Soon your Google Analytics Universal will stop collecting data. Switch to GA4Find out more
I. Personal data administrator
The administrator of personal data within the meaning of art. 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (GDPR) is Orange Juice Limited Liability Company based in Wrocław at Rakowiecka 21/6 , 50-422 Wrocław, entered into the Register of Entrepreneurs of the National Court Register by the District Court for Wrocław-Fabryczna in Wrocław, VI Commercial Department of the National Court Register, under KRS number 0000769458, NIP: 8992857178, REGON: 382454328, share capital PLN 10,000.
Data administrator’s e-mail address: firstname.lastname@example.org.
Administrator in accordance with art. 32 section 1 GDPR observes the principle of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data processed in connection with the business.
Providing personal data by the customer is voluntary, but necessary to conclude a contract with the data administrator.
The data administrator processed personal data, in particular in the form of identification data (name and surname and company name), address data, tax identification number and other registration numbers, contact details (telephone number) and identification data of persons contacted by the customer.
II. Purpose and basics of personal data processing
The administrator processes personal data for the following purposes:
preparation of a commercial offer in response to customer interest, which is the legitimate interest of the data controller (Article 6 (1) (f) of the GDPR);
conclusion and implementation of sales contracts with customers, based on the concluded contract (art.6 par.1 lit.b RODO);
handling the complaint process, based on the obligation incumbent on the data administrator in connection with applicable law (Article 6 (1) (c) of the GDPR);
accounting related to the issue and receipt of settlement documents, on the basis of tax law, including the Act of September 29, 1994 on accounting and the Act of 11.03.2004 on tax on goods and services (art.6 par.1 lit.c RODO);
archiving data for possible determination, investigation or defense against claims or the need to prove facts, which is the legitimate interest of the data controller (Article 6 (1) (f) of the GDPR);
contact by phone or via e-mail, in particular in response to inquiries addressed to the data controller, which is the legitimate interest of the data controller (art.6 par.1 lit.f RODO);
sending technical information regarding the functioning of the services used by the customer, which is the legitimate interest of the data controller (Article 6 (1) (f) of the GDPR);
marketing of the data controller’s own products, which is his legitimate interest (art.6 par.1 lit.f RODO) or takes place on the basis of previously granted consent (art.6 par.1 lit.a RODO).
III. Data recipients. Transfer of data to third countries
The recipients of personal data processed by the data administrator may be entities cooperating with the data administrator when it is necessary to perform the contract concluded with the data subject.
The recipients of personal data processed by the data administrator may also be subcontractors – entities whose services are used by the data administrator when processing data, e.g. accounting offices, law firms, entities providing IT services (including hosting services).
The data administrator may be required to provide personal data on the basis of applicable law, in particular to provide personal data to authorized state bodies or institutions.
Personal data will not be transferred to an entity established outside the European Economic Area.
IV. Period of storage of personal data
The data administrator stores personal data for the duration of the contract concluded with the data subject and after its termination for the purposes of pursuing claims related to the contract, performance of obligations under applicable law, but for no longer than the limitation period in accordance with the provisions Civil Code.
The data administrator stores personal data on the settlement documents for a period of time indicated by the provisions of the Act on tax on services and the Accounting Act.
The data controller stores personal data processed for marketing purposes for a period of 10 years, but no later than until the consent to data processing is withdrawn or an objection to data processing is raised.
The data administrator stores personal data for purposes other than those indicated in paragraph 1-3 for a period of 3 years, unless consent to data processing has been withdrawn previously,
data processing may not be continued on a basis other than the consent of the data subject.
V. Rights of the data subject
Any data subject has the right to:
access – obtaining confirmation from the administrator whether her personal data is being processed. If data about a person is processed, he is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, information about recipients or categories of recipients to whom the data have been or will be disclosed, about the period of data storage or about the criteria for their determining the right to request rectification, deletion or limitation of the processing of personal data of the data subject and to object to such processing (Article 15 of the GDPR);
to receive a copy of the data – to obtain a copy of the data subject to processing, the first copy is free, and for subsequent copies the administrator may impose a fee in a reasonable amount resulting from administrative costs (Article 15 (3) of the GDPR);
for rectification – requests to rectify personal data concerning her that is incorrect or to supplement incomplete data (Article 16 of the GDPR);
for data deletion – requests to delete her personal data if the administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR);
to limit processing – requests to limit the processing of personal data (Article 18 GDPR) when:
the data subject questions the correctness of personal data – for a period allowing the administrator to check the correctness of such data,
the processing is unlawful, and the data subject opposes their removal, demanding that their use be restricted,
the administrator no longer needs this data, but it is needed by the data subject to determine, assert or defend claims,
the data subject has objected to the processing – until it is determined whether legally justified grounds on the part of the administrator prevail over the grounds of objection of the data subject;
for transferring data – receiving in a structured, commonly used machine-readable format personal data concerning him which he has provided to the administrator, and requests to send this data to another administrator if the data is processed on the basis of the consent of the data subject or the contract concluded with it and if the data is processed in an automated manner (Article 20 of the GDPR);
to object – to object to the processing of her personal data for legitimate purposes of the administrator, for reasons related to her special situation, including profiling. Then the administrator assesses the existence of valid legitimate grounds for processing, superior to the interests, rights and freedoms of data subjects, or grounds for establishing, pursuing or defending claims. If, according to the assessment, the interests of the data subject are more important than the interests of the administrator, the administrator will be obliged to stop processing data for these purposes (Article 21 of the GDPR).
To exercise the above-mentioned rights, the data subject should contact, using the contact details provided, with the administrator and inform him which rights and to what extent he wants to exercise.
The data subject has the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection in Warsaw.
Personal data obtained by the data administrator will not be processed automatically, including by profiling.