THE POLICY OF PROTECTING PRIVACY IN AUTO23.AUTOLINE.COM.PL
Taking care of the security of Users’ personal data, we hereby provide the information on what exactly happens to personal data in auto23.autoline.com.pl internet service, what rights Users have and what regulations protect Users and their personal data.
Personal data comprise all information concerning an identified or identifiable individual (Article 6 point 1 of GDPR).
Providing personal data is voluntary, however, failure to provide data marked as necessary for the provision of a service for the User shall result in inability to provide such a service.
All personal data are collected and stored in auto23.autoline.com.pl internet service in accordance with the provisions of law, especially with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. General Data Protection Regulation (hereinafter: GDPR)
1. PERSONAL DATA ADMINISTRATOR
The personal data controller is Linemedia spółka z ograniczoną odpowiedzialnością [limited liability company], with its registered office in Nowy Sącz (ul. Józefa Ignacego Kraszewskiego 6, 33-300 Nowy Sącz), entered into the register of enterprises of the National Court register (KRS) run by the District Court for Kraków – Śródmieście in Kraków, XII Economic Division of National Court Register under KRS number: 0000476294, NIP (Tax Identification Number): 7343521044, REGON (National Business Register: 122904767, with share capital of PLN 5,000, whom the User can contact via a form included in the Contacts tab.
The Controller protects personal data from making it available to unauthorised persons and from processing it in a way which violates the valid provisions of law.
2. PROCESSING PERSONAL DATA
The auto23.autoline.com.pl service collects the following personal data:
1. ACCOUNT DATA – in order to set up an account the User must provide the information identifying the User, including their contact data:
- registration using the GOOGLE account (inter alia name and surname, email address/phone number);
- registration using the FACEBOOK account (inter alia name and surname, profile photo, email address/phone number, FACEBOOK ID identification number);
- registration using LINKEDIN account (inter alia name and surname, email address/phone number);
- registration using the email address (inter alia email address/phone number).
According to their choice, Users have a possibility to create a profile within the Account, which may include additional information on the User, such as location, name and surname, phone number and related data, including photos, which might be sent by the User to their account. The account allows Users to communicate with each other in order to express their interest in the offers.
Users are responsible for all information published by them on public accounts.
User can request deletion of their account and all stored personal data by going to the section “open account menu in the top / Settings / Delete account” or by writing an email request to firstname.lastname@example.org
The User should carefully consider all the risks associated with the fact that they make certain information, in particular, the address or information about their exact location, publicly available. One of such risks can be, for example, the possibility of identifying the User by other persons, the loss of some privacy, and in extreme cases, the theft of identity.
If the User decides to enter the site using the third-party authentication service, for example Facebook information, the Controller may receive any information that is provided by such third party during authentication process.
2. TRANSACTIONS – within the framework of the service, the Controller may post information, including personal and contact information, necessary to complete transactions between the buyer and the seller, to send messages and communicate users among themselves, and make payments (for example, name, surname, data of the authorized person of the company, name of the company, details of the company, telephone numbers, e-mail address, address of location of the company, other communication data at the request of the User). All the information necessary to publish ads is required when creating an account. Users are responsible for all information posted on the site. The user should carefully consider all the risks associated with the fact that he makes certain information, in particular, the address or other personal information, publicly available. The information included by the User in ads and messages sent to other Users/third persons does not come from the Controller and is not initiated by the Controller.
3. CUSTOMER SERVICE – when the User contacts the Controller via the form included in the Contacts tab, the Controller may collect (store, analyze) the User’s personal data in order to fulfill their request and to provide feedback. The Controller is also authorized to contact the User, using the personal data made available on their current account. The Controller may also obtain and store other personal data concerning communication with the User, such as all requests and demands of the User sent to the Customer Service Department or the feedback provided by the Controller.
4. DATA COLLECTED BY THE WEBSITE – the Controller is authorized to automatically obtain and record data allowing to use auto23.autoline.com.pl internet service, such as: IP address, domain, identification data of the browser, type of operating system and its interface, difference in time compared to universal time (GMT) and other data automatically passed by browsers.
3. PROCESSING PERSONAL DATA OF AN INCREASED RISK USER
In justified cases, taking into account the legally justified interests of the Controller consisting in preventing gross violation of these Regulations, in order to provide Users with the possibility to use a secure and friendly Service, the Controller is authorized to verify the personal data of the User classified as Increased Risk User, in particular by demanding that they present scans of the following documents:
1. passport/identity card/other identity documents, a document confirming the state registration of a legal entity, an individual entrepreneur – verification of the conformity of the data provided during the registration with the personal data from an official document;
2. registration certificate – verification of the ownership right.
Failure to submit the required documents confirming the personal data of the Increased Risk User shall prevent them from using the Autoline Service.
In order to protect data, especially to protect the User’s personal data while sending scans of documents and to prevent them from being possessed by third parties, the Controller uses the latest technologies ensuring appropriate protection to its servers.
4. PROCESSING PERSONAL DATA OF A CHILD
The Controller understands the importance of taking additional precautions to protect the privacy and safety of children using Web Sites and Services. Children under the age of 13 years or equivalent to the minimum age groups in the relevant jurisdiction are not allowed to create their own account unless their parents have provided consent. Parents should familiarize themselves with this Privacy Protection Policy before they can begin the process of creating an account for their child.
Parents or other responsible persons agree that the Controller uses and discloses information about the child as specified in this Policy. This consent does not apply to the practice of data collection by third parties. Third parties who may collect, use or disclose your child's information are responsible for obtaining a separate verifiable consent.
If the Controller becomes aware that personal data were collected about a child under 13 years of age or an equivalent minimum age depending on the jurisdiction, the Controller will take measures to remove this information as soon as possible, outside the above circumstances.
If at any time the parents need to access, correct or delete data related to their child's account, they can contact the Controller through the form in the Contacts tab.
5. THE PURPOSE OF PROCESSING PERSONAL DATA
Users’ personal data are collected, stored and used by the Controller with the consent of the persons they concern, in accordance with the law and following relevant procedures, in the way that guarantees their security.
The Controller processes the User’s personal data for the following purposes:
- Allowing to User to fully use auto23.autoline.com.pl internet service, provide services for the Users, including creating and managing User accounts, solving technical difficulties and accessing various functions;
- Adapting offers, including ads for their services or third party services, on the basis of User’s activity;
- Controlling User’s activities, such as searching for: key words, placing ads and making transactions and controlling traffic on the Website;
- Communicating with the User, including issues of services, customer service or authorized marketing communication through all available communication channels;
- Conducting research and analytical activities to improve the quality of provided services;
- Adjusting advertisements to the previously browsed content;
- Ensuring the compliance of Autoline Services with the User Agreement, including prevention of fraud and insults.
The Controller may store the information that he collects and receives via the Website as long as it is necessary to fulfill the above business goals.
Legal basis for processing data for particular goals:
- Processing is necessary to execute the agreement whose party is the person whom the data concerns, or to take action at the request of the person whom the data concerns, before concluding the agreement” (Article 6 section 1 letter b GDPR) - § 2 point 1 of this document;
- Processing is necessary for the purposes resulting from legally justified interests pursued by the Controller or by a third party, except for situations in which these interests are inferior to the interests and fundamental rights and freedoms of a person whom the data concerns, requiring protection (Article 6 section 1 letter f GDPR) - § 2 point 3 of this document, pursuing or securing claims, statistical measures;
- Processing is necessary to fulfill the legal obligation imposed on the Controller (Article 6 section 1 letter c GDPR) – inter alia accounting and tax obligations;
- Processing on the basis of the consent of a person whom the data concerns for one or more specific goals (Article 6 section 1 letter a GDPR) – inter alia marketing.
6. PERIOD OF STORING PERSONAL DATA
Personal data shall be stored and processes both in the “EEA” and outside it, on appropriately secured servers for the time necessary to accomplish goals for which they were collected, including legal, tax and accounting obligations as well as marketing and reporting purposes.
The period in which the Administrator processes data depends on the type of the service provided. In principle data is processed for the time of providing the service until the user's account is deleted or until the given consent is withdrawn or the user lodges an effective objection to data processing in cases when the legal foundation for data processing is the Administrator's justified interest.
In case of data processed in order to fulfill legal obligations of the Controller resulting from valid law, data shall be processed until the time of terminating the agreement, and after its termination, not longer than for a period resulting from legally justified interests or from provisions of law (processing for statistical and settlement purposes, pursuing claims).
Personal data related to Cookies files are stored for a period corresponding to their configured lifetime or until User deletes them manually.
7. MAKING PERSONAL DATA AVAILABLE
On the basis of valid provisions on protection of personal data, the Controller may make data available to the following entities:
- Affiliates – the Controller may make information available to affiliates in any third country. These entities are authorized to process and use personal data for purposes specified in § 5 of this Privacy Protection Policy, and the activity of the entities is subject to provisions of valid law and this document. The Controller does not pass Users’ personal data to independent parties, unless this is explicitly allowed by the Users.
- Third parties rendering services – the Controller may use service providers for third parties in order to ensure some elements of its services. Providers are not allowed to use personal data of Users for their own purposes. The processing of personal data by third parties is performed exclusively at the request of the Controller for a specific purpose, following the Controller’s instructions;
- Entities rendering marketing services – the Controller may make available some anonymous information (data which do not allow for identification of particular users) to service providers for third parties, trusted partners or authorized scientists, in order to improve general quality and effectiveness of the Website services or to contribute to the research which might bring social benefits.
- Prosecution/supervisory bodies and others – the Controller reserves the right to exchange information with individuals and public bodies, in accordance with legal requirements for the following purposes:
- protection against fraud and abuse;
- investigation into alleged violation of law or other alleged violations of the User Agreement.
The Controller may submit users’ personal data at the request of relevant bodies, provided that such requests are filed in compliance with legal requirements.
According to Privacy Protection Policy, the Controller undertakes not to make available or sell any personal data of the user.
In case the Controller’s company or its part is sold or restructured and the Controller passes all or basically all assets to the new owner, personal data of Users may be passed on to the buyer in order to ensure the continuity of the service of auto23.autoline.com.pl.
In case of the above-described transfer of personal data the Controller may inform the User of the transfer of their personal data.
8. TRANSFER OF PERSONAL DATA OUT OF THE EEA
The Controller provides services all over the world.
As a general rule, data should not be transferred to countries outside the European Economic Area without the explicit consent of the individual User. However, due to the nature of the activity conducted by the Controller, the Controller may share certain information with other entities, inter alia its branches, for the purposes described in this Policy, including, for identity verification, and payment processing.
The transfer of personal data to a third country or international organization may take place if there is a special public decision by the authorized body that a third country, territory or one or more of these sectors within that third country or international organization in question provides adequate protection level. Such a transfer does not require any specific authorization.
The transfer of personal data outside the European Economic Area is conducted on the basis of the following legal foundations for data transmission:
- Model articles - The European Commission has adopted standard treaty provisions (also known as model clauses) that provide guarantees for personal information transmitted outside Europe. The controller uses these model provisions when transferring personal information outside of Europe;
- Contract performance – Linemedia Sp. z o.o. works in countries around the world and uses the technical infrastructure outside of Europe to provide services. The transfer of personal data to other jurisdictions is necessary to provide Users with the possibility of using Websites and Services of auto23.autoline.com.pl.
9. USERS’ RIGHTS RELATED TO PROCESSING OF PERSONAL INFORMATION
The valid provisions on privacy protection grant the User the following rights related to processing personal information:
- the right of access to personal data (Article 15 GDPR);
- the right to correct personal data (Article 16 GDPR);
- the right to delete personal data (the right to be forgotten) (Article 17 GDPR);
- the right to limited processing of personal data (Article 18 GDPR);
- the right to transfer personal data (Article 20 GDPR);
- the right to object to processing personal data (Article 21GDPR);
- the right not to be bound by the decision based exclusively on automated processing – including profiling – causing legal effects for the User or affecting the User in a similar, significant way (Article 22 GDPR);
- the right to file a complaint to the supervisory body relevant for personal data protection (The relevance of the supervisory body is specified by the member state in which the person filing a complaint resides, works or where the alleged violation took place) (Article 77 GDPR)
Every User who expressed their consent to processing their personal data in order to use the services available in auto23.autoline.com.pl service, has the right to withdraw their consent at any time. The withdrawal of the consent does not affect the compliance with the law of the processing which was conducted on the basis of the consent before its withdrawal.
In order to exercise their rights concerning the processing of personal data, the User whose data is processed in the provision of services may contact the Controller via the form in the Contacts tab.
User can request deletion of their account and all stored personal data by going to the section “open account menu in the top / Settings / Delete account” or by writing an email request to email@example.com
10. COOKIES AND MOBILE IDENTIFIERS
As part of the activities of their Web Sites, the Controller can collect certain information using technologies such as cookies, pixels, and local storage (in your browser or mobile device).
Cookies - small text files that store information directly on the user's computer, his mobile phone or other device. Cookies do not activate applications or pass on viruses
Pixels - small digital images that are part of the codes on web pages that allow another server to measure the visibility of a web page, and are often used in conjunction with cookies. The code tracks if and when (and on which page) the pixel is loaded to indicate that the user is interacting with the page or part of the page of the Site.
The Controller may allow third parties, such as providers of advertising and / or analytical services, to collect information using these types of technologies directly on the Website page. The data they collect are subject to protection in accordance with the current privacy policies of these third parties. For more information on third party advertising-related cookies, please see:
The Controller uses the information, including personal data collected by using cookies, for the following purposes:
- Market research: the Controller uses information collected with cookies for marketing research (such as analyzing market segmentation or trends, preferences and behaviors, researching products or services, or marketing or advertising effectiveness) or product development (for example, analyzing segment characteristics market or group of clients or the effectiveness of our site in order to improve it).
Internet users may change the settings of their browsers to reject all or some cookies or to set warnings informing that websites place or have access to cookies. However, it must be reminded that if cookies are blocked or rejected, some of the Services or some parts of the Service may become unavailable or may not work properly.
All information collected by the Controller is protected, to a reasonable extent, by means of technical measures and security procedures, to prevent it from unauthorized access or use of data. The data are protected by internal procedures of personal data protection and the implemented security systems.
In order to protect data, especially to protect personal data while transferring it and to protect data from the possibility of intercepting it by third parties, we use the latest technologies. These are constantly modified in line with the current state of technical knowledge.
Affiliates, partners and service providers of third parties are obliged to use the information obtained from the Controller in line with security requirements and this Privacy Protection Policy.
12. AMENDMENTS TO THIS POLICY
If necessary, the Controller reserves the right to amend the provisions of this Privacy Protection Policy.
Amendments enter into force on the date indicated by the Operator, not earlier though than 7 days after notifying the Users of this fact by placing an announcement on the website of Autoline Service, subject to the provision that the services activated before the amendment to this Policy becomes valid shall be performed on the current principles. In the event when the User does not accept the new content of the Policy, they are obliged to immediately refrain from using the services of Autoline Service. Further use of the Service means that the User consented to the valid version of the Policy. Information communication intended for the wide community of Users shall be placed on websites and/or sent by e-mail to the addresses of Users.
13. CONTACT DATA