Privacy

We respect the right to privacy of persons using the oliviacentre.com Website (hereinafter referred to as “Users”) and make every effort to ensure that the personal data of our Users is processed in accordance with applicable laws, including the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “Regulation”).

 

The use of the functionalities available on the oliviacentre.com Website (hereinafter referred to as the “Website”) may involve the processing of the User’s personal data by us.

 

Our Privacy Policy (hereinafter referred to as the “Policy”) was created to inform Users who is the administrator of their personal data, what personal data is used, for what purpose, on what basis and for how long we process it and with whom we make it available, as well as what rights Users have as subjects of personal data.

 

This policy also applies to the processing of personal data obtained as part of running our company profiles or groups on social networking sites, such as Facebook, YouTube, Instagram, Twitter, Google+ and LinkedIn (hereinafter referred to as “Social Networking Sites”).

 

This Policy is reviewed on an ongoing basis and will be updated as necessary. If changes are made, we will publish the updated version of the Policy on the Website.

 

I. Personal Data Controller

 

The administrator of the personal data of the Website Users is Olivia Serwis Spółka z ograniczoną odpowiedzialnością with its registered office in Gdańsk (80-309) at al. Grunwaldzka 472C, entered into the Register of Entrepreneurs of the National Court Register by the District Court Gdańsk-Północ in Gdańsk, VII Commercial Division of the National Court Register under KRS number 0000475473, NIP 5842732752, REGON 221946200, with a share capital of PLN 205,000.00 (hereinafter referred to as the “Service Provider”).

 

Separate controllers of personal data (hereinafter referred to as “Separate Controllers”) are the operators of Social Media Sites, operators of websites to which the User has gained access through links posted by the Service Provider on the Website, other personal data controllers indicated on the Website (for example: event organizers indicated in the relevant regulations concerning these events) and other entities indicated in the further part of the Policy as Separate Controllers. Separate controllers process Users’ personal data in accordance with their privacy and personal data processing principles. The Service Provider has no influence or has limited influence on the processing of personal data by the Separate Controllers.

 

II. Obtaining information regarding the processing of personal data

 

In all matters related to the processing of personal data (except for the matters specified below), the User should contact the Data Protection Officer appointed by the Service Provider, using the following contact details: Olivia Serwis Sp. z o.o., Krzysztof Hewelt – Data Protection Officer, al. Grunwaldzka 472C, 80-309 Gdańsk, e-mail address: iod@oliviacentre.com.

 

In matters related to the processing of personal data by Separate Controllers, the User should contact the Separate Controllers at the contact details provided by them.

 

III. Scope of personal data and information processed

 

The Service Provider processes personal data and information related to the use of the Website or the Service Provider’s company profile on the Social Networking Site or participation in the Service Provider’s group on the Social Networking Site, which the User shares or leaves when using the Website or the Service Provider’s profile or participating in the Service Provider’s group, including in electronic forms or saved in cookies, which may be in particular: names, surname, e-mail address, telephone number, address, gender, date of birth, profile picture, IP address, information about the User’s end device, browser or operating system, URL of the previously visited website, language, city, activities and time of the User’s engagement on the Website, data resulting from visiting the Service Provider’s profile or group on the Social Networking Site (e.g. resulting from liking, posting comments or entries, the User’s activity on the Service Provider’s profile or group on the Social Networking Site), other data made available to the Service Provider by the User in correspondence with the Service Provider.

 

In each case, the scope of personal data and information processed by the Service Provider depends on the scope of the User’s use of the functionalities available on the Website and Social Networking Sites, as well as on the scope of personal data and information made available to the Service Provider by the User in correspondence with the Service Provider.

 

In order to ensure security in the process of using the functionalities available on the Website and the confidentiality and integrity of data transmission, the Service Provider uses encryption technologies, in particular in the form of the SSL protocol.

 

IV. Purpose and legal basis for the processing of personal data

 

The Service Provider may process the User’s personal data for the following purposes:

 

  1. concluding and performing an agreement for the provision of a service available on the Website concluded between the User and the Service Provider on the basis of the terms and conditions applicable to this service (hereinafter referred to as the “Agreement”) – in the case of concluding such an agreement with the User, pursuant to Article 6(1)(b) of the Regulation,
  2. fulfilment of legal obligations incumbent on the Service Provider, in particular in the scope of keeping and archiving documentation or fulfilling a request resulting from the provisions of law of an authorized authority regarding the User’s personal data, pursuant to Article 6(1)(c) of the Regulation and relevant provisions concerning these obligations,
  3. establishing, securing and pursuing claims by the Service Provider or defending against claims against the Service Provider, on the basis of the Service Provider’s legitimate interest, consisting in the possibility of establishing, securing, pursuing and defending against claims, based on Article 6(1)(f) of the Regulation,
  4. analytical and statistical surveys and surveys of the level of satisfaction with the services provided by the Service Provider, on the basis of the Service Provider’s legitimate interest consisting in the possibility of conducting customer satisfaction surveys and creating statistics, reports, analyses, statistical, analytical and performance measurements regarding the use of the Website, the use of services provided by the Service Provider and the activity of Users, in particular in order to improve the quality, improve or developing the services provided by the Service Provider, adapting the Website to the habits of the Users, based on Article 6(1)(f) of the Regulation,
  5. correspondence, pursuant to Article 6(1)(a) of the b) the Regulation (undertaking activities aimed at concluding the Agreement or conducting correspondence related to the performance of the Agreement), Article 6(1)(a) c) the Regulation and relevant regulations (if the correspondence is the fulfilment of a legal obligation of the Service Provider), the legitimate interest of the Service Provider, consisting in the possibility of responding to correspondence based on Article 6 (1) (f) of the Regulation or the User’s consent, based on Article 6 (1) (a) of the Regulation (if the correspondence is sent on the basis of the consent granted to send it),
  6. marketing the Service Provider’s own products or services, based on the Service Provider’s legitimate interest, consisting in the possibility of offering the Service Provider’s own products or services, based on Article 6(1)(f) of the Regulation, whereby the implementation of marketing purposes may include, in particular, sending commercial information by electronic means,
  7. marketing, including those related to the marketing of the Service Provider’s own products or services and those of other persons, not within the scope specified in section IV.f) above, when the User has consented to it, based on Article 6(1)(a) of the Regulation, whereby the implementation of marketing purposes may include, in particular, sending by the Service Provider, on its own behalf or on behalf of other persons, commercial information by electronic means,
  8. for the purpose specified in the User’s consent to the processing of their personal data granted to the Service Provider, whereby the legal basis for the processing of the User’s personal data in such a case is Article 6(1)(a) of the Regulation,
  9. maintaining the Service Provider’s profile or group on the Social Networking Site, including informing about the Service Provider’s services, events and brand, as well as building a community, establishing relationships and communication with the Service Provider through the functionalities available on the Social Networking Site, based on the Service Provider’s legitimate interest, consisting in the possibility of marketing the Service Provider’s own products or services, promoting the Service Provider’s services, events and brand, and building community, establishing relations and communication with Users through the functionalities available on the Social Network, based on Article 6(1)(f) of the Regulation.

 

The User’s consent to the processing of his/her personal data may be expressed, in particular, by ticking the appropriate boxes in the electronic form, submitting appropriate statements or using the functionalities that involve the provision of personal data by the User to the Service Provider (e.g. from the communication channels and the User’s activity on the Service Provider’s profile or group on the Social Networking Site).

 

V. Sharing of personal data (recipients of personal data)

 

The User’s personal data may be made available by the Service Provider to entities processing personal data on behalf of the Service Provider, including entities used by the Service Provider or entrusted with the performance of activities within the scope of its business, entities providing tax, accounting, legal, technical or IT services to the Service Provider.

 

The User’s personal data may be made available by the Service Provider to entities processing personal data on their own behalf (Separate Administrators), including entities providing courier, postal, banking or insurance services, a payment operator handling payments for the Service Provider’s services purchased by the User, authorized entities or bodies to which the Service Provider is entitled or obliged to make personal data available on the basis of the provisions of law in force on the territory of the Republic of Poland, entities providing lease services in office buildings located in the office complex under the name of Olivia Business Centre, located in Gdańsk at ul. Grunwaldzka 472, co-organizers of events organized by the Service Provider.

 

VI. Transfer of data outside the EEA

 

The Service Provider allows for the possibility of cooperation with partners who are based in countries outside the European Economic Area (EEA). The Service Provider will transfer personal data outside the EEA only if it is necessary and with a high level of data protection, in particular through the use of standard contractual clauses adopted by the European Commission regarding the transfer of personal data to entities established outside the EEA.

 

VII. Duration of personal data processing

 

The duration of personal data processing by the Service Provider depends on the legal basis and purpose of processing, taking into account the principle of accountability. Taking the above into account, the User’s personal data may be processed for a period of:

  1. in the case of processing personal data for the purpose of concluding and performing the Agreement – for the duration of the Agreement, and after its termination for the period specified in points VII.b) and VII.c) below,
  2. in the case of processing personal data in order to comply with legal obligations incumbent on the Service Provider – for the time necessary to fulfill the obligation and the time during which the Service Provider may bear the legal consequences of failure to comply with this obligation,
  3. in the case of processing personal data for the purpose specified in section IV.c) of the Policy – for the time necessary to establish, secure and pursue claims by the Service Provider or defend against claims against the Service Provider, taking into account the limitation periods specified in the applicable law,
  4. if the basis for the processing of personal data is the legitimate interest of the Service Provider – at the latest until an effective objection to the processing of personal data is raised, subject to other provisions of section VII of the Policy,
  5. if the basis for the processing of personal data is the consent to their processing – at the latest until its withdrawal.

 

In the case of personal data processed for different purposes or on different legal bases for processing, for which there are different processing periods, the total processing time will not be longer than the processing period that expires at the latest.

 

VIII. Your rights in relation to the processing of your personal data

 

In connection with the processing of the User’s personal data by the Service Provider, the User is entitled to the following under the conditions set out in the Regulation:

 

  1. the right to access personal data,
  2. the right to rectify personal data,
  3. the right to erasure of personal data (right to be forgotten),
  4. the right to restrict the processing of your personal data;
  5. the right to transfer your personal data to another controller,
  6. the right to object to the processing of personal data, including profiling,
  7. the right to withdraw consent if the Service Provider processes the User’s personal data on the basis of consent, at any time, without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal,
  8. the right to lodge a complaint with the President of the Personal Data Protection Office if the User considers that the processing of data violates the provisions of the Regulation.

 

IX. Automated decision-making

Depending on the type of service provided by the Service Provider, the decision to conclude a contract with the User may be made automatically on the basis of data and information recorded by the IT system in the process of concluding the contract.

X. Information on profiling

 

During the processing of the User’s personal data, there is no profiling within the meaning of Article 22 of the Regulation, which could produce legal effects on the User or similarly significantly affect the User’s situation.

 

XI. Source of data or information (obtained by means other than from you)

 

The User’s personal data may come from the operators of Social Networking Sites, co-organizers of events in which the Service Provider acts as a co-organizer or payment operators handling payments for the Service Provider’s services purchased by the User.

 

The Service Provider informs that the User himself leaves and makes available to the Service Provider on the Social Networking Site his/her personal data when using functionalities that involve the provision of personal data to the Service Provider by the User (e.g. by posting likes, entries or comments on the Service Provider’s profile or group on the Social Networking Site, joining the Service Provider’s group on the Social Networking Site, using communication channels or other activities on the Website social network).

 

XII. Requirement to provide personal data

 

Providing personal data is necessary to conclude and perform the Agreement and to respond to the User’s correspondence. The consequence of not providing personal data is the inability to conclude and perform the Agreement or respond to the User’s correspondence.

XIII. Technologies that enable the collection and storage of information on the User’s end device

 

The Service Provider uses cookies on the Website. Cookies are IT data stored in files, placed while browsing the Website and stored on the User’s end device. Cookies do not cause any damage or configuration changes to your device or its software. Cookies have a unique name and a specific storage time on the end device and store information related to the specific device used by the User. Cookies may store a unique number that identifies the User’s device (IP number), but it does not determine the User’s identity.

 

The Website may save a cookie in the User’s browser, if the browser allows it. The Service Provider can only access the cookies placed by the Service Provider’s website and not the cookies placed by other websites.

 

The Service Provider may use cookies for the following purposes:

  1. necessary (technical) cookies – for the proper operation, display or use of the Website (e.g. User authentication, security),
  2. functional cookies – in order to adapt the Website to the User’s preferences (for example: remembering privacy preferences regarding cookies or actively selecting the language or specific content of the Website) and optimising the use of the Website (for example: recognising the User’s device and displaying the website accordingly),
  3. statistical and performance cookies – in order to create statistics, reports, measurements and research on the use of the Website, in particular to improve the quality, improve or develop the Website and the services provided on the Website, adapt the Website pages to the habits of the Users.

 

The Service Provider uses its own cookies and those from third parties. In order to monitor traffic, create statistics, reports, measurements and research on the use of the Website, the Service Provider uses Google Analytics cookies, which place codes on the Users’ end devices that enable the collection of data about the Users. The provider of Google Analytics, Google Ireland Limited, does not use the collected data to identify you personally. Detailed information on the scope of data collection and processing in Google Analytics is contained in the documents available on the following websites:

https://policies.google.com/?hl=pl and https://support.google.com/analytics/answer/6004245?hl=pl.

 

The Service Provider may use session (temporary) and permanent cookies. Session cookies are stored on the User’s end device only until they leave the Website or turn off the browser. Persistent cookies are stored on the User’s end device for the time specified in the parameters of these files or until they are deleted by the User.

 

The Service Provider does not identify the User’s identity on the basis of cookies.

 

The legal basis for the use of functional, statistical and performance cookies is the User’s consent. The legal basis for the use of necessary cookies is the need to ensure that the User operates, displays and uses the Website uninterrupted and correctly.

 

The user can delete cookies from the end device at any time (clear the browsing history in the browser) or change the browser settings in such a way that cookies are blocked. Information on the use of cookies and possible configurations is available in the settings of the browser used by the User. You can prevent the use of your data by Google Analytics at any time by downloading and installing the Google Analytics opt-out browser add-on available on the https://tools.google.com/dlpage/gaoptout?hl=pl website.

 

Deleting, blocking or changing cookie settings may affect the convenience of using the Website or result in the need to re-select the User’s preferences.

 

Your consent to the use of cookies is also stored by means of a cookie, so if you delete cookies from your browser, you will have to select your cookie privacy preferences again.

 

XIV. Policy Version

 

This Policy is effective as of 04 May 2022.