PRIVACY POLICY
Dear Customer/User
We care about your privacy and want you to feel comfortable and safe while using our services. That’s why we’ve prepared this document to provide you with detailed information regarding the processing of your personal data.
Table of Contents:
Introduction
General Information
Recipients of Personal Data on the Website
Acquisition, Collection, Purpose, Scope, and Processing Activities of Personal Data
Rights of Data Subjects
Cookies Mechanism, Exploitation Data, and Analytics
Final Provisions
Introduction
This Privacy Policy sets out the rules for the processing and protection of personal data of Users and Customers of the Website (including potential Customers) using the Website available at the following web address: www.poznan.aero, hereinafter referred to as the Website. The document primarily describes the bases, purposes, and scope of personal data processing, identifies the entities to whom the data is entrusted, and also contains information regarding cookies and analytical tools used within the Website.
The personal data controller collected via the Website, as defined in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), dated 27 April 2016 (OJ L 119, p. 1), hereinafter referred to as GDPR, is Aero Poznań sp. z o.o., registered in the Register of Entrepreneurs of the National Court Register maintained by the District Court Poznań – Nowe Miasto i Wilda in Poznań, 8th Commercial Division – National Court Register: [ul. Bukowska 285, 60-189 Poznań, NIP: 7831683732, REGON: 301972753, KRS: 0000402422, contact telephone: +48 61 847 47 73], email address: [office@poznan.aero], hereinafter referred to as the Controller and also being the Service Provider of the Website. Contact with the Data Protection Officer appointed by the Controller is possible via email at: [odo@poznan.aero]
The personal data of Users is processed in accordance with the provisions regarding the protection of personal data and the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws No. 144, item 1204, as amended).
The personal data controller declares that this Privacy Policy serves an informational role, which means that it does not impose obligations on Users and Customers of the Website. Its purpose is to define the actions undertaken by the Controller and describe the services, tools, and functionalities related to the Website, used by the Customers of the Website to use the contact form or other actions taken within the Website.
General Information
The Website Controller makes every effort to protect the privacy of Users and Customers of the Website as well as all data and information obtained from them. With due diligence, technical protection measures, both software and organizational, are selected and applied, thereby ensuring complete protection against their disclosure, leakage, loss, destruction, unauthorized modification, or processing in violation of applicable law. The Controller informs that the Website uses a transmission protocol that ensures the security of data transmission over the Internet, namely it has an SSL (Secure Socket Layer v3) protocol installed. This is a type of security that involves encoding data before it is sent from the Client’s browser and decoding it after safely reaching the Website’s server. The information sent from the server to the Client is also encoded and decoded upon reaching its destination. The data collected by the Controller is processed lawfully, respecting the principles of fairness and transparency, collected to the minimum extent necessary for the specified purposes, processed according to those purposes, not subjected to further processing inconsistent with these purposes, adequate and materially correct concerning its purpose, and stored in a manner allowing the identification of the persons concerned. The data retention period depends on the processing purpose and is limited to the time necessary to achieve the intended purpose. The Website Controller, under the terms specified in the Terms and Conditions and the Privacy Policy, has access to the data, but may entrust the personal data of Customers to external entities cooperating with the Controller. Such entrustment is possible only based on relevant agreements on the entrustment of personal data, concluded between the Controller and the processing entity. The agreements contain provisions specifying the scope and conditions of personal data processing necessary to provide services. The Controller declares that it only cooperates with entities that guarantee the security of personal data processing through the implementation of safeguards corresponding to the requirements set out in the GDPR. The Controller has the right, as well as the statutory obligation, to provide information regarding the Customers of the Website to public authorities, for example, in connection with proceedings concerning potential law violations, or to third parties that request such information based on applicable Polish law. Using the services and tools provided within the Website, as well as providing personal data by the User, is voluntary. However, providing them may be necessary to conclude and perform a Sales Agreement or an Agreement for the provision of electronic services on the Website; therefore, their absence will prevent the conclusion of such an Agreement. The scope of data required to conclude the Agreement is indicated on the Website. A Customer using the services and tools provided within the Website confirms that they have read the provisions of this Privacy Policy and the Information on cookies, and at the same time, by ticking the appropriate checkboxes provided on the Website, expresses consent (if necessary) to the use of their personal data in accordance with these provisions.
Recipients of Personal Data on the Website
To ensure the proper functioning of the Website, including the performance of Sales Agreements, the Controller uses the services of external entities. The Controller discloses data only when it is necessary to achieve the specific purpose of personal data processing and only to the extent necessary to achieve it. Examples of recipients of personal data of Customers of the Website are: service providers supporting the operation of the Website Controller, e.g., providers of computer software for operating the Website, email service providers, companies handling the mailing system, hosting providers.
The data recipients (external entities) process personal data based on relevant agreements concluded with the Website Controller. These entities collect, process, and store personal data in accordance with their respective regulations and privacy policies.
The processing of personal data of Service Recipients and Customers of the Website [website address] is entrusted by the Controller to the following entities:
hosting company – cyber_Folks S.A., with its registered office in Poznań, ul. Wierzbięcice 1B, 61-569 Poznań, entered into the National Court Register by the District Court Poznań – Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number 0000685595, REGON 367731587, NIP 7792467259 – for the purpose of storing data on the server on which the Website is installed and providing IT-technical support for the Website.
marketing company – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
VAT No.: IE 6388047V
The Controller informs that personal data for purposes related to the provision of marketing services is transferred to Northern Ireland and the United States, due to their storage on Irish and American servers. This is caused by the Controller’s use of Google’s services – an entity located in a third country – in the United States, Northern Ireland, which has joined the Privacy Shield program and thereby guarantees an adequate level of personal data protection required by European regulations.
Acquisition, Collection, Purpose, Scope, and Processing Activities of Personal Data
The Controller acquires information about Users, among others, by collecting server logs, IP addresses, software and hardware parameters, viewed pages, mobile device identification numbers, and other data related to devices and system usage. The collection of the above information will occur in connection with the use of the Website. This data is not used by the Controller to identify the User/Customer. Navigation data may also be collected from Customers, including information about links and references or other actions taken on the Website, to facilitate the use of services provided electronically and to improve the functionality of these services. The Controller reserves the right to filter and block messages sent via the internal messaging system, especially if they are spam, contain prohibited content, or otherwise threaten the security of the Website Users. As part of operating the Website, the Controller processes Customers’ personal data for the following purposes: taking actions before concluding a contract at the Client’s request; ensuring full User support for the Website, including contacting Users in response to inquiries submitted via the contact form, contacting Users via email in response to submitted inquiries, providing services that do not require the creation of an account and the purchase of Goods, i.e., browsing the Website’s web pages, monitoring the activity of all or specific Users, customizing the offer and User experience, performing the Sales Agreement or the Agreement for the provision of electronic services, conducting statistics on the use of the various functionalities available on the Website, facilitating the use of the Website, and ensuring the security of the Website’s IT, establishing, investigating, and enforcing claims, as well as defending against claims in court proceedings and other enforcement authorities, handling complaints, complaints, and requests, as well as responding to inquiries, conducting research and analysis to improve the services available. The Controller informs that it processes personal data only in cases where: the data subject has given consent to the processing of their personal data, the processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject before concluding a contract, the processing is necessary for compliance with a legal obligation to which the controller is subject, the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. In most cases, the provision of data is voluntary but necessary to provide a Sales Agreement or a contract for the provision of electronic services on the Website. Each time, the purpose and scope of the data processed by the Controller result from the consent of the User or legal regulations and are specified as a result of actions taken by the User on the Website or other communication channels. The scope of personal data processing may be different depending on the purpose of processing. The processing of personal data of the Users and Customers of the Website is carried out for the following purposes: Handling orders for the provision of services and goods offered via the Website. Communicating with the Customer, including sending offers and information about services available on the Website. Handling inquiries and complaints. Ensuring proper operation and security of the Website. Conducting marketing activities and promotions, including direct marketing of the Controller’s services. Conducting statistical analyses and reports. Defending and pursuing claims.
Rights of Data Subjects
Each data subject has the right to: access their personal data, rectify their personal data, erase their personal data (the right to be forgotten), restrict the processing of their personal data, object to the processing of their personal data, data portability, withdraw consent to the processing of their personal data at any time (without affecting the lawfulness of the processing carried out based on consent before its withdrawal). The rights mentioned above can be exercised by contacting the Controller via email at [office@poznan.aero] or in writing to the Controller’s address: [Aero Poznań sp. z o.o., ul. Bukowska 285, 60-189 Poznań]. Furthermore, each data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they consider that the processing of personal data concerning them violates the provisions of the GDPR. In cases where the processing of personal data takes place based on the consent of the data subject, providing personal data to the Controller is voluntary. If the Customer does not consent to the processing of their personal data necessary to perform the Sales Agreement or a contract for the provision of electronic services, this may prevent the performance of the Sales Agreement or the provision of services by the Website.
Cookies Mechanism, Exploitation Data, and Analytics
The Website uses “cookies.” The information collected through cookies is used to adjust the content of the Website to the needs of the Customer and the optimization of the use of the Website, maintaining the session of the Website Customer (after logging in), thanks to which the Customer does not have to re-enter the login and password on each subpage of the Website, creating statistics that help to understand how Website Users use websites, which allows improving their structure and content, and presenting Customers with advertising content more suited to their interests. The Website uses two basic types of cookies: “session” and “persistent.” “Session” cookies are temporary files that are stored on the User’s end device until logging out, leaving the website, or turning off the software (web browser). “Persistent” cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User. By default, most web browsers available on the market accept cookies by default. Each User has the ability to define the conditions for using cookies using the settings of their own web browser. This means that it is possible to, for example, partially limit (e.g., temporarily) or completely disable the option to save cookies – in the latter case, however, this may affect some of the Website’s functionalities. The settings of the web browser for cookies are significant from the point of view of consent to the use of cookies by our Website – in accordance with the law, such consent may also be expressed through the settings of the web browser. In the absence of such consent, the settings of the web browser for cookies should be changed accordingly. Detailed information on changing the settings for cookies and their self-removal in the most popular web browsers is available in the help section of the web browser. The Website Controller may use the services of Google Analytics, Universal Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Controller analyze traffic on the Website. The collected data is processed as part of the above services in an anonymized manner (these are so-called exploitation data that prevent identification of the person) to generate statistics helpful in administering the Website. These data are of an aggregate and anonymous nature, i.e., they do not contain identifying characteristics (personal data) of the person visiting the Website. When using the services mentioned above on the Website, the Controller collects data such as the sources and medium of obtaining visitors to the Website and the manner of their behavior on the Website, information on the devices and browsers from which they visit the Website, IP and domain, geographical data, and demographic data (age, gender) and interests.
It is possible for a person to easily block the sharing of information with Google Analytics regarding their activity on the Website by installing a browser plugin provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
Final Provisions
The Website may contain links to other websites. The Controller urges that after switching to other websites, familiarize yourself with the privacy policy established there. This privacy policy applies only to this Website. The Controller uses technical and organizational measures to ensure the protection of processed personal data appropriate to the risks and categories of data covered by protection. It protects the data from being shared with unauthorized persons, taken by an unauthorized person, processed in violation of applicable regulations, and changed, lost, damaged, or destroyed. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly. In the event of inconsistency of the provisions of this Privacy Policy with the consents granted by the data subject, the consents or other individually concluded agreements (agreements for the provision of services or regulations) between the Controller and the Customer shall apply. The Controller reserves the right to change the Privacy Policy in the future – it may be necessary, among others, due to changes in the law, technological changes, changes in the method and purpose of the processing of personal data, or changes in the Website functionality. Such changes will be communicated to Customers, in particular if they concern new purposes or methods of personal data processing, as well as changes in the functionality of the Website. This Privacy Policy was last updated on [Date].
FORMULARZ KONTAKTOWY
W ramach funkcjonalności Strony internetowej, Administrator zapewnia możliwość skontaktowania się z nim przy wykorzystaniu interaktywnego formularza. Skorzystanie z formularza wymaga podania danych osobowych, niezbędnych do skontaktowania się z Użytkownikiem i udzielenia odpowiedzi na pytania zawarte w formularzu. Użytkownik może podać także inne dane, w celu ułatwienia kontaktu lub zlecenia usługi. Podanie danych oznaczonych jako obowiązkowe jest wymagane w celu obsługi zapytania lub/i przyjęcia zlecenia, a ich niepodanie może skutkować brakiem możliwości jego obsługi. Podanie pozostałych danych jest dobrowolne.
W celu identyfikacji nadawcy oraz obsługi jego zapytania przesłanego przez udostępniony formularz – podstawą prawną przetwarzania jest niezbędność przetwarzania do wykonania umowy o świadczenie usługi (art. 6 ust. 1 lit. b) RODO).
W celach analitycznych i statystycznych – podstawą prawną przetwarzania jest uzasadniony interes Administratora (art. 6 ust. 1 lit. f) RODO), polegający na prowadzeniu statystyk zapytań zgłaszanych przez Użytkowników za pośrednictwem Strony w celu doskonalenia jej funkcjonalności.
CONTACT FORM
As part of the functionality of the Website, the Administrator provides the opportunity to contact him using an interactive form. Using the form requires providing personal data necessary to contact the User and respond to the questions contained in the form. The User may also provide other data to facilitate contact or request a service. Providing data marked as mandatory is required to handle the inquiry or process the request, and failure to provide such data may result in the inability to process it. Providing other data is voluntary.
For the purposes of identifying the sender and handling his inquiry sent via the provided form – the legal basis for processing is the necessity of processing to perform the service agreement (Article 6(1)(b) of GDPR).
For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of GDPR), consisting in keeping statistics of inquiries submitted by Users via the Website to improve its functionality.
GOOGLE ADS
The Administrator informs that by using Google Ads services, he promotes the Website in search results and on third-party websites. Automatically, during visits to the Store’s website, a Google Remarketing cookie file is left on each Visitor’s device, which, through a pseudonymous identifier (ID) and based on the pages viewed by the Visitor, allows the display of interest-based ads.
The Google Ads service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which has joined the Privacy Shield program to ensure an adequate level of personal data protection as required by European regulations.
Rights of Data Subjects
The GDPR grants Clients/Users certain rights, listed below. These rights are available without giving a reason, but they are not absolute and may not apply to all data processing activities. If a Client/User wishes to exercise any of these rights, he may at any time submit a statement of intent to the Website’s email address or the Administrator’s registered office address.
The right of access to data is exercised under Article 15 of GDPR.
The Client/User may at any time contact the Administrator to confirm whether his data is being processed, and if so, the Client has the right:
to obtain access to personal data,
to receive information about the purposes of processing, categories of personal data being processed, recipients or categories of recipients of such data, the planned period of storage of the Client/User’s data or the criteria for determining this period (if it is not possible to specify the planned period of processing), the rights available to the Client/User under GDPR, the right to lodge a complaint with the supervisory authority, the source of this data, automated decision-making, including profiling, and the safeguards used in connection with the transfer of this data outside the European Union,
to obtain a copy of his personal data.
The right to rectification of data is exercised under Article 16 of GDPR.
The Client/User has the right to request the Administrator to immediately rectify his personal data if it is inaccurate. He also has the right to request the completion of his personal data. To rectify or complete his personal data, please send information to the Website’s email address.
III. The right to erasure of data (“right to be forgotten”) – exercised under Article 17 of GDPR.
a) The Client/User may request the Administrator to delete all or some of his data,
b) The Client/User has the right to request the erasure of his personal data when:
the personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
he has withdrawn a specific consent to the extent that the personal data was processed based on the Client/User’s consent,
he has objected to the use of his data for marketing purposes,
the personal data has been processed unlawfully,
the personal data must be erased to comply with a legal obligation provided for in Union or Member State law to which the Administrator is subject;
the personal data was collected in connection with offering information society services,
c) Despite the Client/User’s request to erase personal data in connection with the objection or withdrawal of consent, the Administrator may retain certain personal data to the extent that processing is necessary to establish, exercise, or defend legal claims, as well as to comply with a legal obligation requiring processing under Union or Member State law to which the Administrator is subject,
d) The deletion of personal data or the cessation of its processing by the Administrator may result in the inability to provide services through the Website or limit the ability to use the Website’s functionality.
Consent to the processing of personal data and the right to withdraw consent are exercised under Article 7(3) of GDPR
a) By accepting the statements placed by the Administrator in the interactive forms available on the Website, the Client/User consents to the processing of his data for specified purposes,
b) The Client/User may consent to the processing of his data for additional purposes by accepting the non-mandatory statements proposed in the forms available on the Website,
c) The Client has the right to withdraw any consent he has given to the Administrator, and the withdrawal of consent will be effective from the moment of its withdrawal,
d) Withdrawal of consent will not have any negative consequences for the Client, but it may prevent further use of services or functionalities that the Administrator can provide only with consent,
e) Withdrawal of consent does not affect the processing of personal data carried out by the Administrator in accordance with the law before its withdrawal.
The right to object to data processing is exercised under Article 21 of GDPR
a) The Client/User has the right to object at any time, for reasons related to his particular situation, to the processing of his personal data, including profiling, if the Administrator processes personal data based on a legitimate interest,
b) The Client/User’s email message withdrawing consent to receive marketing information about products and services constitutes the Client/User’s objection to the processing of his data, including profiling for these purposes,
c) If the Administrator has no other legal basis allowing for the processing of the Client/User’s data and the objection is justified, the personal data to which the objection relates will be deleted.
The right to request the restriction of personal data processing is exercised under Article 18 of GDPR
The Client/User has the right to request the restriction of his personal data when:
he disputes the accuracy of his personal data – the personal data administrator will restrict the processing of the Client/User’s data for a period allowing for the verification of the accuracy of this data,
the processing of personal data by the Client/User is unlawful, and instead of deleting personal data, the Client/User requests the restriction of processing of his personal data,
the Client/User’s personal data is no longer needed for processing purposes, but it is needed to establish, exercise, or defend the Client/User’s legal claims,
when the Client/User has objected to the processing of his personal data – in this case, the processing restriction occurs until it is determined whether the legitimate interests on the part of the personal data administrator override the grounds indicated in the Client/User’s objection.
VII. The right to data portability (Article 20 of GDPR)
The Client/User has the right to receive his personal data from the Administrator in a structured, commonly used, and machine-readable format and to transmit it to another personal data administrator.
You may also request that the personal data administrator directly transfer the Client/User’s personal data to another personal data administrator (if technically possible).
VIII. The Client also has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding the violation of his rights to personal data protection or other rights granted under GDPR.
Cookies Policy, Operational Data, and Analytics
The Website uses small files called cookies, which are stored on the User’s and Client’s computer or other end device if the web browser allows it. Cookies usually contain the domain name from which they originate, the time they are stored on the device, and an assigned value.
2. Cookies are used to optimize the process of using the Website, to collect statistical data that allows identifying how Users use the Website, which enables improving the structure of the Website. They are also necessary to maintain the Client’s session after leaving the Website.
The Administrator uses two types of Cookies:
a) Session Cookies (temporary): they are stored on the Client’s end device and remain there until the session of the given browser is terminated. The stored information is then permanently deleted from the device’s memory. The session cookies mechanism does not allow the collection of any personal data or any confidential information from the Client’s device.
b) Persistent Cookies: they are stored on the Client’s device and remain there until they are deleted. Ending the session of a given browser or turning off the device does not delete them from the Client’s device. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the Client’s device.
The Administrator uses Google Analytics tracking code to analyze Website statistics and manage Ads; detailed information about Google Analytics can be found at https://support.google.com/analytics/answer/6004245.
The Client may change cookie settings at any time using the web browser he uses, including blocking the ability to collect cookies. Such action may make it difficult or impossible to use the services and tools of the Website, including preventing the submission of an Order.
If the Client decides that he does not agree to the use of cookies for the purposes described above, he may delete them manually at any time. Detailed instructions and information regarding cookies are contained in the help menu of the web browser currently used by the Client. Examples of web browsers that support these cookies include: Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Safari, Microsoft Edge.
Some external entities operating within the Website enable Users to withdraw consent to the collection and use of data for advertising purposes based on the Client’s activity. More information about this and the ability to make choices can be found, for example, on the website: www.youronlinechoices.com.
It is also possible to block certain Ads via https://optout.aboutads.info/?c=2&lang=EN or https://www.privacyrights.org/consumer-guides/how-opt-out-targeted-advertising
Additional information about cookies is available, for example, at http://www.allaboutcookies.org/
Operational data collected in the logs is used by the Administrator for the provision of services. They are also processed for technical purposes, including for the purposes of administering servers and ensuring the security of IT systems. These data may be transferred to the entities authorized under the law, especially in the case of security incidents or threats.
Final Provisions
The Privacy Policy is reviewed periodically and updated as necessary.
The current version of the Privacy Policy has been in effect since September 15, 2024.
Privacy Policy update date: September 15, 2024
