Privacy Policy

1. General provinsions

1. The Controller ensures that the processing of Personal Data takes place with the greatest respect for the privacy and with the utmost care for the security of the Personal Data processed, and in particular the Controller ensures that it has taken appropriate measures provided for by law to ensure security of Personal Data.
2. The Controller has taken technical and organisational measures to ensure the protection of the processed Personal Data appropriate to the threats and categories of protected data, in particular, protects the data against unauthorised access, removal by an unauthorised person, processing in non-compliance with the law and change, loss, damage or destruction.

2. Definitions

For the purpose of this Privacy Policy:

• Controller – Rhino Sp. z o.o. with its registered office in Wrocław, address: 54-429 Wrocław, ul. Strzegomska 140A, entered into the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under KRS number 0000862241, with share capital of PLN 450.000, Tax Id Number (NIP): 8943159824, REGON 387285445, website: https://rhino.energy/, e-mail address: office@rhino.energy; The Controller should also be understood as the data controller within the meaning of art. 4(7) of the GDPR;
  
• Personal Data – any information relating to an identified or identifiable natural person (‘User’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  
• Software – web browsers that may be used by the User in order to use the Website;
  
• Cookies – text files with small pieces of data, used to identify the Device, which are stored on the User’s Device and are intended for the use of the Website;
  
• Website – website operating at: https://rhino.energy/;
  
• Device – an electronic device through which the User gains access to the Website, in particular: PCs, laptops, tablets, smartphones, etc.;
  
• User – a person who uses the Website.

3. Processing of Personal Data

1. Users’ Personal Data will be processed in order to perform the contract (if it is concluded), contact the User, for statistical purposes and for marketing purposes. The legal basis for the processing of Personal Data may be, respectively:
   • the necessity to perform the contract;
   • the necessity to fulfil the legal obligation to which the Controller is the subject;
   • the necessity for the purposes of the legitimate interests pursued by the Controller – in relation to the processing of Personal Data for marketing purposes during the legal relationship between the User and the Controller, for statistical purposes related to market and internet traffic research on the Website, to assess interest in services and content posted on the Website, improving its content and services provided on the Website framework, as well as the processing of Personal Data after the performance of the contract for the period in which the User may submit any claims related to its performance against the Controller;
   • User’s consent – in the case of data processing for marketing purposes based on the User’s consent.
2. Providing Personal Data by the User is voluntary.
3. The User may also express a separate consent to receive commercial, advertising and marketing information from the Controller. The user may at any time opt out of receiving them.
4. The Controller processes or may process the following Personal Data of the User, which the User provides voluntarily when using the Website:
   • name and surname;
   • electronic addresses;
   • phone number;
   • social media profiles;
   • other data provided voluntarily by the User.
5. The Controller stores Personal Data in the Users database in order to facilitate potential contacts with Users in the future.
6. The recipients of Personal Data are persons authorised by the Controller to process data as part of their official duties, entities to which the Controller entrusts IT, accounting, HR, legal and tax services to the Controller, in particular on the basis of contracts for entrusting the processing of Personal Data.
7. The Controller has the right to share the User’s data and information as part of the proceedings with an authorised body, e.g. the prosecutor’s office or a court.
8. The Controller declares that as part of the processing of Personal Data for statistical purposes, he may use tools designed to analyse traffic on the Website, such as Google Analytics and other similar.
9. The Controller process the User’s Personal Data for the time in which the User may submit any claims related to the performance of the contract against the Controller, but not longer than for a period of six years. If the processing is based on the User’s consent, the Controller will process their data until the consent is withdrawn.
10. The Controller adheres to the following rules while processing of Personal Data:
    • records collected Personal Data only on information carriers protected against access by third parties
    • supervises the security of Personal Data throughout the entire period of their possession in a manner ensuring, in particular, protection against unauthorised access, damage, destruction or loss;
    • maintains the confidentiality of Personal Data.
11. The Controller takes into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, implement appropriate technical and organisational measures, to ensure a level of security appropriate to the risk, including inter alia as appropriate:
    • the pseudonymisation and encryption of Personal Data;
    • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
    • the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident.
12. The Controller ensures regular testing, assessing and evaluating the effectiveness of technical and organisational measures for assuring the security of the processing.
13. The User whose Personal Data is processed has the right to request the Controller to access the data, as well as to rectify, delete, limit processing or object to processing, in accordance with § 7 of the Policy.

4. Cookies

1. The Controller uses Cookies on the Website.
2. The Website uses two basic types of Cookies:
   session – these are temporary files that are stored on the User’s Device until they leave the Website or disable the Software;
   permanent – these are files stored on the User’s Device for the time specified in the parameters of Cookie files or until they are deleted by the User.
3. All or some of the following types of Cookies may be used on the Website:
   necessary – which enable the use of the Website;
   analytical – which enable the collection of information on how to use the Website;
   functional – which allow to keep the settings selected by the User and personalise the User interface, e.g. language, font size, Website appearance;
   marketing – which make it possible to provide the User with advertising content more tailored to their interests.
4. Cookies listed in par. 2 and 3 of this section are used for the following purpose:
   Optimising the use of the Website; in particular, they make it possible to recognize and display the Website on the User’s Device in a form adapted to his/her individual preferences;
   creating statistics that support the observation of the use of the Website by Users, which improves its structure and content.
5. The Website uses the following Cookies

---

Name of the Cookie	File type	Description of functionality	Source of origin
rc::c	necessary	This cookie is used to distinguish between humans and bots.	Third party (Google)	Period of validity
rc::a	necessary	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	Third party (Google)	Deleted at the end of the session Persistent (no validity period)
Wires	necessary	The cookie is necessary for secure log-in and the detection of any spam or abuse of the website.	First party	Deleted at the end of the session
_GRECAPTCHA	necessary	This cookie is used to distinguish between humans and bots.	Third party (Google)	179 days
_dc_gtm_UA-#	analytical	Used by Google Tag Manager to control the loading of a Google Analytics script tag.	First party	1 day
_ga	analytical	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	First party	2 years
_gat	analytical	Used by Google Analytics to throttle request rate.	Third party (Google)	1 day
_gid	analytical	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	First party	1 day
_hjid	analytical	Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.	First party	1 year
_hjAbsoluteSessionInProgress	analytical	This cookie is used to count how many times a website has been visited by different visitors – this is done by assigning the visitor an ID, so the visitor does not get registered twice.	First party	Deleted at the end of the session
_hjFirstSeen	analytical	This cookie is used to determine if the visitor has visited the website before, or if it is a new visitor on the website.	First party	1 day
_hjIncludedInPageviewSample	analytical	Used to detect whether the user avigation and interactions are included in the web site’s data analytics.	First party	1 day
collect	analytical	Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.	Third party (Google Pixel)	Deleted at the end of the session
_gat_UA-122169755-1	analytical	Limits the number of requests in the event of heavy traffic on the Website.	First party	1 minute
_gcl_au	marketing	Used by Google Adsense to experiment with the effectiveness of ads on websites that use their services.	First party	3 months
ads/ga-audiences	marketing	Used by Google Adwords to re-engage visitors based on user behaviour across websites.	Third party (Google)	Deleted at the end of the session
IDE	marketing	This cookie contains information about how the User uses the Website and about any advertisements that the User may have seen before entering the Website.	Third party (doubleclick.net)	1 year
RUL	marketing	Used by Google DoubleClick to determine if an ad on website was properly displayed to improve the effectiveness of marketing efforts.	Third party (Google)	196 days
pagead/1p-user-list/#	marketing	Generated by Google based on dynamic marketing to track events such as conversations or other meaningful interactions of the User.	Third party (Google)	Deleted at the end of the session
test_cookie	marketing	It is used to check whether the User’s browser supports Cookies.	Third party (doubleclick.net)	1 day
1P_JAR	marketing	This cookie file contains information about how the User uses the Website and about any advertisements that the User may have seen before entering the Website.	Third party (Google)	1 month
CONSENT	marketing	This cookie contains information about how the User uses the Website and about any advertisements that the User may have seen before entering the Website.	Third party (Google)	18 years
NID	marketing	This cookie is set by DoubleClick (which is owned by Google) to help build a profile of User’s interests and display relevant ads on other websites.	Third party (Google)	6 months
__Secure-3PAPISID	marketing	This cookie file contains information about how the User uses the Website and about any advertisements that the User may have seen before entering the Website.	Third party (Google)	2 years
__Secure-3PSID	marketing	This cookie file contains information about how the User uses the Website and about any advertisements that the User may have seen before entering the Website.	Third party (Google)	2 years
__Secure-APISID	marketing	It is used for targeting by building a profile of website visitors in order to display personalised ads to them.	Third party (Google)	6 months

---

6. The files used on the Website are safe for the Devices and Users using the Website.

5. Data transfer aoutside the EEA

1. The User’s Personal Data, including the data made available by browsing the Website, in particular the data collected through Cookies, may be made available to trusted third parties, in accordance with the User’s preferences, including those expressed through the Cookies settings.
2. In a situation where the User’s Personal Data will be transferred to trusted third parties based outside the European Economic Area (EEA), it will be made only based on the decision of the European Commission (EC) to ensure an adequate level of protection, standard contractual clauses approved by the EC, binding corporate rules or GDPR provisions.

6. Profiling

1. As part of the use of the Website, a system tracking Users’ activity is used based on information, including Cookies, stored on Users’ Devices, e-mail addresses, as well as the history of Website Users’ activity. Based on this tracking, it is possible to profile Users in order to send individually tailored marketing messages.
2. The profiling referred to in the above paragraph does not cause any legal effects to the User or, to a similar extent, does not significantly affect their situation.

7. User rights

1. The User has the right to access their Personal Data and the right to correct it at any time.
2. The User can choose to what extent and time they want to use the Website and share information about themselves. If for some reason the User does not wish to leave their Personal Data in the Users database, the User has the right to demand their removal.
3. In the case of Personal Data processing for marketing purposes, based on the consent granted, the User has the right to withdraw consent at any time and by a written declaration or by e-mail to the Controller’s address: office@rhino.energy.
4. The User has the right to correct, complete, update, rectify and request removal of their Personal Data.
5. The User has the right to object to the processing of Personal Data based on the purposes of legitimate interests, including profiling referred to in § 6 of the Privacy Policy, implemented by the Controller or by a third party. If the User objects to the processing of his Personal Data for marketing purposes, it prevents further processing of this information for this purpose.
6. In order to request correction, completion, updating, rectification, restriction of processing, deletion and objection to the processing of their Personal Data, the User should send a request to the Controller’s e-mail address: office@rhino.energy or in writing to the following address: Strzegomska 140a, 54-429 Wrocław.
7. The User has the right to lodge a complaint with the President of the Personal Data Protection Office in a situation where the Controller will not process his Personal Data in accordance with the law.
8. The User has the option to limit or disable the access of Cookies to his Device. If they use this option, the use of the Website will be possible, excluding some functionalities that require Cookies.
9. The User may change the Cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of Cookies in the web browser settings, or to inform about their every posting in the User’s Device. Detailed information on the possibilities and methods of handling Cookies is available in the Software settings.
10. The User may at any time delete Cookies using the functions available in the web browser they use.

8. Final provinsions

1. Links to other websites may appear on the Website. Such websites operate independently of the Controller and are not supervised by the Controller in any way. These websites may have their own privacy policies and regulations. It is recommended for User to read them.
2. Questions and concerns regarding the Privacy Policy should be reported via a message sent to the e-mail address: office@rhino.energy.
3. The Controller reserves the right to change the Privacy Policy.
4. The User will be informed about any changes to the Privacy Policy on the Website.