Privacy policy

PRIVACY AND COOKIE POLICY OF THE WEBSITE WWW.OMNEENERGIA.PL

I. GENERAL PROVISIONS

1. This privacy and cookie policy describes the rules for handling personal data and using cookies within the website https://www.omneenergia.pl/ (hereinafter referred to as the " Website ").
2. The administrator of personal data collected via the Website is Omne Energia SA with its registered office in Warsaw (01-785) at ul. Broniewskiego 3.
3. Contact with the Administrator is possible at the e-mail address: biuro@omneenergia.pl or by phone at 22 439 01 00.
4. Each entity using the Website is its “ User ”.
5. The personal data of the Website User are processed by the Administrator in accordance with applicable legal provisions, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as " GDPR ").
6. Contact with the Data Protection Inspector is possible at the following e-mail address: iod@perfectinfo.pl.
7. In order to exercise the rights of data subjects, please contact the Administrator at the e-mail address indicated above, or the e-mail address of the Data Protection Inspector.

II. PERSONAL DATA PROCESSING
1. Contact form "Write to us"

Personal data sent to the Administrator via the Contact Form will be processed in order to answer the question asked. The legal basis for the processing of personal data is the legitimate interest of the Administrator consisting in responding to the User's messages and conducting communication with the User (legal basis: art. 6 sec. 1 letter f of the GDPR).

If the User requests the Administrator to present a commercial offer, his/her personal data will be processed on the basis of Article 6 paragraph 1 letter b of the GDPR, i.e. activities aimed at concluding a contract.

The User's personal data will be processed for the period necessary to handle the correspondence, extended accordingly by the period resulting from the connection of the correspondence with the concluded legal relationship, archiving obligations, the pursuit of possible claims or other obligations required by generally applicable law;

The User has the right to access the content of their personal data, the right to request their rectification, deletion, restriction of processing and the right to object to their processing. The User has the right to file a complaint to the President of the Personal Data Protection Office if they believe that their personal data are being processed unlawfully.

Providing personal data is voluntary, but necessary in order to respond to the message sent by the User.

III. DATA RECIPIENTS

1. For the proper functioning of the Company, including the implementation of concluded agreements, it is necessary for the Administrator to use the services of external entities (such as IT services, software providers or payment service providers). The Administrator only uses the services of such entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
2. The Controller does not transfer data in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Controller transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
3. Users’ personal data may be transferred to the following recipients or categories of recipients:

a. service providers supplying the Administrator with IT, technical and organizational solutions enabling the Administrator to conduct the company's business, including the website and electronic services provided via it (in particular, suppliers of computer software for running the Service, e-mail and hosting providers, and suppliers of software for managing the company and providing technical support to the Administrator).

b. providers of legal, accounting and advisory services providing the Controller with accounting, legal or advisory support (law firm or debt collection company).
c. entities handling electronic or card payments.

IV. COOKIES AND OTHER TRACKING TECHNOLOGIES

1. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Website (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone - depending on the device used by the visitor to the Website).
2. The Administrator may process data contained in Cookies when visitors use the Website for the following purposes:

a. adapting the content of the Website to the individual preferences of the User (e.g. regarding colours, font size, page layout) and optimising the use of the Website;

b. keeping anonymous statistics showing how the Website is used;

3. The Administrator informs the User that it is possible to configure the web browser in such a way that prevents the storage of cookies on the User's end device. In such a situation, the User's use of the Service may be difficult.

4. The Administrator indicates that cookies may be deleted by the User after they have been saved by the Administrator, through appropriate functions of the web browser, programs used for this purpose or by using appropriate tools available within the operating system used by the User.

5. The website uses functions provided by third parties, which involves the use of cookies from these third parties. The use of this type of cookies is described below:

a. The Administrator uses Google Analytics , Universal Analytics services provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to analyze traffic on the Website and optimize it based on the legitimate interest (Article 6, paragraph 1, letter f of the GDPR) in conducting the marketing process. Google Analytics automatically collects information about the use of the Website by the User. This data is stored on a server in the United States. Google LLC has the EU-US Privacy Shield certificate guaranteeing an adequate level of data protection.

• The user can block the sharing of information about their activity on the website with Google Analytics. To do this, install the browser add-on provided by Google LLC available at the following link: https://tools.google.com/dlpage/gaoptout?hl=pl .
• Details regarding data processing within Google Analytics are available at: https://support.google.com/analytics/answer/6004245 .

b. The Administrator uses Google AdWords marketing tools provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on the Website to promote the Website in search results, on third-party websites, and for remarketing purposes based on legitimate interest (marketing activities). When visiting the Website, Google AdWords automatically saves a remarketing cookie on the User's device, which allows for the display of advertisements based on the User's interests. Further data processing takes place only if the User has consented to Google linking the browsing history and use of the application with the User's account and using information from the Google account to personalize advertisements displayed on websites. If the User is logged into their Google account while viewing the Website, Google will use the User's data together with Google Analytics data to create and define lists of target groups for remarketing purposes on different devices. For this purpose, Google temporarily links the User's data with Google Analytics data to create target groups.

• The user can deactivate cookies used for remarketing within their Google account settings: https://myaccount.google.com/ .
• Details regarding data processing within the Google AdWords service are available at: https://policies.google.com/privacy?hl=pl .

c. The Administrator uses the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Thanks to the Facebook Pixel tool, the Administrator can measure the effectiveness of its advertisements and tailor advertisements to a given User.

The legal basis for the above actions is the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR), which is the implementation of the marketing process. Facebook Pixel automatically collects information about the use of the Service by the User, and then transfers this data to its servers in the EU or in the United States and stores it there. Based on the information collected, the Administrator is not able to identify a given User of the Service. The collected data only allows to determine what actions the User has taken on the websites. Detailed information about the operation of Facebook Pixel can be found at the following Internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content Managing the operation of Facebook Pixel is possible through advertising settings on your Facebook account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . For more detailed information about data processing by Facebook, please read their Privacy Policy available at: https://www.facebook.com/privacy/explanation .

Facebook Ireland Limited has joined the EU-US Privacy Shield programme, ensuring an adequate level of protection of processed personal data accepted by the European Commission.

6. Server Logs

Using the Service involves sending queries to the server where the website is stored. Each query directed to the server is saved in the server logs.

Logs include, among others, the User's IP address, server date and time, information about the web browser and operating system used by the User. Logs are saved and stored on the server.

Data stored in server logs is not associated with specific people using the website and is not used by us to identify you.

Server logs constitute only auxiliary material used to administer the Service, and their content is not disclosed to anyone other than persons authorized to administer the server.

Information clause regarding e-mail correspondence

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter " GDPR "), we present the following information related to the processing of your personal data:

1. The administrator of the personal data provided by you is Omne Energia SA with its registered office in Warsaw (01-785) at ul. Broniewskiego 3 , tel.: 22 439 01 00, e-mail address: biuro@omneenergia.pl

2. The Administrator has appointed a Data Protection Officer (DPO), contact details of the DPO are as follows: iod@perfectinfo.pl .

3. The personal data you provide in the e-mail are processed for the following purposes:

a. responses to correspondence received from you, including answers to questions you have asked and providing information you have requested;

b. to continue handling correspondence with you and to resolve the matter for which you have contacted us;

c. any determination, pursuit of claims or defence against claims.

4. The legal basis for processing is the legitimate interest of the Administrator in handling correspondence with you (Article 6 (1) (f) of the GDPR).
5. The recipients of your personal data may be entities providing IT, legal, advisory and insurance services to the Administrator based on relevant agreements and entities authorised to receive your personal data under applicable law.
6. Your data will be processed for the duration of the correspondence extended by the limitation period for any claims.
7. You have the right to: access the content of your data and request its rectification, deletion, restriction of processing and the right to object to the processing of your data.
8. You also have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of your personal data violates the provisions of the GDPR.

9. Providing your data is voluntary, but necessary to conduct e-mail correspondence with you.
10. Your personal data will not be subject to automated decision-making, including profiling, and will not be transferred outside the European Union or to international organisations.