1. Definitions
Controller – Treeco Marcin Biłka Agnieszka Biłka spółka cywilna, registered at the address: Naszacowice 149, 33-386 Podegrodzie. Nip: 817-215-22-37, e-mail: treeco@treeco.pl
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
Website – the website operated by the Controller at www.treeco.pl
User – any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.
2. Data processing
When the User uses the Website, the Controller collects data as required to provide individual services. Below you can find a detailed description of the principles and purposes of the processing of personal data collected when the User uses the Website.
3. Aims and legal basis of data processing
Personal data of all Users using the Website (including IP address or other identifiers and information collected through cookies) are processed by the Controller:
- for the purpose of providing electronic services to make the content collected on the Website available to the Users; in this case, the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) of the GDPR),
- for analytical and statistical purposes; in this case, the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), which involves conducting analyses of the Users’ activities,
- for the purpose of establishing, pursuing or defending claims, if any; the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) in protecting your rights.
The User’s activity on the Website, including their personal data, is registered in system logs (a special computer programme used to keep a chronological record comprising information on events and activities concerning the IT system used for the provision of services by the Controller). The information collected in logs is processed primarily for service provision purposes. The Controller processes it also for technical and administrative purposes, to manage and ensure the security of the IT system, as well as for analytical and statistical purposes; the legal basis for processing in this regard is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR).
4. Contact form
The Controller makes it possible to contact it through electronic contact forms on the Website. To use a form, the User needs to provide their personal data necessary to contact them. It is required to provide the data designated as mandatory to enable us to accept and handle your enquiry, and failure to do so makes the service impossible.
Your personal data are processed:
- for the purpose of identifying you as the sender and handling your enquiry sent via the form provided; the legal basis for the processing is the necessity of the processing for the performance of a service contract (Article 6(1)(b) of the GDPR);
- for analytical and statistical purposes – the legal basis for the processing is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR), which involves keeping statistics on enquiries made by Users via the Website, with a view to improving the Website’s functionality.
5. Marketing
The Controller processes the personal data of Users for the purpose of conducting marketing activities, which may involve:
- displaying marketing content corresponding to the User’s interests (behavioural advertising);
- displaying marketing content not tailored to the User’s preferences (contextual advertising).
The Controller uses profiling in some cases to perform marketing activities. This means that the Controller uses automated processing to assess selected factors about individuals for the purpose of analysing their behaviour or making predictions for the future.
The Controller processes the personal data of all Users for marketing purposes in relation to contextual advertising (i.e. advertising that is not tailored to the User’s preferences). The processing of personal data is then performed in the context of the Controller’s legitimate interest (Article 6(1)(f) of the GDPR).
The Controller and its partners process the Users’ personal data, including personal data collected through cookies (described below), for marketing purposes in connection with behavioural advertising (i.e. advertising tailored to the User’s preferences). Personal data processing then also includes profiling of the Users. Using personal data collected through this technology for marketing purposes, in particular for the promotion of services and goods of third parties, requires the User’s consent. You can withdraw this consent at any time.
6. Cookies
The Controller’s website uses cookies. Where the User does not change their browser settings, they agree to their use. Cookies utilize a short piece of text information stored on a user’s computer, phone, tablet or other device. They may be read by the Controller and by systems owned by other entities whose services the Controller uses (such as Google). Cookies typically contain the name of the website from which they originate, the length of time they are stored on the end device and a unique number. Please visit www.allaboutcookies.org for more details on cookies.
The cookies used on the website do not store personal data or any other information collected from the User. The website uses cookies to identify your browser session so that you can use the website features. It is not possible to use cookies to retrieve any of the User’s personal or address details, or any confidential information from the User’s computer.
We use cookies for the following purposes: to keep our services secure and prevent fraud, to facilitate website performance, to record visits for marketing and statistical purposes, to use social features, and to support website personalisation (e.g. storing language settings). Cookies may also be used and placed by the Controller’s partners; in this case, they are subject to the cookie policies or privacy policies of the entities posting such cookies.
The Controller reserves the right to use the Google Tag Manager tool for marketing purposes. This entails the use of cookies from Google, e.g. Google Analytics codes.
The scope and purpose of data collection, as well as contact channels, means of exercising your rights and making privacy settings, are described in the privacy policies of the respective service providers.
Your web browser by default allows the use of cookies on your device. Please note that you can change the settings in your web browser, by completely blocking the automatic handling of cookies or requesting a notification each time cookies are placed on your device.
For Google Chrome, you can find instructions here: https://support.google.com/chrome/answer/95647?hl=en
For Mozilla Firefox, you can find instructions here: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
For Safari, you can find instructions here: – https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
For Microsoft Edge, you can find instructions here: https://docs.microsoft.com/en-us/microsoft-edge/devtools-guide/debugger/cookies
If you use Internet Explorer, the Controller recommends changing your tool to one of the above, and instructions can be found at: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
The Controller considers it necessary to warn you that if you disable or restrict the use of cookies, this may result in difficulties in using the website and make its functionality more limited.
7. Processing of user data
Within the European Economic Area (EEA):
As part of the Website, User data are processed by entities cooperating with the Controller, which are required to observe high privacy standards analogous to those contained in the Policy, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
For the HotJar tool (headquarters: Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) – The data collected will, as a general rule, make it impossible to identify any specific individual; for more details on the tool’s privacy standards, see the GDPR Commitment and Do Not Track link
For Youlead sp. z o.o. (address: ul. Wrzesińska 12 / 39; 03-713 Warsaw) – The tool serves for sales process automation; for more details on the tool’s privacy standards, see https://www.youlead.pl/pl/twoje-dane-1/
Outside the European Economic Area (EEA):
In view of the fact that some of the Controller’s associates are based outside the European Union and are therefore regarded as third countries under the GDPR, the Controller warrants that, in compliance with the European Commission’s implementing decision of 12 July 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_pl), in such cases, data are transferred to entities in the United States that have joined the Privacy Shield programme (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
For Google Inc. (headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – The data collected make it impossible to identify a specific person. For more details on the tool’s privacy standards, see https://policies.google.com/technologies/partner-sites?hl=pl, to disable activity measured by Google Analytics, go to the following link: https://tools.google.com/dlpage/gaoptout.
For Facebook Inc. (headquarters Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA) – https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. The data collected, as a general rule, do not make it possible to identify a specific person; for more details on the tool’s privacy standards, go to https://www.facebook.com/about/privacyshield.
The above companies thus guarantee compliance with data protection standards analogous to the Regulation, and the Controller’s use of their technology in processing personal data is lawful.
8. Period of personal data processing
How long the Controller processes your data depends on the type of service provided and the purpose of the processing. As a general rule, your data will be processed for the time of providing a service or processing an order, until you withdraw your consent or make an effective objection to data processing where the Controller’s legitimate interest is the legal basis for the processing.
It is possible to extend the processing period in the event that the processing is required to establish, assert or defend claims, if any, and thereafter only if and to the extent required by law. Once the processing period is over, the data are irreversibly erased or anonymised.
9. User rights
The User has the right to:
- access the content of their data and request to have their data rectified,
- erase their data,
- limit the processing of their data,
- data portability,
- object to the processing,
- lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office ul. Stawki 2, 00-193 Warszawa.
In so far as your data are processed based on your consent, you may withdraw it at any time by contacting the Controller.
The User has the right to object to the processing of data for marketing purposes where the processing is related to the Controller’s legitimate interest and, for reasons attributable to the User’s particular situation, in other cases where the processing is based on the Controller’s legitimate interest (e.g. in connection with analytical and statistical purposes).
10. Recipients of data
When providing services, we will disclose personal data to external entities, including in particular suppliers in charge of operating IT systems, marketing agencies (for marketing services) and entities related to the Controller.
If the User gives their consent, their data may also be shared with other entities for their own purposes, including marketing purposes.
The Controller reserves the right to disclose selected information about the User to competent authorities or third parties who request such information on an adequate legal basis and in compliance with the applicable law.
11. Contact us
You can contact the Controller by e-mail at treeco@treeco.pl or in writing to the Controller’s registered address.
12. Amendments to the Privacy Policy
The Policy is reviewed on an ongoing basis and updated as necessary. The present version of the Policy has been in place since 1 January 2023.