I. Regulations on the liability of websites as the entity managing and running websites.
- The website administrator is Nomad Electric sp. z o. o.
- The author of the content and graphic works contained on the websites is Nomad Electric sp. z o.o.
- The site along with all its components is protected by applicable law, in particular the Act of February 4, 1994 on Copyright and Related Rights.
- The authors of the placed graphic works and content do not agree to their publication or modification in any way (publications, publications, presentations, websites and otherwise included in the Copyright Protection Act) without their written consent.
- Users have the right to use all content published on websites, provided that they do not infringe copyright. No part of the site may be used for commercial purposes without the prior consent of the site owner.
- The website owner and its authors are not responsible for any moral and financial losses incurred as a result of using the content on the websites.
- Websites use “cookies”, which are used to identify the browser when using the site. Cookies do not collect any personal data. Collected data such as the type of user’s browser, time spent on the site, etc. are used when analyzing the statistics of individual websites.
- The commercial offer presented on the websites does not constitute an offer within the meaning of the Civil Code, art. 66 § 1 of the Civil Code and other relevant legal provisions. Each page is for information purposes only.
II. Personal data protection
- Personal data is processed by Nomad Electric sp. Z oo in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter: GDPR), as well as on the basis of other provisions regulating the protection of personal data.
- Personal data collected through all types of forms placed on the Administrator’s websites, including, among others: such information as: name and surname, contact telephone number, e-mail address, are only used to identify the Customer, establish commercial contact with them, providing the Customer with materials prepared by the Administrator, providing the valuation of services carried out by the Administrator, conducting trade negotiations with the Customer and possibly signing and performing the contract.
- Personal data collected through all types of forms posted on the Administrator’s websites are processed on the basis of the consent of the person (art.6 par.1 lit.a RODO), as well as on the basis of art. 6 clause 1 lit. b) GDPR, i.e. their processing is necessary for the performance of a contract to which the data subject is party or to take action at the request of the data subject before concluding the contract.
- At any time, consent to the processing of personal data may be withdrawn by the Administrator’s clients. Withdrawal of consent to data processing does not affect the lawfulness of data processing carried out by the Administrator on the basis of consent before its withdrawal.
- Withdrawal of consent may take place by sending an appropriate statement to the e-mail address: firstname.lastname@example.org.
- The categories of recipients to whom the personal data of the Administrator’s Customers may be disclosed are: employees, Administrator’s associates, accounting office, law firms, national debt registers.
- Nomad Electric sp. z o. o. Processes clients’ personal data using computer systems and software ensuring the highest level of security for processing such personal data (such as encryption and anonymization of transmitted information, cyclical changes in system access passwords). The administrator processes personal data of his clients outside the IT system using technical and organizational measures ensuring the highest level of security of personal data processing.
- The data subject has the right to access their data and rectify it, delete it (the right to be forgotten), limit their processing, the right to transfer data, the right to withdraw consent to their processing at any time without affecting compliance with the right of processing carried out on the basis of consent before its withdrawal.
- The data subject has the right to object to the processing of his data by the Administrator. The objection should be submitted to: email@example.com.
- If the data subject considers that the processing of his personal data by the Administrator violates the provisions of the Regulation on the protection of personal data, he has the right to lodge a complaint to the Inspector General for Personal Data Protection, who after the entry into force of the Regulation on the protection of personal data will be replaced by the President Office for Personal Data Protection.
III. The obligation of the Administrator’s transparent communication with the data subject (Article 12 of the GDPR):
- The administrator in a concise, transparent, understandable and easily accessible form, in a clear and simple language – in particular when information is directed to the child – shall provide the data subject with all information referred to in art. 13 and 14 of the GDPR, and conducts all communication with her pursuant to art. 15-22 and 34 GDPR. Information shall be provided in writing or by other means, including by electronic means where appropriate. If the data subject so requests, information can be provided orally, provided that the identity of the data subject is confirmed in other ways.
- If the Administrator has reasonable doubts as to the identity of the natural person submitting the request referred to in art. 15-21 GDPR, may request additional information necessary to confirm the identity of the data subject.
IV. Responsibilities of the Personal Data Administrator when processing personal data
- The duties of Nomad Electric sp.z o.o., as the administrator of personal data arising directly from the GDPR, are in particular:
- Including data protection in the design phase and default data protection – In order to fulfill this obligation, the Administrator has implemented appropriate technical and organizational measures, such as pseudonymisation, designed to effectively implement the principles of data protection, such as data minimization, and to give processing the necessary safeguards so as to protect the rights of data subjects as much as possible.
- Entrusting data for processing on the basis of a written agreement – The administrator uses only the services of such processing entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures to protect the rights of data subjects.
- Recording processing activities: The administrator is obliged to keep a register of personal data processing activities; The administrator makes the register available at the request of the supervisory authority.
- Security of processing. Nomad Electric sp.z o.o. has implemented and applies the following technical and organizational measures to minimize the risk of personal data breach: a) pseudonymisation and encryption of personal data; b) the ability to continually ensure the confidentiality, integrity, availability and resilience of processing systems and services; c) the ability to quickly restore the accessibility of personal data and access to it in the event of a physical or technical incident; d) regularly testing, measuring and assessing the effectiveness of technical and organizational measures to ensure security of processing.
- When assessing whether the level of security is adequate, the Administrator takes into account in particular the risk of processing, in particular resulting from accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data sent, stored or otherwise processed.
- Reporting a personal data breach to the supervisory authority. In the event of a breach of personal data protection, the Administrator shall, without undue delay after finding a breach – report it to the supervisory body, unless it is unlikely that the breach would result in a risk of violation of the rights or freedoms of natural persons.
- If a breach of personal data protection may cause a high risk of violation of the rights or freedoms of natural persons, the administrator shall without undue delay notify the data subject of such a breach.
- Conducting a data protection impact assessment. If a given type of processing – in particular with the use of new technologies – due to its nature, scope, context and objectives is likely to cause a high risk of violation of the rights or freedoms of natural persons, the Administrator is obliged to assess the effects of planned processing operations for personal data protection.
- Conducting prior consultations. If the assessment of the effects on data protection indicates that the processing would pose a high risk if the Administrator did not apply measures to minimize this risk, then before starting the processing, the Administrator will consult the supervisory authority on the possibilities and methods of processing.
V. Processing of data of minors
- By assumption, all activities of Nomad Electric sp. z o.o. are directed at adults who can make decisions or influence their making. If the legal guardians of a minor have information that they have filled out the form available on the websites of websites belonging to the Administrator, please contact the Administrator to delete this data from the database, or withdraw consent by sending an appropriate e-mail to the address: firstname.lastname@example.org.
VI. Rights of website users belonging to Nomad Electric sp. Z o.o.
- Data subject:
a. is entitled to obtain confirmation from the Administrator whether personal data concerning him are being processed, and if this is the case, he is entitled to access them (Article 15 of the GDPR),
b. has the right to request the Administrator to immediately rectify any personal data concerning him that is incorrect (Article 16 GDPR),
c. has the right to request the Administrator to immediately delete personal data concerning him in the specified circumstances (Article 17 GDPR),
d. has the right to request the Administrator to limit data processing in specified cases (Article 18 GDPR),
e. has the right to receive in a structured, commonly used machine-readable format, personal data concerning him which has been provided by the Administrator, and
f. has the right, in the aforementioned cases, to send this personal data to another administrator without hindrance by the administrator to whom the data was provided (Article 20 of the GDPR),
g. has the right to object to the processing of personal data concerning him (Article 21 of the GDPR),
h. has the right not to be subject to a decision that is based solely on the automated processing of her personal data, including profiling (Article 22 GDPR).
VII. The right to change the policy