PRIVACY POLICY
1. General
This Privacy Policy applies to the processing of personal data in connection with the operation of the website https://coquimalachowskacoqui.com/ (hereinafter: “Website”).
The Personal Data Controller for the data processed in connection with the operation of the Website is COQUI MALACHOWSKA COQUI Städtebau Landschaftsarchitektur, address: Potsdamer Straße 105, 10785 Berlin, VAT taxpayer number: DE223801373 (hereinafter referred to as the “Controller”).
The terms used in the Privacy Policy should be interpreted in accordance with the General Data Protection Regulation of 27 April 2016 (hereinafter referred to as GDPR) and the relevant provisions of national law on the protection of personal data (including in Germany: Bundesdatenschutzgesetz of 30 June 2017, in Poland: the Personal Data Protection Act of 10 May 2018), unless otherwise defined in the Privacy Policy.
2. Definitions
For the purposes of this Privacy Policy, the following terms are defined as follows:
- Personal data – any data identifying or allowing for the identification of a natural person, directly or indirectly, in particular data such as name and surname, PESEL number, number of a document allowing to confirm identity, address of residence, telephone number and e‑mail address,
- Processing – any operation carried out on personal data, in particular the acquisition and collection of personal data, recording or recording of personal data,
- Special categories of data – personal data identifying racial or ethnic origin, religious, philosophical or political affiliation, trade union membership, health condition, sexuality or sexual orientation and biometric data,
- Legitimate interest of the processor – the legal basis for the processing of personal data based on the actual interest of the data controller, which is at the same time lawful and does not infringe the rights, interests and freedoms of data subjects,
- User – a natural person using the Controller’s Website,
- Partner – an entity cooperating with the Controller, which has been recognized by the Controller as trusted and ensuring an appropriate level of personal data protection, and therefore it is possible to entrust data processing,
- Website – the Controller’s website with the main address https://coquimalachowskacoqui.com/.
3. Principles of personal data processing
The Controller processes personal data based on the assumptions of data minimisation and processing as well as maximisation of the default level of privacy.
The Controller processes data on the terms set out in this Privacy Policy.
The Controller processes Users’ personal data in connection with and to the extent necessary to provide access to the Website and provide its functions.
The Controller ensures the security of the processed personal data and guarantees the exercise of the rights of data subjects.
4. Scope of data processing and location of processing
The Controller collects Users’ data, in particular the IP address of the User’s device, information about the device, information about the User’s activity on the Website, online identifier and data collected by cookies and other similar technologies.
The Controller processes personal data within the European Economic Area (hereinafter referred to as EEA). The Controller does not transfer personal data outside the EEA. The Controller reserves the right to transfer personal data to partners outside the EEA after the European Union authorities recognize the destination country as guaranteeing an equal or higher standard of personal data protection than the European one.
The Controller processes personal data until the basis for their processing ceases to exist. In the case of processing personal data based on the consent of the data subject, the Controller processes the data until the consent is withdrawn. In cases where the law imposes an obligation to store data for a period longer than the one resulting from the basis for processing, the Controller stores the data for the period indicated in the regulations.
5. Cookies
Cookies are text format files used to save information on the User’s end device, used for communication between the Website and the User’s device. In connection with the use of the Website, two types of cookies are saved: session files, saved for the duration of the User’s visit to the Website, and permanent files, saved on the User’s device until they are deleted by the User. Cookies come in the following variants:
- Files necessary for the functioning of the Website – files with data about the User’s session, including session ID, authentication files, security files, media player files. Files necessary for the functioning of the website are session files and are not retained after the expiry of the User’s session.
- Functional files – files with data personalizing the interface of the Website, retained after the expiry of the session.
- Analytical files – files that allow for monitoring activity on the Website, used to analyse the User’s behaviour during the use of the Website in order to formulate analyses and reports on the functionality of the Website.
- Performance Analysis Files – files that allow monitoring the User’s activity in terms of the performance of the Website in comparison with performance indexes, in order to improve the interface of the Website.
- Marketing files – files that allow us to present personalized marketing materials to the User.
The User may choose the preferred cookie settings at the beginning of the visit to the Website and each time in the settings of the web browser. Detailed information on how to choose your privacy settings is provided by the provider of the selected web browser. The default setting of cookies is to accept only files necessary for the functioning of the Website. The Controller provides the possibility of refusing to accept all cookies. Failure to accept the files necessary for the functioning of the Website may prevent the use of the Website in its entirety or in relation to some of its functionalities.
6. Rights of data subjects
6.1. Persons whose personal data are processed by the Controller are entitled to:
- Access to data, in particular to obtain information about the purpose and scope of the processing of their personal data and to obtain a free copy of the data in question on a one-off basis,
- Correction of incomplete or untrue personal data,
- Restriction of data processing, in a situation where the data is incorrect or incomplete, there is no legal basis for their processing, they are not needed by the Controller, but the data subject needs them, and in the case of objection to the processing of data – until it is considered,
- Object to automated data processing, except for the situation where the automated processing is necessary for the proper performance of the contract on which the processing is based,
- Transfer the data to another entity in a form that allows them to be read,
- Being forgotten, i.e. to delete part or all of the processed data in a situation where there is no legal basis for the processing of personal data, the collected data is not necessary to achieve the purposes for which they were collected, to object to the processing of data, to comply with a legal obligation under national or EU legislation, as well as in a situation where the data was collected in connection with the offering of information society services.
6.2. The rights of data subjects may be limited or suspended in the event of conflict with:
- the need to ensure national or public security,
- the need to prevent crime,
- the need to ensure the independence of the judiciary,
- fulfilling the economic or financial objectives of a Member State or of the European Union;
- the exercise of the right to freedom of expression and information,
- fulfilling an obligation imposed by national or European law,
- the objectives of preventive health care,
- archiving purposes in the public interest, for scientific or historical research or for statistical purposes,
- establishing, exercising or defending claims.
6.3. In the event that the User finds that his/her rights are violated, he/she should contact the Controller in one of the ways indicated in point 9.
The User also has the right to lodge a complaint with the supervisory authority. In Germany, the authority responsible for supervising the exercise of rights under the GDPR is the authority competent for the Land in which the notification is made; in Berlin, the competent authority is Berliner Beauftragte für Datenschutz und Informationsfreiheit (address: Friedrichstr. 219, 10969 Berlin, Germany, email: mailbox@datenschutz-berlin.de) which is coordinated by the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (address: Graurheindorfer Straße 153, 53117 Bonn; email: poststelle@bfdi.bund.de). In Poland, the supervisory authority competent to lodge complaints is the President of the Office for Personal Data Protection (Prezes Urzędu Ochrony Danych Osobowych), (address: Stawki 2, 00–193 Warsaw, email: kancelaria@uodo.gov.pl, website www.uodo.gov.pl).
7. Transfer of personal data to third parties
The Controller reserves the right to entrust processing activities to third parties. When entrusting the processing, the Controller exercises due diligence when assessing the security standard provided by the processor, in particular paying attention to the location of the entity and the certificates held by it.
The Controller reserves the right to use the services of processors in the scope of processing activities undertaken by the Controller, in particular to use remote communication solutions, cloud computing solutions and solutions in the field of data storage, including the creation and storage of backup copies.
The Controller does not sell or make available personal data to third parties for marketing purposes.
8. Security of personal data processed
The Controller ensures an appropriate level of security of the processed personal data by introducing an internal security architecture, security control mechanisms, as well as the principles of data minimisation and processing.
The Controller ensures the use of digital protection solutions, including database encryption, implementation of firewall protection and the use of antivirus programs.
The Controller ensures the application of organizational solutions, including limiting the access of individuals to the processed data, conducting training in the field of data security and digital security, and applying good practices regarding access passwords.
The Controller ensures the use of backup copies of the processed personal data allowing for their restoration or recovery in the event of a failure, damage or loss of the main data storage medium.
The Controller ensures that the scope of data processing is limited only to the data necessary to achieve the purpose for which they were collected.
The Controller shall inform data subjects of any detected breaches of their data security.
The Controller requires the same standard of data security to be maintained from all processors with whom it establishes cooperation.
9. Contact
Contact with the Controller is possible at the Controller’s address indicated in point 1 of this Privacy Policy or by e‑mail at: iza.coqui@cmcberlin.de.
10. Changes to the Privacy Policy
The Controller reserves the right to change the content of the Privacy Policy. The current version of the Privacy Policy is available at https://coquimalachowskacoqui.com/en/gdpr/.
The date of the last modification of the content of the Privacy Policy can be found at the end of the Privacy Policy.
Last modified: 12 May 2024