This privacy policy (“Privacy Policy”) defines the method of processing and securing personal data of users of the Internet website (“User”) available at the address www.chgaleriagniezno.pl (“Portal”), collected and processed in connection with the use of the Portal, including the so called cookie files.
The owner of the Portal is the company Ezraya Investments sp. z o.o. z siedzibą w Warszawie (“Portal Owner”).
The Portal Owner respects the privacy of the Portal Users and assures that it is committed to respect the applicable law in the field of personal data protection.
The main purpose of this Privacy Policy is to ensure privacy security for the Portal Users at a level at least equivalent to the standards set out in the applicable law, in particular in the Act of 18 July 2002 on electronic services (“Act”) and the Regulation of the European Parliament and Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and, repealing Directive 95/46/EC (“RODO/GDPR”) as well as the Act of 16 July 2004 on telecommunications law (“Telecommunications Law”).
The Portal may contain links allowing the User to access directly websites other than the Portal. With regard to such websites, the Portal Owner reserves that it is not responsible for the privacy policy applied by the administrators of these websites.
The method and scope of collecting other data and information, not related to technical aspects of the Portal’s operation, will be determined by separate arrangements – correspondingly to their purpose and will be published in the relevant form.
I. PROCESSING OF PERSONAL DATA
1. The administrator of personal data of the Portal Users, collected and processed in connection with the use of the Portal and in connection with the operation and functioning of the Portal is the Portal Owner, i.e. Ezraya Investments sp. z o.o. z siedzibą w Warszawie .
2. The Portal Owner has appointed the Data Protection Inspector, who can be contacted by e-mail sent to the following e-mail address: rodo@krgroup.pl.
3. The personal data of the Portal Users will be processed by the Portal Owner for the following purposes only:
- for the purposes related to the application of particular functionalities of the Portal, related to the use of the Portal, and for the proper administration of the Portal, including generation of relevant statistics. The personal data of the Portal Users will be processed by the Portal Owner pursuant to Art. 6 par. 1, letter f) of GDPR, i.e. for a legally justified purpose which shall be understood as technical access to the Portal and monitoring its operation, optimization and adaptation of the Portal’s functionalities to the needs and requirements of the Users and for the purpose of providing the Users with the possibility of using other interactive functions of the Portal.
- for the purpose of providing the Portal Users with access to dedicated e-mail addresses on the Portal, pursuant to Art. 6 par. 1 letter f) of GDPR, for a legally justified purpose, which shall be understood as acceptance of an inquiry sent to the e-mail address provided on the Portal (in particular in order to contact the User for the purpose of presenting offers to rent commercial premises in the Centre and management by the Portal Owner of complaints about the Portal’s operation) and responding to such an enquiry.
- for marketing purposes, subject to a separate consent granted pursuant to Art. 6 par. 1 letter. a) or Art. 9 par. 2 letter a) of GDPR, including commercial information about the Centre’s activities sent by e-mail to the e-mail address or telephone number provided in the relevant form (“Newsletter”), provided that the User has expressed its consent to subscribe to the Newsletter and has agreed to the processing of his/her personal data for this purpose.
- for the purpose of presenting on the Portal photos of people staying in the Centre in connection with relevant event/promotion/competition organized in the Centre’s premises, subject to a separate consent granted pursuant to Art. 6 par. 1 letter a) or Art. 9 par. 2 letter a) of GDPR.
4. Personal data processed by the Portal Owner do not include specific categories of personal data within the meaning of Art. 9 par. 1 of GDPR or data on convictions and violations of law within the meaning of Art. 10 of GDPR.
5. Personal data may be disclosed to any entity from the capital group to which the Portal Owner belongs, to the managers of Galeria Gniezno shopping centre (“Centre”) whose activities are related to the Portal and other entities cooperating with the Portal Owner, in order to ensure the proper operation of the Portal, in accordance with the data processing agreements, in particular entities providing hosting services to the Portal and services relating to provision and maintenance of the Portal.
6. Personal data will be processed for a period not longer than it is necessary to achieve the purposes for which personal data was collected or until the date of withdrawal of consent to the processing of personal data in connection with sending the Newsletter or for the period required by law.
7. A data subject has the right to access their data and rectify, delete, restrict its processing, the right to transfer data or object to their processing, the right to withdraw consent at any time without affecting the legality of the data processing, performed on the basis of the subject’s consent before its withdrawal. A data subject has the right to complaint to the President of the Office for Personal Data Protection, if the processing of his/her personal data is contrary to the provisions of generally applicable law.
8. The Portal Owner processes/does not process personal data in an automated manner.
9. The Portal Owner makes every effort to protect the processing of personal data against any misuse, interference, loss, unauthorized access, modification or disclosure.
II. COOKIE FILES
1. Cookie files (so-called “cookies”) are IT data, in particular text files, which are stored in the equipment of the Portal User and are related to the use of the Portal. Cookie files usually contain the name of the website they originate from, their storage time on the User’s device and a unique number.
2. The entity that uploads cookie files on the Portal User’s device and that obtains access to them is the Portal Owner.
3. Cookie files are used for the purpose of:
3.1. optimization and adaptation of the Portal’s functionalities to the needs and requirements of the Users, in particular cookie files allow to recognize the User’s device and properly display the Portal on the User’s device in a manner tailored to the User’s individual needs,
3.2. generating relevant statistics on the use of the Portal by the Users.
4. There are two types of cookie files that may be used for the Portal’s operation:
- session cookies which are temporary files stored in the User’s device until the User loggs out, leaves the website or turns off the software (web browser), and
- persistent cookies that are stored on the User’s device for a period specified in the cookie files parameters or until they are deleted by the User.
5. The following types of cookies may be used as part of the Portal’s operation:
- “necessary” cookie files, enabling the use of services available on the Portal, e.g. authentication cookies used for services that require authentication on the Portal;
- “security” cookie files used to ensure security, e.g. used to detect fraud related to authentication on the Portal;
- “performance” cookies, enabling the collection of information on the use of the Portal’s websites;
- “functional” cookies, enabling the “remembering” of the settings selected by the User and personalizing the User’s interface, e.g. in the scope of the selected language or region of the User’s origin, font size, website appearance, etc.
6. The software used to browse websites may, by default, allow the storage of cookies on the User’s device. The Portal User may change the settings for cookies at any time. These settings can be changed in particular in such a way as to block the automatic management of cookies in the settings of the web browser or inform every time they are uploaded on the User’s device. Detailed information about the possibilities and ways of managing the cookie files are available in the settings of the web browser software.
7. Restrictions on the use of cookie files may affect some of the functionalities available on the Portal.
8. Cookie files uploaded on the User’s end device may also be used by advertisers and other partners cooperating with the Portal Owner.
III. USE OF SOCIAL NETWORK PLUGINS
1. The Portal may contain integrated plugins for Facebook.com social networking site (“Facebook”) provided by the company Facebook Inc. (address: 1601 S. California Ave, Palo Alto, CA 94304, USA). Facebook plugins can be recognized by the dedicated Facebook logo on the Portal, which is a hyperlink to the Centre’s fanpage on Facebook. Active pressing of the plugin, which is a hyperlink to the Portal’s fanpage on Facebook, will cause that a direct connection will be established between the User’s web browser installed on the User’s device and the Facebook server, and the Centre’s fanpage on Facebook will be displayed in the User’s web browser. As a result of such a redirection, the Portal Owner does not collect or process the User’s personal data and the entity collecting and processing personal data will be the Facebook provider, in accordance with its privacy policy.
2. The Portal may contain integrated plugins for the social networking site Google+ (“Google+”), which is provided by the company Google Inc. (address: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google+ plugins can be recognized by the dedicated Google+ logo on the Portal, which is a hyperlink to the Centre’s fanpage on Google+ Active pressing of the plugin, which is a hyperlink to the Portal’s fanpage on Google+, will cause that a direct connection will be established between the User’s web browser installed on the User’s device and the Google+ server, and the Centre’s fanpage on Facebook will be displayed in the User’s web browser. As a result of such a redirection, the Portal Owner does not collect or process the User’s personal data and the entity collecting and processing personal data will be the Google+ provider, in accordance with its privacy policy.
3. It is possible to embed on the Portal films using the embed code of a given film placed on the Centre’s channel on You Tube (“You Tube”), whose provider is the company YouTube LLC (address: 901 Cherry Avenue, San Bruno, CA 94066 , USA). Due to the above, in some of the Portal’s tabs (e.g. in the Portal’s multimedia library) it is possible to embed and use dedicated You Tube plugins (using embed code), which are a hyperlink to the videos placed on the Centre’s channel on YouTube. Active pressing of the dedicated plugin button, which is a command to play the film embedded in the appropriate tab of the Portal, will cause than a direct connection will be established between the User’s web browser installed on the User’s device and the You Tube server. As a result of such a connection, the Portal Owner does not collect or process the User’s personal data and the entity collecting and processing personal data will be the You Tube provider, in accordance with its privacy policy.
4. The Portal may contain integrated plugins for the social networking site Instagram.com (“Instagram”), whose provider is Instagram LLC (address: 1601 Willow Road, Menlo Park, CA 94025, USA). Instagram plugins can be recognized by the dedicated Instagram logo on the Portal, which is a hyperlink to the Centre’s fanpage on Instagram. Active pressing of the plugin, which is a hyperlink to the Portal’s fanpage on Instagram, will cause than a direct connection will be established between the User’s web browser installed on the User’s device and the Facebook server, and the Centre’s fanpage on Instagram will be displayed in the User’s web browser. As a result of such a redirection, the Portal Owner does not collect or process the User’s personal data and the entity collecting and processing personal data will be the Instagram provider, in accordance with its privacy policy.
IV. CHANGES
1. The Portal owner undertakes to review this Privacy Policy on a regular basis and change it when it proves necessary or advisable due to: new legal regulations, new guidelines from authorities responsible for supervising the processes of personal data protection, best practices applied in the area personal data security.
2. The Portal Owner also reserves the right to change this Privacy Policy if there are any changes in technology, used to process personal data, and if there are changes to methods, purposes or legal grounds for processing of personal data by the Portal Owner.
3. The revised Privacy Policy enters into force upon its publication on the Portal.
V. CONTACT
We invite you to submit questions, comments and proposals regarding this privacy policy. Please send them in electronic form to the following e-mail address: gniezno@apsysgroup.pl.