Privacy Policy

Last updated: May 15, 2024

 

Thank you for visiting our website CFG P.S.A. (hereinafter referred to as the “Website”). At CFG P.S.A., we are committed to protecting your privacy. This Privacy Policy and Cookie Policy explain how we collect, use, and protect your personal data in accordance with applicable legal regulations, including the General Data Protection Regulation (GDPR).

 

  1. Collection of Personal Data

When using our Website, we may collect your personal data in the following situations:

   – Automatically collected data: When using our Website, certain technical data such as IP address, information about internet browser, device type, geographic location, and activity on the Website is automatically collected.

   – Voluntarily provided data: In some cases, we may ask for voluntary provision of personal data, e.g., during registration on our Website, newsletter subscription, or filling out a contact form.

 

  1. Use of Personal Data

CFG P.S.A. uses your personal data for the following purposes:

   – Providing services available on the Website.

   – Personalizing and customizing content and offers to your preferences, including satisfaction surveys of provided services — based on Article 6(1)(f) GDPR (legitimate interests of the data controller).

   – Data analysis to improve our products and services, including cookies such as Google Analytics, Facebook Pixel — based on Article 6(1)(f) GDPR (legitimate interests of the data controller).

   – Communication with you, including responding to your inquiries and customer service, including posting user opinions about services provided by the Administrator — based on Article 6(1)(a) GDPR (consent) and for the purpose of creating our own user databases – based on Article 6(1)(f) GDPR (legitimate interests of the data controller).

   – Fulfillment of legal obligations.

 

Only data voluntarily provided by the user is collected and processed (except – in certain situations – data collected automatically using cookies and login data, as mentioned below).

 

During website visits, data regarding the visit itself is automatically collected, such as user IP address, domain name, browser type, operating system type, etc. (login data). Automatically collected data may be used for analyzing user behavior on the website, collecting demographic data about users, or personalizing website content for its improvement. However, these data are processed solely for website administration purposes, ensuring smooth hosting operation, or directing marketing content and are not associated with individual user data.

 

Users have rights at any time as contained in Articles 15-21 GDPR, including:

   – Right of access to their data,

   – Right to data portability,

   – Right to rectify data,

   – Right to correct data,

   – Right to erasure of data if there is no basis for processing them,

   – Right to restrict processing if it has been carried out incorrectly or unlawfully,

   – Right to object to data processing based on the legitimate interests of the data controller,

   – Right to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection (in accordance with the rules specified in the Personal Data Protection Act), if it is believed that the processing of their data is contrary to the currently applicable legal regulations on data protection,

   – Right to be forgotten if further processing is not provided for by currently applicable legal regulations.

 

The Administrator notes that these rights are not absolute and do not apply to all personal data processing activities of the User. This applies, for example, to the right to obtain a copy of the data. This right cannot adversely affect the rights and freedoms of others, such as copyright, professional secrecy. To learn about the limitations on your rights, please refer to the GDPR.

 

Detailed information is available in the privacy policy of each provider of these services, available on their websites. For example:

Google LLC: https://policies.google.com/privacy?hl=en

 

  1. Security of Personal Data

CFG P.S.A. takes all necessary measures to protect your personal data from unauthorized access, loss, alteration, or destruction. User personal data is stored and protected with due care, in accordance with the implemented internal procedures of the Administrator. The Administrator processes user information using appropriate technical and organizational measures that meet the requirements of universally applicable legal regulations, in particular data protection regulations. These measures are primarily aimed at securing user personal data against access by unauthorized persons. In particular, only authorized persons who are obliged to keep this data confidential have access to user personal data.

 

  1. Accessibility of Personal Data to Third Parties

CFG P.S.A. may disclose your personal data only to the extent necessary, e.g.:

   – Entities processing data on our behalf (e.g., IT service providers).

   – Public authorities if required by law.

   – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – for using Google services.

   – Other subcontractors or subcontractors engaged in technical, administrative, or legal assistance to the Administrator and its clients, e.g., accounting, IT, graphics, copywriting, debt collection companies, lawyers, etc.

   – Offices such as the tax office – for the purpose of fulfilling legal and tax obligations related to settlements and accounting.

 

The Personal Data Administrator hereby informs that they have not appointed a Data Protection Officer (DPO) and performs independently the obligations related to personal data processing.

 

The User acknowledges that their personal data may be transferred to authorized state authorities in connection with proceedings conducted by them, upon their request and after meeting the conditions confirming the necessity of obtaining this data from the Administrator.

User personal data will not be used for automated decision-making affecting the rights and obligations or freedoms of the User within the meaning of the GDPR.

 

Within the website and tracking technologies, user data may be profiled, which helps better personalize the company’s offer directed to the User (mainly through so-called behavioral advertising). However, this should not have any impact on the User’s legal situation, especially on the terms of agreements concluded by them or agreements they intend to conclude. It can only help better tailor content and targeted ads to the User’s interests. The information used is anonymous and is not associated with personal data provided by the User, e.g., in the purchase process. They result from statistical data such as gender, age, interests, approximate location, behavior on the Website.

 

All content posted on the Website is subject to the copyright of the Administrator (e.g., photos, texts, videos, free materials, etc.). The Administrator does not consent to the copying of this content in whole or in part without their explicit, prior written consent.

 

To use the Administrator’s website, it is necessary to have:

   – A device with internet access,

   – An internet browser enabling the display of websites, software enabling the reading of content in presented formats, e.g., pdf, video, mp3, mp4.

 

  1. Cookies

Our Website may use cookies to ensure better functionality and analyze traffic on the Website.

 

The Administrator uses the following third-party cookies within the Website:

   – Embedded Google Analytics code – for analyzing Website statistics. Google Analytics uses its own cookies to analyze user actions and behaviors on the Website. These files are used to store information, e.g., from which page the user accessed the current website. They help improve the Website. This tool is provided by Google LLC. Actions taken as part of using Google Analytics code are based on the legitimate interests of the Administrator, consisting of creating and using statistics, which then enables the improvement of Administrator services and Website optimization.

As part of using the

 

 Google Analytics tool, the Administrator does not process any user data enabling their identification.

The Administrator recommends familiarizing yourself with the details related to the use of the Google Analytics tool, the possibility of disabling tracking code, and possibly asking questions to the provider of this tool under the link: https://support.google.com/analytics#topic=3544906.

 

Two types of cookies are used on the Website: session cookies, which are deleted after closing the browser, logging out, or leaving the website, and persistent cookies, which are stored on the user’s end device, allowing recognition of your browser on subsequent visits to the website, for a period specified in the parameters of cookies or until they are deleted by you.

In many cases, software used to browse websites (web browser) by default allows the storage of cookies on the user’s end device. Website users can change cookie settings at any time. These settings can be changed, in particular, to block automatic handling of cookies in the web browser settings or to inform about their placement on the user’s device each time the Website is accessed. Detailed information on the possibilities and methods of handling cookies is available in the software settings (web browser).

 

The Administrator informs that restrictions on the use of cookies (disabling, limiting) may affect some functionalities available on the Website and make its operation more difficult.

More information about cookies is available at http://wszystkoociasteczkach.pl/ or in the “Help” section of the web browser menu.

 

Using the Website involves sending queries to the server on which the Website is stored. Each query directed to the server is recorded in server logs. Logs include, among others, user IP address, server date, and time, information about the internet browser, and operating system used by the User. Server logs are recorded and stored on the server. Server logs are used to administer the Website, and their content is not disclosed to anyone other than persons and entities authorized to administer the server. The Administrator does not use server logs in any way to identify the User.

The Administrator may entrust the processing of personal data to third parties without the separate consent of the User (based on a data processing agreement). Data obtained from forms cannot be transferred to third parties. The Administrator uses the following types of forms within the Website:

 

Contact form: Enables sending a message to the Administrator and contacting them electronically. Personal data in the form of name, surname, email address, and data provided in the message content are processed by the Administrator in accordance with this Privacy Policy for contacting the User. After the contact with you is finished, the data may be archived, which is a legitimate interest of the Administrator. The Administrator cannot determine the exact archiving period, and thus the deletion of messages. However, the maximum period will not exceed the limitation periods for claims resulting from legal regulations.

 

  1. Your Rights

According to applicable legal regulations, you have the right to access your personal data, rectify, erase, restrict processing, data portability, and withdraw consent to the processing of personal data at any time.

 

  1. Contact

If you have any questions regarding the processing of your personal data, please contact us at:

CFG P.S.A.

Plac Bankowy 2

00-095 Warsaw

email: cafefinance@cafefinance

Free quote