Register and enjoy discounts!

Privacy and Cookies

PERSONAL DATA SECURITY POLICY

  1. GENERAL PROVISIONS
  • 1. Legal bases
  1. In order to ensure the protection of personal data processed Owner introduces "security policy".
  2. Legal basis of management information system for the processing of personal data article. 36 paragraph 1. 2. from the article. 3 paragraphs 1 and 2. 2 section 2 of the Act odo and § 3 and § 4 of the regulation.
  • 2. Definitions

Terms used in this document shall mean:

  1. Security policy: this "security policy";
  2. The owner or Administrator: DROP24 ARTUR PLEWNIAK, RYNEK7, 50-106 WROCLAW, established under the company DROP24 ARTUR PLEWNIAK, NIP 7491930768, Regon: 367927563;
  3. Personal information or data: any information relating to an identified or identifiable natural person;
  4. Odo Act: the Act of 29 August 1997 on the protection of personal data year (OJ 2014.1182, as amended);
  5. Regulation: a regulation of the Minister of Internal Affairs and administration of 29 April 2004, in the documentation to the processing of personal data and the technical and organizational conditions, which should correspond to the devices and information systems to the processing of personal data (OJ 2004.100.1024);
  6. Labour Code: the Act of 26 June 1974, the labour code (OJ 2014.1502, as amended).
  • 3. Organisational issues
  1. Personal data are processed in connection with the business owner. In particular, personal data are processed:
    1. in order to ensure the correct, lawful, and the objectives of the owner's personnel policies and day-to-day handling of labor relations;
    2. in connection with the provision of the owner or by the owner of the services under civil-law contracts,
    3. in order to issue an invoice, in connection with the conclusion and execution of civil law contracts concluded by the owner in the course of a business,
    4. in order to carry out the accounting records or financial reporting;
    5. for other justified purposes and tasks of the owner-with respect for the rights and freedoms of which confers the owner of your data.
  2. Security policy applies to personal data processed in the data sets:
    1. traditional, in particular in the personal file and in other collections costs,
    2. in information systems, also in the case of processing of data beyond a collection of personal data.
  1. Personal data of the owner are processed in compliance with the laws in force in that regard, the provisions of the law, and in particular:
    1. the provisions of the Act odo and implementing legislation related, in this Regulation,
    2. the provisions of article 4. 221 § 1-4 of the labour code,
    3. other provisions of laws and regulations governing the processing of personal data.
  • 4. Basic assumptions and objectives
  1. The owner shall exercise due diligence in order to protect the interests of the data subject and, in particular, ensure that the data are:
    1. processed in accordance with the law,
    2. collected for identified, legitimate purposes and not further processed not in compliance with these objectives;
    3. factually correct and adequate in relation to the purposes for which they are processed,
    4. stored in the form of enabling the identification of the persons concerned, for no longer than is necessary to achieve the purpose of the processing.
  2. The owner shall apply appropriate measures, technical and organisational measures to ensure the protection of personal data processed for risks and categories of data protection, and in particular:
    1. before they are unauthorized,
    2. before being intercepted by an unauthorized person,
    3. processing in violation of the law,
    4. change, loss, damage or destruction.
  1. The owner seeks to systematically upgrade used it on site, technical and organisational measures to protect the data. In particular, the owner provides information updates data protection measures to safeguard against viruses, unauthorized access and other threats to data, of the functioning of the information system and telecommunications networks.
  1. PROCEDURE
  • 5. Permissions and access to data
  1. The owner provides processed for personal information only to persons authorized to do so under existing legislation.
  2. Authorisation may be granted, if such a need arises from:
    1. the nature of the work performed in the workplace or the services provided, or
    2. document setting out the responsibilities (activities) performed on the job, or
    3. a separate document containing the personal authority to access to personal data. Model of authorization is given in annex No. 1 to security policy.
  3. The owner provides access to personal data processed by individuals is that spectrum was administered by these data.
  4. That spectrum was administered by personal data are individuals who have transferred your data in connection with employment or other civil law relations.
  5. Persons not employed in the processing of personal data of the specified categories, including administrators of personal data, with a legal interest or actual access to those data can have visibility only in the presence of an authorised the representative of the Owner or the owner.
  6. Access to personal data and their processing without a separate authorization by the controller may take place only in the case of entities authorized under applicable law to access and data processing category, in particular, the national labour inspection, social security, tax authorities, police, internal security agency, the military information services, common orchards, the Supreme Chamber of control, the Inspector General of the protection Personal data and other authorized by law operators and authorities, acting within the limits of their powers-on presentation of evidence of these permissions.
  • 6. The processing of data
  1. The owner of the data processing shall be permitted only with the authorization granted by the owner.
  2. Authorisation may be granted, if such a need arises from:
    1. the nature of the work performed in the workplace or the services provided, or
    2. document setting out the responsibilities (activities) performed on the job, or
    3. a separate document containing the personal authority to access to personal data. Model of authorization is given in annex 2 to the security policy.
  3. The data controller shall keep a register of persons authorized to their processing, which includes:
    1. name of the authorized person,
    2. the date of dispatch and termination of and the scope of authorization to the processing of personal data,
    3. identifier, if the data are processed in the information system.
  1. Records of authorized persons is given in annex 3 to the security policy.
  2. Persons authorized to the processing of personal data shall be familiar with the scope of confidential information in the context of their work by them. In particular, they are informed of the duties maintain the confidentiality of personal data and their security. Persons authorised to process the data are required to keep secret the personal data and their methods of security.
  3. The owner provides the familiar persons authorised to have access and/or the processing of personal data with the generally applicable law, internal regulations, as well as the techniques and measures for the protection of these data.
  • 7. Rights of persons whose data are processed
  1. Owner guarantees the realization of rights guaranteed by the applicable law, natural persons whose personal data are processed, with respect for the rights and freedoms of entrusting your data.
  2. In particular, any person whose personal data are processed, shall have the right to obtain information about the extent of its powers relating to the protection of personal data, as well as the right to control the processing of data concerning them, included in the collection of data on the principles referred to in article 1. 32 – 35 of the Act odo.
  3. The data controller is obliged to inform the data subject – on request – of her rights and provide information:
    1. What personal data contains a collection of,
    2. how data was collected,
    3. What is the purpose and scope of the data is processed,
    4. the extent to which, and to whom the data have been made available.
  • 8. Removing and destroying
  1. The owner has control and supervision of the removal of unnecessary personal data and/or their harvests and the destruction of their media. Control and supervision may consist in the introduction of appropriate procedures for the destruction of the data, as well as ordering the destruction of them, specialized third parties, guaranteeing security of data destruction process suitable for the kind of media these of data.
  2. Destroying unnecessary personal data and/or their collections rely should, in particular, on a durable physical media destruction, personal data and/or their collections to the extent that their subsequent reproduction by unauthorized persons when use of widely available methods.
  3. Of the person processing personal data on the owner have the obligation to apply the tools and techniques available to them to cast the destruction of unnecessary personal data and/or their collections.

(C) BUILDINGS, ROOMS AND ROOM PARTS THAT MAKE UP THE AREA WHERE PERSONAL DATA ARE PROCESSED

  • 9.
  1. The owner shall designate buildings, rooms or parts of rooms that make up the area, in which personal data are processed. List of buildings constitutes Appendix No. 4 to security policy.
  2. In case the room is part of the open access and the part where personal data are processed is a part in which they are processed personal data should be clearly separated from the public area.
  3. Separation of part of the space in which it processes personal data may be made, in particular, through the installation of railings, lad, or setting Office furniture that is preventing or at least limiting the uncontrolled access unauthorized to harvest personal data processed in the room.
  4. Under special protection against unauthorized access to personal data are devices that make up a computer system. In particular, the workstations (individual computers) that are part of this system, should be placed in a way that prevents any unauthorised, direct and uncontrolled access to screens and devices for processing, and in particular, copying data.
  5. Unauthorized persons to the processing of personal data of a specific category, having a legal interest or actual access to those data or performing other actions not having connection with access to this data may be present in buildings, areas and parts of the rooms that make up the area of the company, in which personal data are processed only in the presence of an authorized representative of the owner.
  6. The total leave the room in which the personal data are processed, it must be associated with the use of the available means of protection is the space in front of the entrance of unauthorized persons.
  7. Leave the room in which the personal data are processed, it must be associated with the use of the available means of protection of personal data sets currently in use. In particular, if your expected, even if temporary, employee absences authorized to process personal data it is obliged to put collections found in the forms of traditional protected environment for their storage and make the necessary operations in the computer system to prevent unauthorized access to your personal information.
  8. Access to buildings and premises in which personal data are processed, shall be subject to control. Access control may, in particular, rely on checking in all cases, download and return the keys to the premises. The owner may make other forms of monitoring access to areas of the processing of personal data.
  1. COLLECTION OF PERSONAL DATA
  • 10.
  1. List of collections of personal data, together with an indication of the programs applied to the processing of personal data is given in annex # 5 to the security policy.
  2. The owner of the prohibited the creation of collections of personal data, as well as the collection in the collections or categories of personal data other than necessary for the implementation of the operations of the company.
  1. A DESCRIPTION OF THE STRUCTURE OF THE DATABASE
  1. Sample description of database structure PDF | DOCX
  1. HOW THE FLOW OF DATA BETWEEN THE
  1. Sample description of database structure PDF | DOCX
  1. ATTACHMENTS

Integral parts of the security policy are:

  1. model of authorization to access to personal data (annex 1)
  2. model of authorization to the processing of personal data (annex 2)
  3. the list of persons authorised to process personal data (annex 3)
  4. list of buildings, premises or parts of premises where data is processed (annex 4)
  5. the list of data sets, together with an indication of the programs applied to the processing of personal data (annex 5)
  6. records of the persons entitled to the processing of personal data (annex 6)
  7. Administrator of personal data (see Appendix 7)
  8. model representations of the person authorized to the processing of personal data (annex 8)

 

 

PRIVACY POLICY AND USE OF COOKIES
On the site http://drop24.pl

  • 1. General provisions
  1. Privacy policy and use of cookies on the website http://drop24.pl (the "policy") has been created and accepted by the established under the company DROP24 ARTUR PLEWNIAK.
  2. Terms used in this policy means:
    1. Service: online service http://drop24.pl;
    2. User: entity using the publicly accessible website;
    3. Owner: DROP24 ARTUR PLEWNIAK, RYNEK7, 50-106 WROCLAW, established under the company DROP24 ARTUR PLEWNIAK, central registration and Information about business, tax ID: 7491930768, Regon: 367927563;
    4. Cookies: text files, sent by the service and stored on the user's end device, with which you use while browsing the Web. The files contain the information necessary for the proper functioning of the Service. Cookies usually contain the domain name of the website from which they come from, the time of their storage on the end device and number;
    5. Telecommunications law: the law of 16 July 2004 year telecommunication law (OJ 2014.243, as amended);
    6. Śude Act: the Act of 18 July 2002 the year of providing services by electronic means (OJ 2013.1422, as amended);
    7. Odo Act: the Act of 29 August 1997 on the protection of personal data year (OJ 2014.1182, as amended).
  3. The policy objective is, in particular, to:
    1. granting users the information about use of Cookies on the site, as required by the provisions of the telecommunications law;
    2. to provide users the protection of privacy in the field corresponding to the standards and requirements set out in the applicable legislation, in particular in the law śude, Law odo and Telecommunications Law.
  1. The owner of the limited collection and use of your information to the minimum required to provide their services.
  2. In order to gain full access to content and services via the service offered by the owner, it is advisable to accept the policy.
  • 2. Protection of privacy and personal data
  1. User data are processed by the owner in accordance with the law. Obtained by the owner of the personal data of users are processed based on the user's authorization or based on legal grounds justifying the processing, in accordance with the requirements of the law, in particular with the odo and its implementing rules.
  2. The owner shall make special care in order to protect the interests of the data subject and, in particular, ensure that the data are:
    1. processed in accordance with the law,
    2. collected for identified, legitimate purposes and not further processed not in compliance with these objectives;
    3. factually correct and adequate in relation to the purposes for which they are processed,
    4. stored in a form which permits identification of subjects for no longer than is necessary to achieve the purpose of the processing.
  3. The owner shall apply appropriate measures, technical and organisational measures to ensure the protection of personal data relevant to the risks and categories of protected data and, in particular, protection against:
    1. unauthorized,
    2. being intercepted by an unauthorized person,
    3. processing in violation of the law,
    4. change, loss, damage or destruction.
  1. The owner seeks to systematically upgrade used, technical and organisational measures to protect such data, and in particular the owner provides information updates of measures for the protection of personal data to to protect against viruses, unauthorized access, and other security threats, of the functioning of the information system and telecommunication networks.
  2. Every user, who in any way made the owner of the personal information the owner provides access to personal data concerning him for the purpose of verification, modification, or deletion. The transfer of personal data is voluntary.
  • 3. Cookies
  1. Cookies are used to:
    1. customize the content to user preferences;
    2. optimize the use of the service, in particular by identifying the end user device,
    3. create statistics
    4. maintain user sessions
    5. provide you with advertising content.
  2. Cookies may be placed in the terminal equipment of a user of the service and used in accordance with the law, in particular the śude, odo and telecommunications law.
  3. Please note that in some cases, independent from the owner, software installed by the user on the terminal device, used to view Web pages (Web browser) is the default storage of Cookies on the user's end device. Website users may, at any time, change the settings for Cookies. These settings can be changed, inter alia, in such a way as to block the automatic settings Cookies or inform them each posting on the user's end device. Details are available in the settings and instructions for software (Web browser).
  4. Changing the settings is the expression of opposition, which in the future will prevent you from storing data of the owner in the terminal equipment of a user.
  5. Change your Cookies settings may cause inconvenience in the use of the service, in particular requiring login. Completely disable accepting Cookies will not mean inability to browsing the content published on the website except those to which access requires you to log on.
  6. If you do not change the settings means that the data will be posted on the user's end device (use of the service will automatically post Cookies on the user's end device).
  7. The stored data posted on the user's end device does not cause configuration changes on the user's end device or software installed in your device.
  8. Information on Cookies also apply to other similar technologies used within the service.
  • 4. Provision of services by electronic means
  1. The owner in case of payments to electronic service user can install software in the User terminal equipment intended for the use of these services or use the software, provided that you:
    1. before installing any software will be informed of the purpose for which the software will be installed, and how to use by the owner of this software;
    2. will be informed about how to remove the software from your device to the end-user;
    3. before installing the software you agree to its installation and use.
  2. Information to that effect. the field will be given to you along with the delivery of the software necessary for the use of the services.
  • 5. Final provisions
  1. The policy has been adopted by order of the owner and shall enter into force on the day of 19/09/2017. Change the content of the policy may be in the same mode.
  2. Any deviations from the Policy require written form under the pain of nullity.
  3. The law applicable to the Policy is the law of the Republic of Poland.
  4. In matters not dealt with in this policy shall apply the relevant provisions of the law, including the right of the Telecommunications Act, odo, Act śude.

 

 

[1] Delete as appropriate.

 

x

Welcome to the Loyalty Points Demo Store :-)

Sign up and receive 5000 pts to test out in our Store.

Earning and redeeming DropClub Points

$1
Earns you
5
$1
Redeems to
35

Ways you can earn

  • Product Purchase
  • Refer a friend
  • Share on social media

Learn more about our program