COQUI MALACHOWSKA COQUI

PRIVACY POLICY

1. Gene­ral

This Pri­va­cy Poli­cy appli­es to the pro­ces­sing of per­so­nal data in con­nec­tion with the ope­ra­ti­on of the web­site https://coquimalachowskacoqui.com/ (her­ein­af­ter: “Web­site”).

The Per­so­nal Data Con­trol­ler for the data pro­ces­sed in con­nec­tion with the ope­ra­ti­on of the Web­site is COQUI MALACHOWS­KA COQUI Städ­te­bau Land­schafts­ar­chi­tek­tur, address: Pots­da­mer Stra­ße 105, 10785 Ber­lin, VAT tax­pay­er num­ber: DE223801373 (her­ein­af­ter refer­red to as the “Con­trol­ler”).

The terms used in the Pri­va­cy Poli­cy should be inter­pre­ted in accordance with the Gene­ral Data Pro­tec­tion Regu­la­ti­on of 27 April 2016 (her­ein­af­ter refer­red to as GDPR) and the rele­vant pro­vi­si­ons of natio­nal law on the pro­tec­tion of per­so­nal data (inclu­ding in Ger­ma­ny: Bun­des­da­ten­schutz­ge­setz of 30 June 2017, in Pol­and: the Per­so­nal Data Pro­tec­tion Act of 10 May 2018),  unless other­wi­se defi­ned in the Pri­va­cy Poli­cy. 

2. Defi­ni­ti­ons

For the pur­po­ses of this Pri­va­cy Poli­cy, the fol­lo­wing terms are defi­ned as fol­lows:

  • Per­so­nal data – any data iden­ti­fy­ing or allo­wing for the iden­ti­fi­ca­ti­on of a natu­ral per­son, direct­ly or indi­rect­ly, in par­ti­cu­lar data such as name and sur­na­me, PESEL num­ber, num­ber of a docu­ment allo­wing to con­firm iden­ti­ty, address of resi­dence, tele­pho­ne num­ber and e‑mail address, 
  • Pro­ces­sing – any ope­ra­ti­on car­ri­ed out on per­so­nal data, in par­ti­cu­lar the acqui­si­ti­on and coll­ec­tion of per­so­nal data, recor­ding or recor­ding of per­so­nal data, 
  • Spe­cial cate­go­ries of data – per­so­nal data iden­ti­fy­ing racial or eth­nic ori­gin, reli­gious, phi­lo­so­phi­cal or poli­ti­cal affi­lia­ti­on, trade uni­on mem­ber­ship, health con­di­ti­on, sexua­li­ty or sexu­al ori­en­ta­ti­on and bio­me­tric data, 
  • Legi­ti­ma­te inte­rest of the pro­ces­sor – the legal basis for the pro­ces­sing of per­so­nal data based on the actu­al inte­rest of the data con­trol­ler, which is at the same time lawful and does not inf­rin­ge the rights, inte­rests and free­doms of data sub­jects, 
  • User – a natu­ral per­son using the Controller’s Web­site, 
  • Part­ner – an enti­ty coope­ra­ting with the Con­trol­ler, which has been reco­gni­zed by the Con­trol­ler as trus­ted and ensu­ring an appro­pria­te level of per­so­nal data pro­tec­tion, and the­r­e­fo­re it is pos­si­ble to ent­rust data pro­ces­sing, 
  • Web­site – the Controller’s web­site with the main address https://coquimalachowskacoqui.com/.
     
     

3. Prin­ci­ples of per­so­nal data pro­ces­sing

The Con­trol­ler pro­ces­ses per­so­nal data based on the assump­ti­ons of data mini­mi­sa­ti­on and pro­ces­sing as well as maxi­mi­sa­ti­on of the default level of pri­va­cy.

The Con­trol­ler pro­ces­ses data on the terms set out in this Pri­va­cy Poli­cy.

The Con­trol­ler pro­ces­ses Users’ per­so­nal data in con­nec­tion with and to the ext­ent neces­sa­ry to pro­vi­de access to the Web­site and pro­vi­de its func­tions.

The Con­trol­ler ensu­res the secu­ri­ty of the pro­ces­sed per­so­nal data and gua­ran­tees the exer­cise of the rights of data sub­jects. 

4. Scope of data pro­ces­sing and loca­ti­on of pro­ces­sing

The Con­trol­ler coll­ects Users’ data, in par­ti­cu­lar the IP address of the User’s device, infor­ma­ti­on about the device, infor­ma­ti­on about the User’s acti­vi­ty on the Web­site, online iden­ti­fier and data coll­ec­ted by coo­kies and other simi­lar tech­no­lo­gies.

The Con­trol­ler pro­ces­ses per­so­nal data within the Euro­pean Eco­no­mic Area (her­ein­af­ter refer­red to as EEA). The Con­trol­ler does not trans­fer per­so­nal data out­side the EEA. The Con­trol­ler reser­ves the right to trans­fer per­so­nal data to part­ners out­side the EEA after the Euro­pean Uni­on aut­ho­ri­ties reco­gni­ze the desti­na­ti­on coun­try as gua­ran­te­e­ing an equal or hig­her stan­dard of per­so­nal data pro­tec­tion than the Euro­pean one.

The Con­trol­ler pro­ces­ses per­so­nal data until the basis for their pro­ces­sing cea­ses to exist. In the case of pro­ces­sing per­so­nal data based on the con­sent of the data sub­ject, the Con­trol­ler pro­ces­ses the data until the con­sent is with­drawn. In cases whe­re the law impo­ses an obli­ga­ti­on to store data for a peri­od lon­ger than the one resul­ting from the basis for pro­ces­sing, the Con­trol­ler stores the data for the peri­od indi­ca­ted in the regu­la­ti­ons. 

5. Coo­kies

Coo­kies are text for­mat files used to save infor­ma­ti­on on the User’s end device, used for com­mu­ni­ca­ti­on bet­ween the Web­site and the User’s device. In con­nec­tion with the use of the Web­site, two types of coo­kies are saved: ses­si­on files, saved for the dura­ti­on of the User’s visit to the Web­site, and per­ma­nent files, saved on the User’s device until they are dele­ted by the User. Coo­kies come in the fol­lo­wing vari­ants:

  • Files neces­sa­ry for the func­tio­ning of the Web­site – files with data about the User’s ses­si­on, inclu­ding ses­si­on ID, authen­ti­ca­ti­on files, secu­ri­ty files, media play­er files. Files neces­sa­ry for the func­tio­ning of the web­site are ses­si­on files and are not retai­ned after the expiry of the User’s ses­si­on. 
  • Func­tion­al files – files with data per­so­na­li­zing the inter­face of the Web­site, retai­ned after the expiry of the ses­si­on. 
  • Ana­ly­ti­cal files – files that allow for moni­to­ring acti­vi­ty on the Web­site, used to ana­ly­se the User’s beha­viour during the use of the Web­site in order to for­mu­la­te ana­ly­ses and reports on the func­tion­a­li­ty of the Web­site. 
  • Per­for­mance Ana­ly­sis Files – files that allow moni­to­ring the User’s acti­vi­ty in terms of the per­for­mance of the Web­site in com­pa­ri­son with per­for­mance inde­xes, in order to impro­ve the inter­face of the Web­site. 
  • Mar­ke­ting files – files that allow us to pre­sent per­so­na­li­zed mar­ke­ting mate­ri­als to the User. 


The User may choo­se the pre­fer­red coo­kie set­tings at the begin­ning of the visit to the Web­site and each time in the set­tings of the web brow­ser. Detail­ed infor­ma­ti­on on how to choo­se your pri­va­cy set­tings is pro­vi­ded by the pro­vi­der of the sel­ec­ted web brow­ser. The default set­ting of coo­kies is to accept only files neces­sa­ry for the func­tio­ning of the Web­site. The Con­trol­ler pro­vi­des the pos­si­bi­li­ty of refu­sing to accept all coo­kies. Fail­ure to accept the files neces­sa­ry for the func­tio­ning of the Web­site may pre­vent the use of the Web­site in its enti­re­ty or in rela­ti­on to some of its func­tion­a­li­ties.

6. Rights of data sub­jects

6.1. Per­sons who­se per­so­nal data are pro­ces­sed by the Con­trol­ler are entit­led to:

  • Access to data, in par­ti­cu­lar to obtain infor­ma­ti­on about the pur­po­se and scope of the pro­ces­sing of their per­so­nal data and to obtain a free copy of the data in ques­ti­on on a one-off basis, 
  • Cor­rec­tion of incom­ple­te or untrue per­so­nal data, 
  • Rest­ric­tion of data pro­ces­sing, in a situa­ti­on whe­re the data is incor­rect or incom­ple­te, the­re is no legal basis for their pro­ces­sing, they are not nee­ded by the Con­trol­ler, but the data sub­ject needs them, and in the case of objec­tion to the pro­ces­sing of data – until it is con­side­red, 
  • Object to auto­ma­ted data pro­ces­sing, except for the situa­ti­on whe­re the auto­ma­ted pro­ces­sing is neces­sa­ry for the pro­per per­for­mance of the con­tract on which the pro­ces­sing is based, 
  • Trans­fer the data to ano­ther enti­ty in a form that allows them to be read, 
  • Being for­got­ten, i.e. to dele­te part or all of the pro­ces­sed data in a situa­ti­on whe­re the­re is no legal basis for the pro­ces­sing of per­so­nal data, the coll­ec­ted data is not neces­sa­ry to achie­ve the pur­po­ses for which they were coll­ec­ted, to object to the pro­ces­sing of data, to com­ply with a legal obli­ga­ti­on under natio­nal or EU legis­la­ti­on, as well as in a situa­ti­on whe­re the data was coll­ec­ted in con­nec­tion with the offe­ring of infor­ma­ti­on socie­ty ser­vices.


6.2. The rights of data sub­jects may be limi­t­ed or sus­pen­ded in the event of con­flict with:

  • the need to ensu­re natio­nal or public secu­ri­ty, 
  • the need to pre­vent crime, 
  • the need to ensu­re the inde­pen­dence of the judi­cia­ry, 
  • ful­fil­ling the eco­no­mic or finan­cial objec­ti­ves of a Mem­ber Sta­te or of the Euro­pean Uni­on; 
  • the exer­cise of the right to free­dom of expres­si­on and infor­ma­ti­on, 
  • ful­fil­ling an obli­ga­ti­on impo­sed by natio­nal or Euro­pean law, 
  • the objec­ti­ves of pre­ven­ti­ve health care, 
  • archi­ving pur­po­ses in the public inte­rest, for sci­en­ti­fic or his­to­ri­cal rese­arch or for sta­tis­ti­cal pur­po­ses, 
  • estab­li­shing, exer­cis­ing or defen­ding claims. 


6.3. In the event that the User finds that his/her rights are vio­la­ted, he/she should cont­act the Con­trol­ler in one of the ways indi­ca­ted in point 9.

The User also has the right to lodge a com­plaint with the super­vi­so­ry aut­ho­ri­ty. In Ger­ma­ny, the aut­ho­ri­ty respon­si­ble for super­vi­sing the exer­cise of rights under the GDPR is the aut­ho­ri­ty com­pe­tent for the Land in which the noti­fi­ca­ti­on is made; in Ber­lin, the com­pe­tent aut­ho­ri­ty is Ber­li­ner Beauf­trag­te für Daten­schutz und Infor­ma­ti­ons­frei­heit (address: Fried­richstr. 219, 10969 Ber­lin, Ger­ma­ny, email: mailbox@datenschutz-berlin.de) which is coor­di­na­ted by the Bun­des­be­auf­trag­te für den Daten­schutz und die Infor­ma­ti­ons­frei­heit (address: Grau­rhein­dor­fer Stra­ße 153, 53117 Bonn; email: poststelle@bfdi.bund.de). In Pol­and, the super­vi­so­ry aut­ho­ri­ty com­pe­tent to lodge com­plaints is the Pre­si­dent of the Office for Per­so­nal Data Pro­tec­tion (Pre­zes Urzę­du Ochro­ny Danych Oso­bo­wych), (address: Staw­ki 2, 00–193 War­saw, email: kancelaria@uodo.gov.pl, web­site www.uodo.gov.pl).

7. Trans­fer of per­so­nal data to third par­ties

The Con­trol­ler reser­ves the right to ent­rust pro­ces­sing acti­vi­ties to third par­ties. When ent­rus­ting the pro­ces­sing, the Con­trol­ler exer­ci­s­es due dili­gence when asses­sing the secu­ri­ty stan­dard pro­vi­ded by the pro­ces­sor, in par­ti­cu­lar pay­ing atten­ti­on to the loca­ti­on of the enti­ty and the cer­ti­fi­ca­tes held by it.

The Con­trol­ler reser­ves the right to use the ser­vices of pro­ces­sors in the scope of pro­ces­sing acti­vi­ties under­ta­ken by the Con­trol­ler, in par­ti­cu­lar to use remo­te com­mu­ni­ca­ti­on solu­ti­ons, cloud com­pu­ting solu­ti­ons and solu­ti­ons in the field of data sto­rage, inclu­ding the crea­ti­on and sto­rage of back­up copies.

The Con­trol­ler does not sell or make available per­so­nal data to third par­ties for mar­ke­ting pur­po­ses.

8. Secu­ri­ty of per­so­nal data pro­ces­sed

The Con­trol­ler ensu­res an appro­pria­te level of secu­ri­ty of the pro­ces­sed per­so­nal data by intro­du­cing an inter­nal secu­ri­ty archi­tec­tu­re, secu­ri­ty con­trol mecha­nisms, as well as the prin­ci­ples of data mini­mi­sa­ti­on and pro­ces­sing.

The Con­trol­ler ensu­res the use of digi­tal pro­tec­tion solu­ti­ons, inclu­ding data­ba­se encryp­ti­on, imple­men­ta­ti­on of fire­wall pro­tec­tion and the use of anti­vi­rus pro­grams.

The Con­trol­ler ensu­res the appli­ca­ti­on of orga­niza­tio­nal solu­ti­ons, inclu­ding limi­ting the access of indi­vi­du­als to the pro­ces­sed data, con­duc­ting trai­ning in the field of data secu­ri­ty and digi­tal secu­ri­ty, and app­ly­ing good prac­ti­ces regar­ding access pass­words.

The Con­trol­ler ensu­res the use of back­up copies of the pro­ces­sed per­so­nal data allo­wing for their res­to­ra­ti­on or reco­very in the event of a fail­ure, dama­ge or loss of the main data sto­rage medi­um.

The Con­trol­ler ensu­res that the scope of data pro­ces­sing is limi­t­ed only to the data neces­sa­ry to achie­ve the pur­po­se for which they were coll­ec­ted.

The Con­trol­ler shall inform data sub­jects of any detec­ted brea­ches of their data secu­ri­ty.

The Con­trol­ler requi­res the same stan­dard of data secu­ri­ty to be main­tai­ned from all pro­ces­sors with whom it estab­lishes coope­ra­ti­on.

9. Cont­act

Cont­act with the Con­trol­ler is pos­si­ble at the Controller’s address indi­ca­ted in point 1 of this Pri­va­cy Poli­cy or by e‑mail at: iza.coqui@cmcberlin.de.

10. Chan­ges to the Pri­va­cy Poli­cy

The Con­trol­ler reser­ves the right to chan­ge the con­tent of the Pri­va­cy Poli­cy. The cur­rent ver­si­on of the Pri­va­cy Poli­cy is available at https://coquimalachowskacoqui.com/en/gdpr/.

The date of the last modi­fi­ca­ti­on of the con­tent of the Pri­va­cy Poli­cy can be found at the end of the Pri­va­cy Poli­cy.

Last modi­fied: 12 May 2024

Kontakt

KONTAKT

BERLIN