Website (hereinafter referred to as the “Website”) is administered by Columbus Energy S.A. with its registered seat in Krakow, ul. Jasnogórska 9, 31-358 Kraków, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Krakow – Śródmieście in Krakow, XI Commercial Division of the National Court Register under the following KRS number: 0000373608, NIP: 9492163154, [email protected] (hereinafter referred to as the “Administrator”).
In the case of using the Website, data of the Website users (hereinafter referred to as the “Users”), may be collected and used including their personal data.
In addition, information about the User’s IP address, the time of the inquiry arrival and sending a reply, the address of the website from which the User was redirected to the Website and the type of software used by the User (type of operating system and browser) may be collected. This information is used for the purposes of administering the Website and producing statistics and analyses.
The Administrator takes care of the safety of Users’ data by applying appropriate organizational and technical measures.
The security of personal data during the transmission is ensured by the SSL transmission protocol used by the Administrator. The protocol encodes data before sending it from the User’s browser and decodes after secure access to the Website server.
II. Personal data
The Personal Data Controller of the Users’ personal data is Columbus Energy S.A. with its registered seat in Krakow, ul. Jasnogórska 9, 31-358 Kraków, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków — Śródmieście in Kraków, XI Commercial Division of the National Court Register under KRS number: 0000373608, NIP: 9492163154, [email protected].
The Personal Data Controller has appointed a Data Protection Officer.
The Officer can be contacted regarding data protection matters, including the exercise of the rights of Users. Contact with the Officer is possible via the e-mail address [email protected] or by post at Columbus Energy S.A., ul. Jasnogórska 9, 31-358 Krakow.
The Personal Data Controller by means of the Columbus Installer App may process personal data for the following purposes:
sending a newsletter to the User – on the basis of Art. 6 sec. 1 letter a of the GDPR, i.e. the User’s consent to send a newsletter; the consent is given by providing an e-mail address and clicking on a confirmation button to subscribe to the newsletter;
contacting the User, if they wrote a message to the Personal Data Controller, completed the contact form or left their phone number using the Focus SiteCall tool – pursuant to Art. 6 sec. 1 letter f of the GDPR, because the data processing is necessary for the purposes resulting from the legitimate interests pursued by the Personal Data Controller; such an interest is to contact the User
direct marketing of the Personal Data Controller’s products and services – pursuant to Art. 6 sec. 1 letter f of the GDPR, because the data processing is necessary for the purposes resulting from the legitimate interests pursued by the Personal Data Controller; such an interest is to promote the Personal Data Controller’s products and services;
statistics and analysis of Users’ behaviour on the Website – pursuant to Art. 6 sec. 1 letter f of the GDPR, because the data processing is necessary for the purposes resulting from the legitimate interests pursued by the Personal Data Controller; such an interest is to make arrangements regarding the use of the Website by Users in order to optimise it to the needs of these Users.
The Personal Data Controller may share personal data with its subcontractors (entities that are used for the purpose of data processing) such as:
Aut O’Mattic Ltd. with its registered seat in Ireland – provider of a plugin for Jetpack WordPress used, among others, to analyse data and keep statistics of the Website;
Benhauer sp. z o.o. with its registered seat in Poland – a provider of SALESmanago service used to automate marketing processes;
Facebook Ireland Ltd. with its registered seat in Ireland – a service provider related to the display of advertisements to Users – Facebook Pixel, to the extent that personal data is processed for the purpose of providing matching, measurement and analysis services (e.g. to provide the Personal Data Controller with analyses and campaign reports);
Google LLC with its registered seat in the USA and Google Ireland Limited, a provider of Google services, such as: GSuite – a package of services such as e-mail and virtual disk; Google Analytics – a tool for analysing the Website; Google Ads – a service related to the display of advertisements to Users;
Hotjar Limited with its registered seat in Malta – a service provider for analysing User’s traffic on the Website;
Zapier Inc. with its registered seat in the USA – provider of Zapier tool used to manage the organisation of work in the Personal Data Controller’s/Administrator’s enterprise.
Alfavox sp. z o.o. with its registered seat in Poland – provider of customer experience system service and contact center system used to offer telephone contact to Users.
With regard to personal data contained in the event data concerning the activities of individuals on the User’s websites and applications, which integrate Facebook’s business tools for which the Personal Data Controller and Facebook jointly determine the means and purposes of the processing, the Personal Data Controller and Facebook Ireland are joint controllers of personal data in accordance with Article 26 of the GDPR. More information can be found at this link: https://www.facebook.com/legal/terms/businesstools_jointprocessing.
The joint personal data controller together with the Personal Data Controller is also Criteo SA with its registered seat in France. Criteo SA is the provider of Criteo tool for retargeting and displaying personalised ads to Users. More information can be found at this link: https://www.criteo.com/blog/gdpr-need-know-criteo/.
The following categories of entities may also be the recipients of the User’s personal data: employees and associates of the Personal Data Controller, hosting providers, marketing and advertising agencies, entities providing IT system management and maintenance services, legal advisors. Such entities are provided with Users’ personal data by the Personal Data Controller in accordance with applicable law (for example, pursuant to data processing entrustment agreements, if their conclusion is required in accordance with the GDPR).
The Personal Data Controller does not transfer personal data outside the European Economic Area with the exception of using the services of the following entities: Google LLC, Facebook Ireland Ltd., Zapier Inc.
sending the newsletter to the User is processed until the User withdraws the consent
contacting the User is processed for a period of 3 years from the date of their collection
direct marketing of the Personal Data Controller’s products and services – will be stored until:
the objection to their processing for such purpose, unless the Personal Data Controller demonstrates the existence of valid legitimate grounds for data processing, overriding the interests, rights and freedoms of the data subject; in this case, the data will be stored until such valid legitimate grounds for processing exist, or
the withdrawal of the consent to receive commercial information or to use telecommunications terminal equipment and automated calling systems for direct marketing purposes;
statistics and analyses of Users’ behaviour on the Website – is processed for a period of 3 years from the date of their collection.
In order to exercise their rights, the Data Users may contact the Personal Data Controller or the Data Protection Officer.
The User may also contact the Personal Data Controller or the Data Protection Officer in order to obtain information on why the Personal Data Controller has decided that they may process User’s personal data on the basis of legitimate interests.
Providing personal data when using the Website is voluntary. However, if the User fails to provide it, it will not be possible to contact them, send them offers or newsletters.
The Personal Data Controller does not take decisions towards Users that are based solely on automated processing, including profiling, and produce legal effects on Users or similarly significantly affect them.
Cookies are IT data, in particular text files, which are stored in the User’s terminal device and are intended for the use of websites. Cookies usually contain the name of the website from which they originate, the duration of their storage on the terminal device, content (e.g. action identifiers) and a unique number.
Cookies are used to:
adjust the content of the Website to the User’s preferences and optimize the use of the Website; in particular, these files allow to recognise the User’s device and properly display the Website, adapting it to the User’s needs and preferences;
adapt the advertisements displayed to the User to their preferences;
create statistics and analyses on the use of the Website.
The Website uses two main types of cookies: session cookies (session cookies, session storage) and “persistent” (persistent cookies, local storage). Session cookies are temporary files that are stored in the User’s terminal device until the session expires (e.g. leaving the Website, removing them by the User, or disabling the software). “Persistent” cookies are stored in the User’s terminal device for the time specified in the parameters of cookies or until they are deleted by the User.
The default settings of web browsers usually allow the storage of cookies in the end devices of Website Users. However, these settings may be changed by the User.
Blocking or deleting cookies may cause difficulties in using the Website, e.g. because some of its options will not be available to the User.
The Personal Data Controller informs that in accordance with the provisions of the Telecommunications Act, the consent of the end user to store information or access information already stored in the telecommunications terminal equipment of the end user may also be expressed by the user by means of software settings installed in the terminal equipment used by them. Therefore, in the event that the user does not want to give such consent, they should change the settings of the web browser.
Detailed information on changing browser settings regarding cookies and their deletion can be obtained on the official website of a specific browser. In particular, the above information can be found at the following websites:
The Personal Data Controller (Administrator) uses the following tools provided by Google on the Website: Google Analytics, Google Ads, Google Tag Manager.
Google Ads is used to display relevant ads to the User. Cookies are placed on the User’s device in order to remember the pages that they visit. On the basis of the collected information, personalised advertisements on the pages viewed by the User are displayed. The Personal Data Controller (Administrator) may order advertisements to the recipients of its choice, e.g. to all persons who visited the Website within 7 days. The Personal Data Controller (Administrator) orders the advertising on the basis of aggregate criteria, e.g. to specific target groups, never to a specific User. The settings for personalising ads can be changed in Google services at this link: https://adssettings.google.com/. As part of Google Ads, the Personal Data Controller (Administrator) uses extended conversion options. This feature allow to collect encrypted information collected on the conversion page (e.g. e-mail addresses from contact forms) and then adjusts it to the information about Google users logged in. The extended conversion complements existing conversion tags by sending encrypted conversion data from the Website to Google in a way that protects privacy. The extended conversion feature ensures the confidentiality and security of information by applying the highest industry standards – data is encrypted before sending it to Google (a one-way encryption algorithm called SHA256).
The Personal Data Controller (Administrator) uses the business tools provided by Facebook, including Facebook Pixel, which is used for marketing activities.
Facebook Pixel “tracks” visits and behaviors of Users who navigate the Website. Thanks to this, it is possible to target user-tailored advertising (remarketing/retargeting).
The Personal Data Controller (Administrator) receives only statistical data from Facebook, without reference to specific Users. In this way, the Personal Data Controller (Administrator) checks the effectiveness of ads on Facebook and Instagram, investigates the market and keeps its own statistics.
The Administrator collects data from Facebook Pixel only for statistical analysis, and orders ads only on the basis of aggregate criteria, never to a specific user.
The Personal Data Controller (Administrator) uses the code related to the social network LinkedIN on the Website.
The User’s browser may establish a connection to the social network LinkedIN and provide information about the visit to the Website. This applies only to Users who have a profile on the above-mentioned platforms and have given their consent to track their activity.
The Personal Data Controller (Administrator) may use the Hotjar tool provided by Hotjar Limited on the Website.
The purpose of this tool is to analyse the User’s behavior when using the Website. Hotjar records how the User navigates the Website (including, for example, navigation or cursor movement). However, the Personal Data Controller (Administrator) does not collect any other data of the User using this tool. This tool is used by the Personal Data Controller (Administrator) only to analyse and optimise the functioning of the Website.