Privacy Policy, GDPR, Cookies

Back

Privacy Policy

This Privacy Policy defines the principles for saving and accessing data on the Devices of Users of the Website in connection with the electronic services provided by the Controller and the principles for the collection and processing of the personal data of the Users entered by them personally and voluntarily using the tools available on the Website.

 

This Privacy Policy is an integral part of the Terms and Conditions of the Website, which define the rules, rights and obligations applicable to the Users of the Website.

 

§1 Definitions

 

  • Website – “spark-lab.pl” website operating at https://spark-lab.pl.
  • External Website – websites of partners, service providers or service recipients cooperating with the Controller.
  • Website/Data Controller – the Website and Data Controller (hereinafter referred to as the Controller) is “Laboratorium Analiz Chemicznych Spark-Lab Sp. z o.o.”, carrying on business at: Al. Zwycięstwa 96/98, 81-451 Gdynia, tax identification number (NIP): 5862280365, KRS (National Court Register Number): 0000444361, providing electronic services via the Website.
  • User – natural person to which the Controller provides services by electronic means via the Website.
  • Device – electronic device complete with software, used by the User to access the Website.
  • Cookies – text data collected in the form of files placed on the User’s Device.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • Personal data – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Restriction of processing – means the marking of stored personal data with the aim of limiting their processing in the future.
  • Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • Consent – consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  • Pseudonymisation – means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • Anonymisation – data anonymisation is an irreversible operation performed on the data that destroys/overwrites “personal data” to prevent identification or association of a specific record with a specific user or natural person.

 

§2 Data Protection Officer

 

Pursuant to Article 37 of the GDPR, the Controller has not appointed a Data Protection Officer.

 

For matters concerning data processing, including personal data processing, the User should contact the Controller directly.

 

§3 Types of Cookies

 

  • Internal Cookies – files saved and accessed on the User’s Device by the ICT system of the Website.
  • External Cookies – files saved and accessed on the User’s Device by the ICT systems of External Websites. The scripts of External Websites that may place Cookies on the User’s Devices have been incorporated on the Website deliberately using the scripts and services provided and installed at the Website.
  • Session Cookies – files saved and accessed on the User’s Device by the Website during a single session of the Device. After the end of the session, the files are deleted from the User’s Device.
  • Persistent Cookies – files saved and accessed on the User’s Device by the Website until deleted manually. The files are not deleted automatically after the session of the Device ends unless the User’s Device is configured to delete Cookies after the session.

 

§4 Safety of data storage

 

  • Cookie storage and reading mechanisms – storage, reading and data exchange between Cookies saved on the User’s Device and the Website are implemented using the integrated mechanisms of web browsers, and they do not permit the downloading of other data from the User’s Device or data of other websites visited by the User, including personal data or confidential information. It is also virtually impossible to transfer any viruses, trojans or other worms to the User’s Device.
  • Internal Cookies – the Cookies used by the Controller are safe to the User’s Devices and do not contain any scripts, contents or information that could be dangerous to the security of personal data or security of the Device used by the User.
  • External Cookies – the Controller uses all possible measures to verify and select the partners of the Website in the context of User security. The Controller cooperates only with large, well-known partners who are globally trusted by the public. However, the Controller does not have full control over the contents of Cookies originating from external partners. The security of Cookies and their contents and the compliance of the way they are used by the Scripts of External Websites installed on the Website with the conditions of the relevant licence are not a responsibility of the Controller to the maximum extent permitted by the law. The list of partners has been included further in this Privacy Policy.
  • Cookie management
    • The User can, at any time, change the settings for saving, deleting and accessing data in the Cookies saved on the Device using any website.
    • Information on how to disable Cookies in the most popular browsers for computers can be found on the following page: how to disable cookies or at one of the indicated providers:
      • Cookie management in Chrome
      • Cookie management in Opera
      • Cookie management in Firefox
      • Cookie management in Edge
      • Cookie management in Safari
      • Cookie management in Internet Explorer 11
    • The User may delete all Cookies saved so far at any time by means of the tools of the Device used by the User to access the Website.
  • Risks attributable to the User – the Controller uses all possible technical means to ensure that the data placed in the Cookies remain secure. However, the security of such data depends on the actions of both parties, including the User. The Controller is not responsible if the data are intercepted, if the User’s session is hijacked or if the data are deleted due to deliberate or accidental action of the User, viruses, trojans or other spyware with which the User’s Device may be or may have been infected. To protect against such risks, the Users should follow the rules for using the Internet.
  • Storage of personal data – the Controller assures that it makes every effort to ensure the security of processing of the personal data entered by the Users and to ensure that access to such data is limited and that the data are accessed in accordance with their intended use and purposes of processing. The Controller also assures that they make every effort to protect the data against loss using suitable physical and organisational security measures.

 

§5 Purposes of using Cookies

 

  • Improving and facilitating access to the Website
  • Customising the Website for the Users
  • Marketing and Remarketing on External Websites
  • Collecting statistics (concerning the users, number of visits, types of devices, Internet connections, etc.)
  • Providing social media services

 

§6 Purposes of personal data processing

 

Personal data provided voluntarily by the Users are processed for one of the following purposes:

  • Providing electronic services
  • Communicating with the Users in connection with the Website and data protection
  • Pursuing a legitimate interest of the Controller

 

User data are collected anonymously and are automatically processed for one of the following purposes:

  • Collecting statistics
  • Remarketing
  • Pursuing a legitimate interest of the Controller

 

§7 Cookies of External Websites

 

On the Website, the Controller uses JavaScript scripts and web components of their partners that may place their own cookies on the User’s Device. Remember that you can use the settings of your browser to decide which types of cookies can be used by the individual websites. Below is a list of partners or their services implemented on the Website that may place cookies:

  • Social media/combined services:
    (Registration, logging in, sharing contents, communication, etc.)
    • Twitter
    • Facebook
    • LinkedIn
  • Collecting statistics:
    • Google Analytics
  • Other services:
    • Google Maps

 

Services provided by third parties are beyond the control of the Controller. Such parties may change their terms of service, privacy policy, the purpose of data processing and methods of using cookies at any time.

 

§8 Types of collected data

 

The Website collects data about the Users. Some of the data are collected automatically and anonymously, and other data include personal data provided voluntarily by the Users when they sign up for the individual services offered by the Website.

 

Anonymous data collected automatically:

  • IP address

  • Browser type

  • Screen resolution

  • Approximate location

  • Opened pages of the website

  • Time spent on the relevant page of the website

  • Type of the operating system

  • Address of the previous page

  • Address of the referrer

  • Browser language

  • Internet connection speed

  • Internet service provider

 

Data collected upon registration:

  • First name / last name / nick
  • E-mail address
  • Phone number
  • IP address (collected automatically)

 

Data collected when signing up for the Newsletter service

  • E-mail address

 

Some of the data (without identification data) may be stored in cookies. Some of the data (without identification data) may be provided to a provider of statistical services.

 

§9 Access to personal data by third parties

 

In principle, the only recipient of the personal data provided by the Users is the Controller. The data collected in connection with the provided services are not provided or sold to third parties.

 

The data may be accessed (usually pursuant to a data processing agreement) by parties responsible for the maintenance of the infrastructure and services required to operate the website, i.e.:

  • Hosting companies providing hosting services or related services for the Controller
  • Technical and IT support companies that perform maintenance activities or are responsible for the maintenance of IT infrastructure

 

Processing by a processor – hosting, VPS or dedicated server services

 

The Controller uses an external provider of hosting, VPS or dedicated servers in order to operate the website – H88 S.A. The personnel of the indicated party have access to the data entered by the Users when they register or edit their user account and/or to the data concerning the Newsletter service. The access to the data is regulated by the agreement signed between the Controller and the Service Provider.

 

§10 Data processing method

 

Personal data provided voluntarily by the Users:

  • The personal data will not be provided outside the European Union unless they are published as a result of the individual actions of the User (e.g., posting a comment or post), causing the data to be accessible to anyone visiting the website.
  • The personal data will not be used for automated decision-making (profiling).
  • The personal data will not be sold to third parties.

 

Anonymous data (without personal data) collected automatically:

  • Anonymous data (without personal data) will be provided outside the European Union.
  • Anonymous data (without personal data) may be used for automated decision-making (profiling).
    The profiling of anonymous data (without personal data) does not have legal effects or other similar material effects to the person whose data are subject to automated decision-making.
  • Anonymous data (without personal data) will not be sold to third parties.

 

§11 Legal grounds for personal data processing

 

The Website collects and processes the data of the Users pursuant to the following:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
    • Article 6(1)(a)
      the data subject has given consent to the processing of his or her personal data for one or more specific purposes
    • Article 6(1)(b)
      processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
    • Article 6(1)(c)
      processing is necessary for compliance with a legal obligation to which the controller is subject
    • Article 6(1)(f)
      processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
  • Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2018, item 1000)
  • Telecommunications Law Act of 16 July 2004 (Journal of Laws of 2004, No. 171, item 1800)
  • Act of 4 February 1994 on copyright and related rights (Journal of Laws of 1994, No. 24, item 83)

 

§12 Processing period

 

Personal data provided voluntarily by the Users:

 

In principle, the indicated personal data are kept only for as long as the Service is provided by the Controller via the Website. They are deleted or anonymised within 30 days from the time the service is no longer provided (e.g., from the deletion of the registered user account, opting out of the Newsletter, etc.).

 

The only exception is where the data have to be processed longer by the Controller to secure their legitimate interests. In such a situation, the Controller will retain the indicated data for up to 3 years from the User’s request to erase them in case of a breach or suspected breach of the terms and conditions of the Website by the User.

 

Anonymous data (without personal data) collected automatically:

 

Anonymous statistical data, without personal data, are retained by the Controller to maintain statistics for the Website for an indefinite period.

 

§13 Rights of the Users connected with personal data processing

 

The Website collects and processes the data of the Users pursuant to the following:

  • Right to access
    Users have the right to access their personal data – this right may be exercised by submitting a request to the Controller.
  • Right to rectification
    The Users may request the Controller to promptly rectify their personal data if they are incorrect and/or complete personal data that are incomplete – this right may be exercised by submitting a request to the Controller.
  • Right to erasure
    Users may request that the Controller promptly erase their personal data – this right may be exercised by submitting a request to the Controller. In the case of user accounts, the erasure of the data takes place through anonymisation of the data to prevent the identification of the User. The Controller reserves the right to suspend the erasure of data to protect their legitimate interest (e.g., if the User has breached the Terms and Conditions or if the data were acquired as a result of ongoing correspondence). In the case of the Newsletter service, the User may erase their personal data themselves using a link included in every e-mail they receive.
  • Right to restriction of processing
    Users have the right to restriction of processing in the situations indicated in Article 18 of the GDPR, including, in particular, if they claim that their personal data are inaccurate – this right may be exercised by submitting a request to the Controller.
  • Right to data portability
    Users may obtain their personal data from the Controller in a structured, commonly used, machine-readable format – this right may be exercised by submitting a request to the Controller.
  • Right to object to data processing
    Users may object to the processing of their personal data in the situations stipulated in Article 21 of the GDPR – this right may be exercised by submitting a request to the Controller.
  • Right to lodge a complaint
    Users may lodge a complaint with the supervisory authority in charge of personal data protection.

 

§14 Contact details of the Controller

 

The Controller may be contacted using one of the following methods:

  • Postal address – Laboratorium Analiz Chemicznych Spark-Lab Sp. z o.o., Al. Zwycięstwa 96/98; 81-451 Gdynia
  • E-mail address – rodo@spark-lab.pl
  • Phone number – +48782811350
  • Contact form – available at: https://spark-lab.pl/kontakt

 

§15 Requirements of the Website

 

  • Restrictions on the possibility of saving and accessing Cookies on the User’s Device may result in the incorrect operation of some of the functions of the Website.
  • The Controller does not bear any responsibility for faulty functioning of the Website if the User restricts the possibility of saving and accessing Cookies.

 

§16 External links

 

The Website – articles, posts, entries or comments of the Users – may include links to external websites that do not cooperate with the owner of the Website. These links as well as the pages or files they refer to may be dangerous to your Device and the security of your data. The Controller is not responsible for any contents outside the Website.

 

§17 Amendments of the Privacy Policy

 

  • The Controller reserves the right to freely modify this Privacy Policy without the need to notify the Users as regards the application and use of anonymous data or Cookies.
  • The Controller reserves the right to freely modify this Privacy Policy regarding the processing of personal data, of which they will inform all Users with user accounts or Users who signed up for the newsletter service by e-mail within 7 days from the amendment of the provisions. If you continue to use the services further, this will mean that you have read and accepted the amended Privacy Policy. If you do not agree to the amended Privacy Policy, you have to remove your account from the Website or opt out of the Newsletter service.
  • The amendments of the Privacy Policy will be published on this page of the Website.
  • The amendments become effective as of the date they are published.