, being aware of the importance of the privacy of Customers, the Administrator protects not only website visitors, but also Customers who have provided their Personal Data to the Administrator using other communication channels, i.e .:
- the website https://www.facebook.com and any other websites marked or co-branded with Facebook (including subdomains, international versions, widgets and versions for mobile phones), the operating principles of which are based on the regulations made available in particular at https : //www.facebook.com/legal/terms , provided respectively by Facebook Inc. or Facebook Ireland Limited (hereinafter also: “Facebook page”), including using the Facebook Lead Ads function aimed at direct marketing of the Administrator’s own products or services. The rules for the protection and use of Personal Data by the Facebook Page are available, for example, at: https://www.facebook.com/policy.php . The administrator has no influence on the content of Facebook’s legal regulations, including those regarding Personal Data and enabling the Administrator to run advertising campaigns under Facebook, including contests.
Purpose of data processing
Each time, the purpose and scope of data processed by the Administrator result from the consent of the Customer or legal provisions and are further specified as a result of actions taken by the Customer or as part of other communication channels with the Customer. For example: The Customer’s Personal Data may be processed in order to grant, present or provide him with offers and promotions dedicated to him, as much as possible adapted to his preferences (which may have a significant impact on him) only if the Customer has consented to it (not available for people who have not given such consent);
Possible purposes of processing Customer Personal Data by the Administrator are in particular:
- receiving and considering complaints;
- conducting the competition, in particular selecting the winners of the competition and the implementation of prizes;
- presenting advertisements, offers or promotions (discounts) regarding products or services of the Administrator and its partners – the tenants of the Center (whose current list is provided on the website) intended for all recipients, in particular for the purpose of implementing the Newsletter agreement;
- assessment and analysis of the activity and information about the Customer, including as part of the automated processing of Personal Data (profiling), in order to present general advertisements, offers or promotions (discounts) regarding the products or services of the Administrator and its partners, in a manner tailored to the interests a given Customer (without significantly affecting his decisions), in particular for the purpose of implementing the contract for the provision of the Newsletter, as well as market and statistical analyzes;
- fulfillment of legal obligations resulting from regulations, e.g. tax and accounting regulations, especially in the case of paid contracts;
- conducting correspondence with customers, including replying to customer messages.
- In the case of an adult Customer, with his additional consent, Personal Data may also be processed in order to present, create, grant and implement advertisements, offers or promotions (discounts) dedicated to a given Customer regarding the Administrator’s and its partners’ products or services, to the highest possible extent adjusted to his preferences (profiling), as a result of automated decision-making, which may have legal effects on him or similarly significantly affect him (this option is not available to people who are underage or are of legal age, but have not consented to such action).
Data obtained by the Administrator
The Administrator may process, in particular, the following Personal Data of Customers:
- using the site:
- Personal Data provided in order to use the Newsletter, provided when using the contact form, or provided when submitting a complaint;
- Personal Data provided in order to participate in contests;
- other data, in particular obtained based on the Customer’s activity on the Internet, including those obtained through the website and or other communication channels with the Customer, using cookies and similar technologies,
- by completing the data contained in the Facebook Lead Ads form, the User provides the Administrator with the Personal Data indicated in the form, which may include in particular: name, surname, e-mail address, telephone number;
- by completing the data contained in the forms and enabling the Administrator to carry out advertising campaigns / contests as part of the Facebook website, the User provides the Administrator with the Personal Data indicated in the form, which may include in particular: name, surname, correspondence address, e-mail address, telephone number.
The scope of data necessary to perform the tasks and the consequences of not providing them
Providing Personal Data by the Customer is voluntary, but it is necessary to use certain functionalities, for example to subscribe to the Newsletter or use our forms.
Each time, the scope of required data is previously marked together with the purpose of processing as part of other communication channels with the Customer or in the Regulations. The consequence of not providing Personal Data may be the inability to effectively perform the above-mentioned activities.
The basis for the processing of the Customer’s Personal Data is primarily the need to perform the contract to which he is a party or the need to take action at his request before its conclusion (Article 6 (1) (b) of the GDPR). This primarily applies to Personal Data provided when subscribing to the Newsletter, if such will be directed to the Customers. Also in the case of Personal Data provided to us in connection with the complaint.
For other purposes (other than those listed above), the Customer’s Personal Data may be processed on the basis of:
- voluntarily expressed consents – e.g. persons entering competitions (Article 6 (1) (a) of the GDPR);
- applicable law – when processing is necessary to fulfill the legal obligation incumbent on the Administrator (Article 6 (1) (c) of the GDPR);
- necessity for purposes other than those listed above, resulting from legitimate interests pursued by the Administrator or by a third party, in particular to establish, investigate or defend claims, conduct correspondence with customers, also via contact forms (including replying to customer messages), market and statistical analyzes (Article 6 (1) (f) of the GDPR).
Profiling – matching the best possible offer to the customer.
For the purposes of presenting general advertisements, offers or promotions (discounts), intended for all Customers, in a manner adapted to the interests of a given Customer, the Administrator may read his preferences. This allows for a better understanding of the client’s expectations and adaptation to his needs, without significantly affecting his decisions. Thanks to the Administrator’s use of advanced technologies, the above activities will often be performed by the system in an automated manner, thanks to which the content sent will be the most up-to-date, and the Customer will be able to read them quickly.
In the case of adult customers, the aforementioned analysis of interests or preferences will also serve the purpose of creating, granting, implementing dedicated and possibly highly adapted advertisements, offers or promotions (discounts), in an automated manner, which may have legal or similar effects on them. influence it, potentially limiting access to them for other Clients (this option is not available to Clients who are not of legal age and have not consented to such actions of the Administrator).
The scope of your Danyc
Each time, the catalog of recipients of Personal Data processed by the Administrator results primarily from the scope of services used by the Customer.
The catalog of data recipients also results from the consent of the client or from legal provisions, and is made more precise as a result of actions taken by the website.
The Administrator’s partners may participate in the processing of Personal Data to a limited extent, in particular who technically help to efficiently run the website, including communication with our clients (e.g. they support us in sending e-mails, and in the case of advertising activities – also in marketing campaigns. ), providers of hosting services or ICT services, companies that provide software, support the Administrator in marketing campaigns, as well as providers of legal and advisory services.
Your data protection rights – Information
Each client is entitled at any time to:
- lodging a complaint to the President of the Personal Data Protection Office;
- transfer the Personal Data that he provided to the Administrator and which are processed in an automated manner, and the processing takes place on the basis of consent or on the basis of a contract, e.g. to another administrator;
- access to Personal Data (including, for example, receiving information which Personal Data is processed);
- request for rectification and restriction of processing (e.g. if Personal Data is incorrect) or deletion of Personal Data (e.g. if they were processed unlawfully);
- withdraw any consent given to the Administrator at any time, but the withdrawal of consent does not affect the processing carried out by the Administrator in accordance with the law before its withdrawal.
- object to the processing of Personal Data concerning him, carried out in order to implement the legitimate interests of the Administrator or a third party, including in particular processing for marketing purposes, including profiling (if there are no other valid, legitimate grounds for processing overriding the interests of the Customer).
Data storage period
Personal Data may be stored in the case of marketing activities – until the Customer raises an objection, and if they are related to cookies and similar technology, depending on technical issues, until these files are deleted using the browser / device settings (while deleting the files does not it is always the same as deleting Personal Data obtained through these files, hence the possibility of objection).
If the processing of Personal Data depends on the consent of the Customer, Personal Data may be processed until it is withdrawn.
In each case:
- Personal data will also be stored when legal regulations (e.g. accounting or tax regulations) oblige the Administrator to process them;
- We will store Personal Data longer in case the Customer has any claims against the Administrator, in order to pursue claims by the Administrator, or to assert or defend against claims of third parties, for the period of limitation specified by law, in particular the Civil Code.
Depending on the scope of Personal Data and the purposes of their processing, they may be stored for a different period of time.
In each case, the longer period of storage of Personal Data is decisive.
Data change requests
You can contact the Administrator at any time by sending a message by traditional mail or e-mail to the Administrator’s address indicated at the beginning of the Policy, as well as as part of the Facebook website at the profile https://www.facebook.com/CHOsowa
The Administrator stores correspondence for statistical purposes and for the best and fastest response to emerging inquiries, as well as in the scope of complaint settlements and possible decisions on administrative interventions in the indicated Account made on the basis of notifications. Addresses and data collected in this way will not be used for communication for purposes other than the implementation of the application.
In the event of contact with the Administrator in order to perform specific actions (e.g. submitting a complaint using the form), the Administrator may again request the person to provide data, including personal data, e.g. in the form of name, surname, e-mail address, etc. ., in order to confirm its identity and enable return contact in a given case and perform the requested action. Providing this data is not obligatory, but it may be necessary to perform activities or obtain information that is of interest to a given person.
Collection of data
In accordance with the accepted practice of most websites, we store HTTP queries directed to our server. The browsed resources are identified by URL addresses. The exact list of information stored in the web server log files is as follows:
- public IP address of the computer from which the query came (it can be directly the user’s computer)
- name of the client’s station – identification performed by the http protocol, if possible,
- username provided in the authorization process,
- time of arrival of the inquiry,
- the first line of the http request,
- http response code
- the number of bytes sent by the server
- URL address of the page previously visited by the user (referrer link) – if the website was accessed via a link,
- information about the user’s browser.
- information about errors that occurred during the execution of the http transaction
These data are not associated with specific people browsing the website www.chosowa.pl with the reservation, beyond the necessary scope of the contract. To ensure the highest quality of the website, we occasionally analyze log files to determine which pages are visited most often, which web browsers are used, whether the website structure is error-free, etc.
Use of data
The collected logs are stored for an indefinite period of time as auxiliary material used to administer the website. The information contained therein is not disclosed to anyone except those authorized to administer the server. Based on the log files, statistics can be generated to help in administering and improving the operation of the website. Collective summaries in the form of such statistics do not contain any features that identify visitors to the website.
Cookies mechanism on the WEBSITE’s websites www.chosowa.pl
The cookie mechanism is not used to obtain any information about website users or to track their navigation. Cookies used on the website www.chosowa.pl do not store any personal data or other information collected from users.
The website may periodically use a session cookie called INFO to record the fact that the selected information has been read. The cookie is created to limit the emission of periodically appearing advertisements. Thanks to the use of a cookie file, the information is displayed only once for one user session and does not appear again after switching to the next page. The aforementioned session cookie, if it is created, occurs at a specific time, only for the time the website is visited by the user. Closing the browser window with the website website. www.chosowa.pl deletes the created file.
The www.chosowa.pl website may use three different session cookies, which are created and exist only during the browser session. They are necessary for the proper functioning of individual elements of the website. The purpose and content of these files is as follows:
|Cookie name||Type||Purpose and content|
|GSES||Session||Stores a numeric value used by the counter of visited pages.|
|RUMPUS||Session||It stores information about the version of the platform used by the user and its language version for the duration of the session.|
|JSESSIONID||Session||Stores the session ID. It is necessary to maintain the consistency of the completed application. It is only assumed if the connection is encrypted with the SSL protocol.|
A cookie file that is created and exists only during the browser session and is necessary for the proper functioning of individual elements of the website. The purpose and content of the file are as follows:
|Cookie name||Type||Purpose of saving|
|MoodleSession||Session||Stores the session ID. It is necessary to store information about being logged in to the website.|
A cookie file that is created and exists only during the browser session and is necessary for the proper operation of logging to the website. The purpose and content of the file are as follows:
|Cookie name||Type||Purpose of saving|
|PHPSESSID||Session||Stores the session ID. It is necessary to store information about being logged in to the website.|
A cookie file that is created and exists only during the browser session and is necessary for the proper functioning of the security used in the email address registration form. The purpose and content of the file are as follows:
|Cookie name||Type||Purpose of saving|
|PHPSESSID||Session||Stores the session ID. It is necessary to check if the visitor is not an automatic script filling in the form.|
Links to other sites
The administrator, taking into account the state of technical knowledge, the cost of implementation as well as the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different probability and severity of the threat, applies appropriate technical and organizational measures ensuring protection of the Personal Data processed, appropriate to the threats and data categories. protected, and in particular, protects the data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable laws and change, loss, damage or destruction.Providing information on the technical and organizational measures applied to ensure the protection of processing externally may weaken their effectiveness, thus jeopardizing the proper protection of Personal Data.
This version of the Personal Data Protection Policy is effective from April 1, 2022.