§ 1. General Provisions
- The Controller ensures that the processing of Personal Data takes place with the greatest respect for the privacy and with the utmost care for the security of the Personal Data processed, and in particular the Controller ensures that it has taken appropriate measures provided for by law to ensure security of Personal Data.
- The Controller has taken technical and organisational measures to ensure the protection of the processed Personal Data appropriate to the threats and categories of protected data, in particular, protects the data against unauthorised access, removal by an unauthorised person, processing in non-compliance with the law and change, loss, damage or destruction.
§ 2. Definitions
- Controller – Rhino Sp. z o.o. with its registered office in Wrocław, address: 54-429 Wrocław, ul. Strzegomska 140A, entered into the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under KRS number 0000862241, with share capital of PLN 450.000, Tax Id Number (NIP): 8943159824, REGON 387285445, website: https://rhino.energy/, e-mail address: firstname.lastname@example.org; The Controller should also be understood as the data controller within the meaning of art. 4(7) of the GDPR;
- Personal Data – any information relating to an identified or identifiable natural person (‘User’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Software – web browsers that may be used by the User in order to use the Website;
- Cookies – text files with small pieces of data, used to identify the Device, which are stored on the User’s Device and are intended for the use of the Website;
- Website – website operating at: https://rhino.energy/;
- Device – an electronic device through which the User gains access to the Website, in particular: PCs, laptops, tablets, smartphones, etc.;
- User – a person who uses the Website.
§ 3. Processing of Personal Data
- Users’ Personal Data will be processed in order to perform the contract (if it is concluded), contact the User, for statistical purposes and for marketing purposes. The legal basis for the processing of Personal Data may be, respectively:
- the necessity to perform the contract;
- the necessity to fulfil the legal obligation to which the Controller is the subject;
- the necessity for the purposes of the legitimate interests pursued by the Controller – in relation to the processing of Personal Data for marketing purposes during the legal relationship between the User and the Controller, for statistical purposes related to market and internet traffic research on the Website, to assess interest in services and content posted on the Website, improving its content and services provided on the Website framework, as well as the processing of Personal Data after the performance of the contract for the period in which the User may submit any claims related to its performance against the Controller;
- User’s consent – in the case of data processing for marketing purposes based on the User’s consent.
- Providing Personal Data by the User is voluntary.
- The User may also express a separate consent to receive commercial, advertising and marketing information from the Controller. The user may at any time opt out of receiving them.
- The Controller processes or may process the following Personal Data of the User, which the User provides voluntarily when using the Website:
- name and surname;
- electronic addresses;
- phone number;
- social media profiles;
- other data provided voluntarily by the User.
- The Controller stores Personal Data in the Users database in order to facilitate potential contacts with Users in the future.
- The recipients of Personal Data are persons authorised by the Controller to process data as part of their official duties, entities to which the Controller entrusts IT, accounting, HR, legal and tax services to the Controller, in particular on the basis of contracts for entrusting the processing of Personal Data.
- The Controller has the right to share the User’s data and information as part of the proceedings with an authorised body, e.g. the prosecutor’s office or a court.
- The Controller declares that as part of the processing of Personal Data for statistical purposes, he may use tools designed to analyse traffic on the Website, such as Google Analytics and other similar.
- The Controller process the User’s Personal Data for the time in which the User may submit any claims related to the performance of the contract against the Controller, but not longer than for a period of six years. If the processing is based on the User’s consent, the Controller will process their data until the consent is withdrawn.
- The Controller adheres to the following rules while processing of Personal Data:
- records collected Personal Data only on information carriers protected against access by third parties
- supervises the security of Personal Data throughout the entire period of their possession in a manner ensuring, in particular, protection against unauthorised access, damage, destruction or loss;
- maintains the confidentiality of Personal Data.
- The Controller takes into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, implement appropriate technical and organisational measures, to ensure a level of security appropriate to the risk, including inter alia as appropriate:
- the pseudonymisation and encryption of Personal Data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident.
- The Controller ensures regular testing, assessing and evaluating the effectiveness of technical and organisational measures for assuring the security of the processing.
- The User whose Personal Data is processed has the right to request the Controller to access the data, as well as to rectify, delete, limit processing or object to processing, in accordance with § 7 of the Policy.
§ 4. Cookies
- The Website uses two basic types of Cookies:
- session – these are temporary files that are stored on the User’s Device until they leave the Website or disable the Software;
- permanent – these are files stored on the User’s Device for the time specified in the parameters of Cookie files or until they are deleted by the User.
- All or some of the following types of Cookies may be used on the Website:
- necessary – which enable the use of the Website;
- analytical – which enable the collection of information on how to use the Website;
- functional – which allow to keep the settings selected by the User and personalise the User interface, e.g. language, font size, Website appearance;
- marketing – which make it possible to provide the User with advertising content more tailored to their interests.
- Cookies listed in par. 2 and 3 of this section are used for the following purpose:
- Optimising the use of the Website; in particular, they make it possible to recognize and display the Website on the User’s Device in a form adapted to his/her individual preferences;
- creating statistics that support the observation of the use of the Website by Users, which improves its structure and content.
- The Website uses the following Cookies
|Name of the Cookie||File Type||Source of origin||Description of functionality||Period of validity|
|rc::a||necessary||permanent||Third party (Google)||This cookie is used to distinguish between humans and bots.||Persistent (no validity period)|
|rc::b||necessary||session||Third party (Google)||This cookie is used to distinguish between humans and bots.||Deleted at the end of the session|
|rc::c||necessary||session||Third party (Google) (Google)||This cookie is used to distinguish between humans and bots.||Deleted at the end of the session|
|_grecaptcha||necessary||permanent||First party||This cookie is used to distinguish between humans and bots.||Persistent (no validity period)|
|_GRECAPTCHA||necessary||permanent||Third party (Google)||This cookie is used to distinguish between humans and bots.||179 days|
|PHPSESSID||necessary||session||First party||Cookie that saves user statistics between pages||Deleted at the end of the session|
|_dc_gtm_UA-#||analytical||permanent||First party||Used by Google Tag Manager to control the loading of a Google Analytics script tag.||1 day|
|_ga||analytical||permanent||First party||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||2 years|
|_gat||analytical||permanent||First party||Used by Google Analytics to throttle request rate.||1 day|
|_gid||analytical||permanent||First party||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 day|
|_hjid||analytical||permanent||First party||Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.||1 year|
|_hjIncludedInPageviewSample||analytical||permanent||First party||Used to detect whether the user navigation and interactions are included in the web site’s data analytics.||1 day|
|_hjAbsoluteSessionInProgress||analytical||session||First party||This cookie is used to count how many times a website has been visited by different visitors – this is done by assigning the visitor an ID, so the visitor does not get registered twice.||Deleted at the end of the session|
|AID||analytical||permanent||Third party (Google)||Thanks to the use of Google Analytics, it combines the user’s actions on other devices to which he previously logged in using his Google account, which allows him to display personalised ads.||2 years|
|IDE||analytical||permanent||Third party (Google)||Used by Google DoubleClick to record and report the actions of a user of a website after viewing or clicking on one of the advertiser’s ads in order to measure the effectiveness of the advertisement and to present targeted advertisements to the user.||1 year|
|RUL||analytical||permanent||Third party (Google)||Used by Google DoubleClick to determine if an ad on website was properly displayed to improve the effectiveness of marketing efforts.||196 days|
|1P_JAR||marketing||permanent||Third party (Google)||This cookie file contains information about how the User uses the Website and about any advertisements that the User may have seen before entering the Website.||1 month|
|CONSENT||marketing||permanent||Third party (Google)||This cookie contains information about how the User uses the Website and about any advertisements that the User may have seen before entering the Website.||18 years|
|NID||marketing||permanent||Third party (Google)||This cookie is set by DoubleClick (which is owned by Google) to help build a profile of User’s interests and display relevant ads on other websites.||6 months|
|_gali||marketing||permanent||Third party (Google)||The file allows Google Analytics to determine which link on the page was clicked by the user.||30 seconds|
|_gat_UA-122169755-3||analytical||permanent||First party||Limits the number of requests in the event of heavy traffic on the Website.||1 minute|
- The files used on the Website are safe for the Devices and Users using the Website.
§ 5. Data transfer outside the EEA
- The User’s Personal Data, including the data made available by browsing the Website, in particular the data collected through Cookies, may be made available to trusted third parties, in accordance with the User’s preferences, including those expressed through the Cookies settings.
- In a situation where the User’s Personal Data will be transferred to trusted third parties based outside the European Economic Area (EEA), it will be made only based on the decision of the European Commission (EC) to ensure an adequate level of protection, standard contractual clauses approved by the EC, binding corporate rules or GDPR provisions.
§ 6. Profiling
- As part of the use of the Website, a system tracking Users’ activity is used based on information, including Cookies, stored on Users’ Devices, e-mail addresses, as well as the history of Website Users’ activity. Based on this tracking, it is possible to profile Users in order to send individually tailored marketing messages.
- The profiling referred to in the above paragraph does not cause any legal effects to the User or, to a similar extent, does not significantly affect their situation.
§ 7. Users’ rights
- The User has the right to access their Personal Data and the right to correct it at any time.
- The User can choose to what extent and time they want to use the Website and share information about themselves. If for some reason the User does not wish to leave their Personal Data in the Users database, the User has the right to demand their removal.
- In the case of Personal Data processing for marketing purposes, based on the consent granted, the User has the right to withdraw consent at any time and by a written declaration or by e-mail to the Controller’s address: email@example.com.
- The User has the right to correct, complete, update, rectify and request removal of their Personal Data.
- In order to request correction, completion, updating, rectification, restriction of processing, deletion and objection to the processing of their Personal Data, the User should send a request to the Controller’s e-mail address: firstname.lastname@example.org or in writing to the following address: Strzegomska 140a, 54-429 Wrocław.
- The User has the right to lodge a complaint with the President of the Personal Data Protection Office in a situation where the Controller will not process his Personal Data in accordance with the law.
- The User has the option to limit or disable the access of Cookies to his Device. If they use this option, the use of the Website will be possible, excluding some functionalities that require Cookies.
- The User may change the Cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of Cookies in the web browser settings, or to inform about their every posting in the User’s Device. Detailed information on the possibilities and methods of handling Cookies is available in the Software settings.
- The User may at any time delete Cookies using the functions available in the web browser they use.
§ 8. Final Provisions
- Links to other websites may appear on the Website. Such websites operate independently of the Controller and are not supervised by the Controller in any way. These websites may have their own privacy policies and regulations. It is recommended for User to read them.