The following information provides a concise, understandable, and transparent summary of the information included in the Privacy Policy regarding the Data Controller, the purpose and method of personal data processing, and your rights related to this processing, in the form required to fulfill the GDPR information obligation. Details regarding the processing method and entities involved in this process are available in the indicated policy.
Who is the data controller?
The Personal Data Controller (hereinafter referred to as the “Controller”) is the company COAT-IT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, UL. IGNACEGO MOŚCICKIEGO 1, 24-110 PUŁAWY, NIP: 9662131668, providing electronic services through the Service.
How can you contact the data controller?
You can contact the Controller in one of the following ways:
- Postal address: COAT-IT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, UL. IGNACEGO MOŚCICKIEGO 1, 24-110 PUŁAWY, NIP: 9662131668
- Email address: patrycja@coat-it.pl
- Contact form: available at /kontakt
Has the Controller appointed a Data Protection Officer?
Pursuant to Article 37 of the GDPR, the Controller has not appointed a Data Protection Officer.
For matters related to data processing, including personal data, please contact the Controller directly.
Where do we obtain personal data and what are their sources?
Data is obtained from the following sources:
- From the individuals to whom the data pertains
- In the case of registration using social media platforms, with the expressed and informed consent of those individuals, from those social media platforms
What is the scope of personal data processed by us?
The Service processes ordinary personal data voluntarily provided by the individuals to whom the data pertains (e.g., name, surname, login, email address, phone number, IP address, etc.).
The detailed scope of processed data is available in the Privacy Policy.
What are the purposes of processing your data?
Personal data voluntarily provided by Users is processed for one of the following purposes:
- Provision of electronic services:
- User account registration and maintenance in the Service and related functionalities
- Newsletter services (including sending promotional content with consent)
- Commenting/liking posts in the Service without the need for registration
- Communication between the Controller and Users regarding matters related to the Service and data protection
- Ensuring the legally justified interest of the Controller
What are the legal bases for data processing?
The Service collects and processes User data based on:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation):
- Article 6(1)(a): the data subject has given consent to the processing of their personal data for one or more specific purposes
- Article 6(1)(b): processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract
- Article 6(1)(f): processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
- Act of 10 May 2018 on Personal Data Protection (Journal of Laws 2018, item 1000)
- Act of 16 July 2004 on Telecommunications Law (Journal of Laws 2004, No. 171, item 1800)
- Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)
What is the legitimate interest pursued by the Controller?
For the purpose of potential establishment, exercise, or defense against claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR) in protecting our rights, including, among others:
- Assessing the risk of potential clients
- Evaluating planned marketing campaigns
- Conducting direct marketing
For how long do we process personal data?
As a rule, the indicated personal data is stored only for the duration of the service provision within the Service operated by the Controller. It is deleted or anonymized within 30 days from the termination of the service (e.g., deletion of a registered user account, unsubscribing from the Newsletter, etc.).
In exceptional cases, to safeguard the legitimate interest pursued by the Controller, this period may be extended. In such a situation, the Controller will store the indicated data, from the time of the User’s request for deletion, for no longer than 3 years in the event of a breach or suspected breach of the Service’s terms by the data subject.
Who is the recipient of the data, including personal data?
As a rule, the only recipient of the data is the Controller.
However, data processing may be entrusted to other entities providing services to the Controller to maintain the operation of the Service.
Such entities may include, among others:
- Hosting companies providing hosting or related services for the Controller
- Companies providing Newsletter services
- Companies intermediating in online payments for goods or services offered within the Service (in the case of purchase transactions in the Service)
- Companies intermediating in mobile payments for goods or services offered within the Service (in the case of purchase transactions in the Service)
Will your personal data be transferred outside the European Union?
Personal data will not be transferred outside the European Union, unless published as a result of an individual User action (e.g., posting a comment or entry), making the data accessible to anyone visiting the Service.
Will personal data be used for automated decision-making?
Personal data will not be used for automated decision-making (profiling).
What rights do you have regarding the processing of personal data?
- Right to access personal data: Users have the right to access their personal data, exercised upon request to the Controller.
- Right to rectify personal data: Users have the right to request the Controller to immediately rectify inaccurate or incomplete personal data, exercised upon request to the Controller.
- Right to erasure of personal data: Users have the right to request the Controller to immediately delete their personal data, exercised upon request to the Controller. In the case of user accounts, data deletion involves anonymizing data enabling User identification. In the case of the Newsletter service, the User can independently delete their personal data using the link provided in each email.
- Right to restrict processing of personal data: Users have the right to restrict the processing of personal data in cases specified in Article 18 of the GDPR, e.g., disputing the accuracy of personal data, exercised upon request to the Controller.
- Right to data portability: Users have the right to receive their personal data from the Controller in a structured, commonly used, machine-readable format, exercised upon request to the Controller.
- Right to object to the processing of personal data: Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, exercised upon request to the Controller.
- Right to lodge a complaint: Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection.