PRIVACY POLICY
-
- Definitions
- Company or Data Controller: CAT Mosolf Polska spółka z ograniczoną odpowiedzialnością with its registered office in Ciemno-Gnojna, address: ul. Krakowska 10, 96-320 Mszczonów, entered in the Register of Entrepreneurs kept by the District Court for Łódź-Śródmieście in Łódź, Commercial Court, XX Commercial Division of the National Court Register, under the KRS number: 0000033437, NIP (Tax Identification Number) 522-21-47-901, share capital of PLN 61,444,000.00, phone: +48 46 857 27 50, fax: +48 46 857 27 64, email: .
- Site: the website maintained by the Data Controller via the internet, operating at https://www.cmpl.pl/;
- Personal data: personal data within the meaning of the General Data Protection Regulation (GDPR), i.e., any information relating to an identified or identifiable natural person;
- User: any natural person visiting the website at https://www.cmpl.pl/;
- DATACAR: DATACAR system service for car importers and dealers available under the “Datacar” tab at http://91.230.75.68:100/;
- Policy or Privacy Policy: this Privacy Policy available at cmpl.pl;
- Act on Providing Services by Electronic Means: Act of 18 July 2002 on Providing Services by Electronic Means (consolidated text of 6 February 2020, Journal of Laws of 2020, item 344, as amended);
- GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1).
- Personal data protection: general provisions
- Any User of the website https://www.cmpl.pl/ browsing content in the public area of the Site may provide their data, both personally identifiable (including personal data) and anonymous data. The Company makes every effort to ensure the confidentiality, integrity and security of the data provided, as well as to protect it from access by third parties without an explicit legal basis. With regard to the processing of personal data, the Data Controller shall comply in particular with the principles set forth in the GDPR.
- In matters related to the protection of Personal Data, you can contact the Data Controller:
- by writing to the address: CAT Mosolf Polska sp. z o.o., Ciemno Gnojna, ul. Krakowska 10, 96-320 Mszczonów,
- by email at: ,
- by phone: +48 46 857 27 50, fax: +48 46 857 27 64.
- The Data Controller states that it has appointed a data protection officer, who is Mr. Bartosz Świątek. The Data Protection Officer can be contacted by e-mail at: .
- This Policy is intended to notify the Users how the Company, as the Data Controller, uses personal data, what information is collected and evaluated about Users and then used, transferred to third parties, or otherwise processed.
- This Policy applies only to the Site operated by the Company and does not apply to online services offered by third parties.
- Personal data provided via forms available on the Site are treated as confidential and are not visible to unauthorized parties.
- Collection of information by the Data Controller
- The Data Controller shall collect the Users’ data, including their Personal data, for specific, clearly specified and legitimate purposes and shall not treat them in a manner incompatible with those purposes. If it is necessary to collect data for a specific purpose, the Data Controller shall inform the person concerned in an effort to present the full information clause on data processing during or, if possible, prior to the collection of such data.
- The data controller undertakes to collect only data that is adequate, relevant and not beyond the purpose for which it is collected.
- Through the Site, the Data Controller may come into possession of data:
- provided directly by Users, including:
- data of persons contacting the Data Controller using the contact details of the Data Controller available on the Site or using the contact form;
- data of persons providing their data for recruitment purposes (via the “Career” tab);
- data of persons with a registered DATACAR User account;
- data of persons who use the Company’s fanpages on social networks that can be accessed via the integrated plug-ins provided on the Site, i.e:
- “Facebook” (whose provider is Meta Platforms, Inc., and for users in the European Union, EEA, Switzerland and the United Kingdom – Meta Platforms Ireland Limited; hereinafter to as “Facebook”); the plug-in on the Site can be recognised by the “Facebook” logo; the Company’s fanpage is available at: https://www.facebook.com/catmosolfpolska,
- “LinkedIn” (whose provider is LinkedIn Corporation, and for users in the European Union, EEA and Switzerland – LinkedIn Ireland Unlimited Company – hereinafter referred to as “LinkedIn”); the plug-in on the Site can be recognised by the “LinkedIn” logo; the Company’s fanpage is available at: https://pl.linkedin.com/company/catmosolfpolska,
- data collected automatically:
- for reasons of data security and in order to optimize the ease of use of the Site, the Data Controller may also collect data, including information about the internet browser, operating system, domain name of the site visited before entering the Site, number of visits, and time spent on the Site and specific pages;
- data collected automatically is not linked to data from other sources; The Data Controller shall take all necessary measures to ensure that the indicated data collected automatically does not identify individuals, i.e., that it does not have the character of personal data; However, the Data Controller reserves the right to retrospectively verify data collected automatically and to take all necessary measures within the limits of the law to determine the source of the data in justified cases, in particular, if there are signs of illegal use of information or other unlawful activities.
- provided directly by Users, including:
- The Company is a separate controller from the providers indicated in point 4 above of the Personal Data processed through Facebook and LinkedIn that is provided in connection with the use of the fanpage, including by observing or liking the fanpage, interacting with other users of the fanpage, adding posts, adding reactions to posts, adding comments, sharing posts, and reading information directed to the Company in private messages or in chat.
- Subject to point 5 below, in the case of Users’ use of the social networks Facebook and LinkedIn, the controller of the Personal data processed through these networks, in particular in connection with the registration and maintenance of accounts on these networks, shall be the relevant providers, as follows: in the case of Facebook (for users from the European Union, EEA, Switzerland and the United Kingdom): Meta Platforms Ireland Limited, mailing address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, which can be contacted by letter to the address provided or electronically via the dedicated platform available at: https://www.facebook.com/help/contact/1650115808681298; for more information on the processing of Personal Data by the Facebook portal provider, please see the privacy notices at: https://www.facebook.com/privacy/policy/?entry_point=facebook_page_footer,
- for LinkedIn (for users from the European Union, EEA and Switzerland): LinkedIn Ireland Unlimited Company, mailing address: Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2 Ireland, who can be contacted by letter at the address provided or electronically via the dedicated platform available at: https://www.linkedin.com/help/linkedin/ask/ppq; for more information on the processing of Personal Data by the LinkedIn portal provider, please refer to the “Privacy Policy” available at: https://pl.linkedin.com/legal/privacy-policy.
- The Company is a separate controller from the providers indicated in point 4 above of the Personal Data processed through Facebook and LinkedIn that is provided in connection with the use of the fanpage, including by observing or liking the fanpage, interacting with other users of the fanpage, adding posts, adding reactions to posts, adding comments, sharing posts, and reading information directed to the Company in private messages or in chat.
- Principles of personal data processing
-
- The Data Controller processes Personal Data:
- in accordance with data protection regulations, in particular the GDPR;
- in accordance with this Policy.
- The categories, legal grounds, and period of processing of Personal Data are determined separately for each purpose of processing, on the principles described in this section.
- The Data Controller shall process the following categories of personal data:
- Personal data of persons with a registered DATACAR User account, logging into an already registered account: the legal basis for the processing of personal data in this case is Article 6(1)(b) of the GDPR, which means that the processing is necessary for the performance of an agreement for the provision of electronic services consisting in the registration and maintenance of DATACAR User account, to which the User is a party;
- Personal data provided for recruitment purposes (via the “Careers” tab): the legal basis for the processing of personal data in this case is Article 6(1)(b) of the GDPR, which means that the processing is necessary to take action at the request of the data subject prior to entering into an agreement, namely for the purpose of conducting recruitment proceedings;
- Personal data of persons contacting the Data Controller using the Controller’s contact details available on the Site or using the contact form: the legal basis for the processing of personal data in this case is Article 6(1)(f) of the GDPR, which means that the processing is necessary for purposes arising from the legitimate interests pursued by the Data Controller or by a third party, which include the need to consider an individual case reported by the User, including responding to the submitted inquiry;
- Personal data od persons using the Company’s fanpages available on Facebook and LinkedIn – the legal basis for the processing of personal data in this case is Article 6(1)(f) of the GDPR, which means that the processing is necessary for purposes arising from the legitimate interests pursued by the Data Controller or by a third party, which include the promotion of the Company, the CMPL brand and the services provided by the Company, enabling Users to use the fanpages, including viewing posts, sharing posts, writing comments, adding reactions, sending private messages to the Company or using the chat and responding to the query submitted.
- Personal data may also be processed on the basis of:
- Article 6(1)(f) of the GDPR, which means that the processing is necessary for the purposes of legitimate interests pursued by the Data Controller or by a third party, which include, among others, establishing, investigating and defending against claims, investigating filed complaints regarding services offered by the Data Controller, processing personal data of individuals dedicated to the performance of an agreement concluded between the counterparty and the Company, provided by the counterparty of the Data Controller;
- Article 6(1)(a) of the GDPR—with regard to personal data provided by Users optionally, other than those required for a given purpose of processing, with their consent, including personal data provided in recruitment documents (CV, cover letter, etc.), beyond that required by law or beyond that necessary for the Data Controller to recruit for a specific position (if provided), and personal data processed for future recruitment (if consent is given).
- The provision of personal data is, as a rule, voluntary, but necessary to fulfil the purpose for which they are provided. The consequences of not providing the data may include:
- for the data specified in item 3.a.: inability to register and maintain a DATACAR User account;
- for the data specified in item 3.b.: inability to participate in the recruitment process;
- for the data specified in item 3.c.: inability to receive feedback from the Company or review an individual case reported by the User;
- for the data specified in item 3.d.: the inability of the User to use the Company’s fanpages, to obtain information available on these fanpages or to make contact via private messages or chat.
- The Data Controller processes Personal Data:
In the case of Personal Data provided optionally (with consent), there are no consequences for not providing it.
- Recipients of personal data may include, in particular, entities processing personal data on behalf of the Data Controller, including IT and hosting service providers, entities providing telecommunications services, entities providing accounting services, entities providing consulting services, including legal, tax and other services, counterparties of the Data Controller, if it is necessary for the performance of an agreement for the provision of electronic services, entities from the group of companies to which the Data Controller belongs, the providers of the social networks on which the Company maintains its fanpages (Facebook, LinkedIn). Personal data processed for recruitment purposes may also be shared with recruitment intermediaries and recruitment process supporters, including recruitment companies and other training companies.
- Personal data may be processed, respectively, for the duration of the agreement for the provision of electronic services or for the time necessary to review an individual case reported by the User via the contact details or via the contact form available on the Site, as well as afterwards, i.e., for the period of time required by applicable laws, including in connection with the retention of documents necessary for tax purposes or until the statute of limitations for claims—whichever is longer. In the case of data processed for the purpose of conducting recruitment proceedings, Personal Data may be processed for the duration of the current recruitment, and with regard to future recruitment (if consent has been given), for a further period of 3 years from the moment of consent, unless it is withdrawn earlier. In the case of Personal Data processed through social networks, the Personal Data may be processed for the duration of the given fanpage or the existence of the User’s account on that social network or until the Personal Data is deleted by the User or by the provider of the given social network.
- Users have the following rights in connection with the processing of their personal data:
- right to access personal data;
- right to rectify personal data;
- right to erase personal data (right to be forgotten);
- right to restrict the processing of personal data.
- In the case of personal data specified in 3 c. and 4.a. (legitimate interest pursued by the Data Controller or by a third party), Users have the right to object to the processing of personal data if it is related to their particular situation.
- In the case of personal data specified in item 3.a. (conclusion of an agreement), item 3.b. (recruitment procedure) and item 4.b. (data provided voluntarily with consent), Users also have the right to data portability if the processing is carried out by automated means.
- In the case of personal data specified in item 4.b. (data provided voluntarily with consent), Users additionally have the right to withdraw their consent at any time, which does not affect the legality of the processing performed prior to withdrawal.
- Exercise of the rights referred to in items 8–11 above may be carried out by submitting an appropriate request to the Data Controller:
- by writing to the address: CAT Mosolf Polska sp. z o.o., Ciemno Gnojna, ul. Krakowska 10, 96-320 Mszczonów,
- by email at: ,
- by phone: +48 46 857 27 50, fax: +48 46 857 27 64.
- Users have the right to file a complaint to the supervisory authority, which in Poland is the President of the Personal Data Protection Office (address: ul. Stawki 2, 00-193 Warsaw).
- Decisions shall not be made in an automated manner in relation to the personal data provided, including on the basis of profiling. In the case of personal data processed for the recruitment process, individuals participating in the recruitment process may be asked to solve competency, personality, or recruitment exercises or tests (profiling), but the results of these tests shall not form the basis for employment decisions.
-
- Cookies
- The site at https://www.cmpl.pl/ uses cookies. Cookies are small text files sent by a website to a browser and stored by the browser software. When your browser reconnects to the Site, the Site recognizes the type of device from which you are connecting. The parameters allow only the server that created them to read the information contained in them. Browser security allows cookies to be read only from the domain on which they were created, or from lower-level domains. Cookies thus facilitate the use of previously visited sites.
- The information collected relates to IP address, type of browser used, language, type of operating system, ISP, time and date information, location, and information sent to the site via the contact form. In some cases, cookies may also store other temporary data, such as the status of items on the Site or the history of previously visited pages (on a particular site).
- Cookies identify the user so that the content of the site they use can be tailored to their needs. By remembering the users’ preferences, they make it possible to create personalized websites, create usability statistics for a given site, study users’ preferences, and tailor targeted advertisements accordingly.
- When using the site at https://www.cmpl.pl/, the following cookies are used:
- necessary cookies that enable the use of services available on the site, such as authentication cookies used for services that require authentication on the site;
- performance cookies that allow collecting information about the use of the website;
- functional cookies that allow saving the user’s selected settings and personalizing the user’s interface, e.g., with regard to the selected language or region of the user’s origin, font size, website design, etc.
- The data collected is used to monitor and see how users use the site in order to improve the website by providing a more efficient and seamless navigation experience. The Company monitors user information using the Google Analytics tool, which records user behaviour on the site:
- the owner of the Google Analytics tool is Google Analytics of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA;
- as a rule, the data concerning User behaviour collected by cookies is transferred to a Google server in the USA and stored there; if IP anonymization is activated in online services, Google collects your abbreviated IP address in the member states of the European Union and the European Economic Area; only in exceptional cases is your full IP address transferred to a Google server in the USA and abbreviated there;
- on behalf of the operator of online services, Google uses the information to evaluate the use of online services, to compile reports on these activities, and to provide other services to the site operator in connection with the use of online services and activities on the Internet;
- the IP address transmitted by your browser as part of Google Analytics shall not be associated with other data held by Google; you can avoid the storage of cookies by selecting the appropriate setting in your browser, however, this may hinder the use of the website or some of its functionalities; in addition, you can prevent the storage of data generated by cookies and their use by Google by downloading and installing the browser plug-in available at: (https://tools.google.com/dlpage/gaoptout?hl=en);
- for detailed information on the terms of use and privacy policy, please visit google.com/analytics/terms/gb.html lub https://www.google.com/policies/.
- Instructions for managing cookies are also available at http://www.allaboutcookies.org/manage-cookies.
- Users have the option to disable cookies in their browser at any time if they do not want the files to be stored on their computer or other device. Cookies can be turned off permanently or in connection with a running session. However, please be aware that disabling cookies on your browser may affect the operation of the Site, as well as on any other websites you visit.
- Information on how to delete stored cookies, as well as how to change your browser settings for storing cookies, is available at the following addresses:
- Chrome: https://support.google.com/chrome/answer/95647?hl=pl
- Firefox: https://support.mozilla.org/pl/kb/usuwanie-ciasteczek-i-danych-stron-firefox?redirectslug=usuwanie-ciasteczek&redirectlocale=pl
- Internet Explorer: https://support.microsoft.com/pl-pl/help/278835/how-to-delete-cookie-files-in-internet-explorer
- Opera: https://help.opera.com/pl/latest/web-preferences/#cookies
- Safari: https://support.apple.com/pl-pl/guide/safari/sfri11471/mac.
- The use of social networks may also involve the collection and use of cookies. In this case, the provider of the given portal has access to the cookies. More information on the collection and use of cookies in connection with the use of social networks can be found in the information on cookies available on the given social network.
- Final provisions
- The Company reserves the right to amend this Policy. Any changes to the Policy shall take effect on the date specified by the Company, which shall not be less than 7 days from the date they are made available at https://www.cmpl.pl/.
- Using the site at https://www.cmpl.pl/ means that you agree to the terms and conditions of this Policy.
- Definitions