Article
Privacy policy of export promotion portal trade.gov.pl
I. GENERAL PROVISIONS
- This Privacy Policy defines the rules of privacy protection, i.e. the rules of collecting, using, processing and protecting personal data of the users (“Users”) of the Export Promotion Portal (“Export Promotion Portal”).
- The Users of the Export Promotion Portal are the persons using the services provided by the Administrator via the Export Promotion Portal, as defined in the regulations of the Export Promotion Portal (“Regulations”).
- This Privacy Policy is an integral part of the Regulations.
II. INFORMATION CLAUSE ON PERSONAL DATA PROTECTION
Fulfilling the obligation arising from Article 13 of GDPR, the Administrator hereby informs the Users that:
- The controller of personal data, within the meaning of Regulation (EU) 2016679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 9546/EC (hereinafter: “GDPR”), the personal data provided by the User, such as: contact details, name, surname, telephone number, e-mail address, NIP (hereinafter: “Personal Data”), is the Minister of Economic Development and Technology (contact: Ministry of Economic Development and Technology, address: Plac Trzech Krzyży 3/5, 00-507 Warszawa, NIP: 7010797920, REGON: 369267361) – „Controller”.
- Contact with the Data Protection Inspector appointed by the Administrator is possible at: IOD@mrit.gov.pl
- The User’s personal data, which also includes personal data of persons indicated by the User, will be processed
- in order to provide Services by the Administrator to the Users, using the functionalities of the Export Promotion Portal, on the basis of these Regulations. The legal basis for the processing of personal data is Article 6(1)(b) GDPR (processing is necessary for the performance of a contract to which the data subject is a party);
- for direct marketing purposes (e.g. newsletter), based on the User’s voluntary consent. The legal basis for the processing of personal data is Article 6(1)(a) GDPR (the data subject has given consent to the processing of his/her personal data for one or more specified purposes).
- for archival (evidential) purposes which are the realization of the legitimate interest of securing information in case of a legal need to prove facts, as well as for the purpose of possible establishment, investigation or defence against claims. The legal basis for the processing of personal data is Article 6(1)(f) GDPR.
- Recipients of the User’s personal data may be other processing entities cooperating with the Administrator on the basis of concluded agreements in order to properly provide the Services.
- The Controller does not transfer Users’ personal data to third countries or international organisations.
- The User’s personal data shall be processed throughout the period in which the User has his/her Profile and for a period of 6 years from the date of deletion of the User’s Profile, unless a longer period of processing is necessary, e.g. due to archiving obligations, assertion of claims or other generally binding legal regulations.
- The User, and persons whom the User has authorised, shall have the right:
- to access their personal data, in accordance with Article 15 of GDPR;
- to rectify data in accordance with Article 16 of GDPR;
- to erasure in accordance with Article 17 of GDPR;
- to restrict processing, pursuant to Article 18 of GDPR;
- to object, pursuant to Article 21 of GDPR.
- The user has the right to withdraw the consent given at any time, whereby the withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the previous consent.
- The User has the right to lodge a complaint to the supervisory authority competent in the field of personal data protection (President of the Office for Personal Data Protection), if they consider that the processing of the User’s personal data violates the provisions on personal data protection.
- Providing Personal Data in order for the Service Provider to provide Services to the User under these Regulations is voluntary, however, it is a necessary condition for the registration on the Export Promotion Portal.
- The User’s Personal Data will not be subject to automated decision-making or profiling.
- The User declares to have consent to the processing of personal data of persons whose personal data will be placed on the Export Promotion Portal.
III. COOKIE MECHANISM
- The Export Promotion Portal uses “cookies”.
- Cookies are small text files sent by a website visited by an Internet user to the user’s device. The Administrator uses cookies to make it easier for Users to use the website and to create statistics for the Export Promotion Portal.
- Each User can individualise his/her cookie settings in the browser. Failure to change these settings means acceptance of the cookies used.
- Most web browsers allow the storage of cookies on the user’s computer by default. However, you can manage cookies yourself, including blocking them. It is enough to choose the option of rejecting them in the browser. Please note, however, that the selection of this option will result in some functions of the Export Promotion Portal not working properly.
- The Export Promotion Portal uses “cookies”.
a) to maintain the User’s Id session (the data of which are stored on the server and are not sent to the User’s browser);
b) for the maintenance of statistics scripts. - In addition, the Export Promotion Portal collects anonymous data about the visited pages, such as:
a) number of unique entries/views;
b) country;
c) browser;
d) time of visit. - The data is collected using a third party solution from the Administrator (Google Analytics). Please read the details of the privacy policy of Google Analytics .
IV. SECURITY AND PROTECTION OF PERSONAL DATA
- The Controller declares that it processes the Users’ personal data in accordance with the requirements of GDPR, the Act of 10 May 2018 on the protection of personal data and other applicable provisions on the protection of personal data that supplement and/or implement the GDPR, including, above all, that it applies technical and organisational measures to ensure the protection of the processed data appropriate to the risks and categories of data under protection, and in particular protects the Users’ personal data against unauthorised access, loss or damage.
- Personal data of the Users of the Export Promotion Portal are stored and processed by the Controller with the use of technical and organisational measures required by law, which ensure its protection. Personal data are protected and secured against unauthorised access, taking by unauthorised persons, destruction, loss, damage or alteration, as well as against processing, including acquiring or modifying them in a way incompatible with the provisions of the Personal Data Protection Act, in accordance with the provisions of the Personal Data Protection Act and the Administrator’s internal procedures concerning personal data protection.
- The User may express voluntary consents both at the stage of creating the Profile and later, in such a way that the Controller could get familiar with them and record them.
- The User may withdraw the voluntary consents at any time by submitting an appropriate declaration within the User Profile.
- Personal data of the User and persons indicated by the User in his/her Business Card may be made available, with the User’s express consent, by the Controller to the following public administration institutions and/or export support institutions:
- Polish Trade and Investment Agency;
- Ministry of Foreign Affairs;
- Polish Agency for Enterprise Development;
- Bank Gospodarstwa Krajowego;
- Export Credit Insurance Corporation;
- Polish Development Fund and institutions from the PFR Group;
- Marshal Offices and institutions subordinate to them, pursuing objectives related to the economic promotion of the region;
– whereby the aforementioned provision of data takes place in order to promote the User’s enterprise on domestic and foreign markets, and the legal basis for providing access to personal data is Article 6(1)(a) of GDPR (the data subject has given his consent to the processing of his personal data for one or more specified purposes).
- In the event that the User exercises his/her right to delete, restrict processing or object to the processing of personal data, the User’s Business Card containing such data will cease to be published on the Export Promotion Portal.
V. CONTACT WITH THE CONTROLLER
If you have any additional questions regarding the Privacy Policy, please contact us at the following e-mail address: SekretariatDHM@mrit.gov.pl
VI. CHANGES TO THE PRIVACY POLICY
- The Controller reserves the right to introduce changes to the Privacy Policy if required by law or changes introduced to the Export Promotion Portal. The Controller shall inform the User about the planned change and the date when it comes into force via the Export Promotion Portal.
- The User using the Export Promotion Portal is bound by the current Privacy Policy.