Privacy Policy

This Privacy Policy regulates the storing and accessing data on User Terminals accessing the Website for provision of online services by the Data Controller, and the collecting and processing of the personal data of the Users which they have provided personally and voluntarily through the tools available on the Website.

§1 Definitions

  • Website: the ALED.pl website operating at https://aled.pl
  • Third-party website: any website of partners, service providers or service customers cooperating with the Data Controller.
  • Data Controller (Website Administrator) – the Website Administrator and Data Controller (henceforth, the Data Controller) is the corporation “ALED S.C.”, with the registered office of business at Pawliczka 22a, 41-800 Zabrze, Poland, tax identification number (NIP): 6482750032, providing services online via the Website.
  • User: a natural person for whom the Data Controller provides online services via the Website.
  • Terminal: an electronic device with software through which the User accesses the Website.
  • Cookies: text data collected in the form of files placed on the User Terminal.
  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
  • Personal data: information about an identified or identifiable natural person (the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
  • Processing: an operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, structuring, organisation, storage, adaptation or alteration, retrieval, viewing, use, disclosure by transmission, dissemination or otherwise making available, matching or combination, restriction, erasure or destruction;
  • Restriction of processing: the marking of stored personal data for restriction of its future processing.
  • Profiling: any form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors relating to an individual, in particular to analyse or predict aspects relating to that individual’s performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.
  • Consent: consent of the data subject means a freely given, specific, informed and unambiguous indication of intent by which the data subject, either by a statement or by a clear affirmative action, consents to the processing of personal data concerning the data subject.
  • Data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or unauthorised access to personal data transmitted, stored or otherwise processed.
  • Pseudonymisation: the processing of personal data in such a way that they can no longer be attributed to a particular data subject, without the use of additional information, provided that such additional information is kept separately and is covered by technical and organisational measures which make it impossible to attribute it to an identified or identifiable natural person.
  • Anonymisation: data anonymisation is an irreversible process of data operations that destroys / overwrites “personal data”, rendering it impossible to identify, or link, a particular record to a specific user or individual.

§2 Data Protection Officer

Pursuant to GDPR Article 37, the Data Controller has not appointed a Data Protection Officer.

For matters concerning the processing of data – including personal data – contact the Data Controller directly.

§3 Types of cookies

  • Internal cookies: files placed and read in and from the User Terminal by the Website’s information communication system.
  • Third-party cookies: files placed and read in and from the User Terminal by the ICT systems of third-party websites. The scripts of third-party websites that may place cookies on the User Terminal have been deliberately placed on the Website using the scripts and services made available and installed on the Website.
  • Session cookies: files placed and read in and from the User Terminal by the Website during a single session of the Terminal. When the session ends, the files are deleted from the User Terminal.
  • Persistent cookies: files placed and read in and from the User Terminal by the Website until they are manually deleted. These cookies are not deleted automatically after the end of a Terminal session unless the configuration of the User Terminal is set to delete cookies after the end of the Terminal session.

§4 Data storage security

  • Cookie storage and reading mechanisms – The mechanisms for storing, reading and exchanging data between the cookies stored on the User Terminal and the Website are implemented through the built-in mechanisms of web browsers and do not allow other data to be retrieved from the User Terminal or from other websites visited by the User, including personal data or confidential information. The transfer of viruses, Trojan horses and other worms to the User Transfer is virtually impossible.
  • Internal cookies: the cookies used by the Data Controller are safe for the User Terminals and do not contain scripts, content or information that may compromise the security of personal data or the security of the Terminal operated by the User.
  • Third-party cookies: the Data Controller makes every possible effort to verify and select service partners to ensure of User security. The Data Controller selects renowned, large partners with global public trust to cooperate with. However, it does not have full control over the content of cookies from third-party partners. To the extent permitted by applicable laws, the Data Controller is not responsible for the security of such cookies, their content or license-compliant use by the scripts installed on the Website if the cookies originate from third-party websites. A list of partners is provided later in the Privacy Policy.
  • Cookie control
  • Threats to the User: the Data Controller uses all possible technical measures to ensure the security of the data placed in cookies. However, note that it is up to both parties, including the User’s activities, to ensure the security of this data. The Data Controller shall not be held liable for any interception of such data, impersonation of a User’s session or deletion of such data as a result of the User’s conscious or unconscious actions, or viruses, trojans, or other spyware which the User Terminal is or can be infected with. In order to protect themselves from these threats, Users should follow rules for safe use of the Internet.
  • Storage of personal data: the Data Controller represents it makes every effort to ensure that the processed personal data voluntarily entered by Users is secure, and that access to it is limited and performed in accordance with its purpose and the purposes of processing. The Data Controller also represents that it makes every effort to secure the data it holds against loss, by applying appropriate physical as well as organisational safeguards.

§5 Purpose of cookie use

  • Improving and facilitating access to the Website
  • Personalisation of the Website for Users
  • Enabling logging into the Website
  • Management of statistics (users, number of visits, types terminals, connectivity links, etc.)
  • Provision of multimedia services
  • Provision of social media services

§6 Purpose of personal data processing

Personal data voluntarily provided by Users is processed for one of the following purposes:

  • Performance of online services:
    • Services for the signup and maintenance of the User’s account on the Website and the functionalities associated with it
  • Communication of the Data Controller with the Users concerning to the Website and data protection
  • Pursuit of the legitimate interest of the Data Controller

The data concerning Users that is collected anonymously and automatically is processed for one of the following purposes:

  • Management of statistics
  • Pursuit of the legitimate interest of the Data Controller

§7 Third-party website cookies

The Data Controller uses javascript and web components of partners on the Website, who may place their own cookies on the User Terminal. Note that you can decide for yourself by configuring your browser settings what cookies are allowed to be used by individual websites. Below is a list of the partners or their services implemented on the Website that may place cookies on User Terminals:

Services provided by third parties are beyond the control of the Data Controller. These third parties may change their terms of service, privacy policies, purpose of data processing and use of cookies at any time.

§8 Types of data collected

The Website collects data about Users. Part of the data is collected automatically and anonymously, and part of the data is personal data voluntarily provided by Users when signing up for individual services offered by the Website.

Anonymous data collected which is automatically:

  • IP address
  • Browser type
  • Display resolution
  • Approximate geographical location
  • Website pages opened
  • Time spent on each Website page
  • Operating system
  • Previous page address
  • Referring page address
  • Browser language
  • Internet connection speed
  • Internet service provider

Data collected during User signup:

  • E-mail address

Data collected when subscribing to the newsletter service

  • E-mail address

Some data (without identifying information) may be stored in cookies. Part of the data (without identifying information) may be transmitted to a statistical service provider.

§9 Third-party access to personal data

In principle, the Data Controller is the only recipient of the personal data provided by Users. The data collected as part of the services provided is not relayed on or resold to third parties.

Access to the data (usually on the basis of a Data Processing Agreement) may be granted to entities tasked with maintenance of the infrastructure and services required to operate the Website:

  • Hosting companies providing hosting or related services to the Data Controller

Entrusting the processing of personal data – hosting, VPS or dedicated server services

In order to operate the Website, the Data Controller uses a third-party hosting provider, VPS or dedicated servers, OVH sp. z o.o.. All data collected and processed on the Website is stored and processed in the service provider’s infrastructure located in Poland. It is possible to access the data as a result of maintenance work carried out by the service provider’s personnel. Access to this data is governed by an agreement between the Data Controller and the service provider.

§10 Personal data processing methods

Personal data provided voluntarily by Users:

  • Personal data will not be transferred outside the European Union, unless it has been published as a result of an individual action by the User (e.g. by the input of a comment or post), which will make the data available to any visitor to the Website.
  • Personal data will not be used for automated decision-making (profiling).
  • Personal data will not be resold to third parties.

Anonymous data (without personal data) collected automatically:

  • Anonymous data (without personal data) will be transferred outside the European Union.
  • Anonymous data (without personal data) may be used for automated decision-making (profiling).
    The profiling of anonymous data (without personal data) does not produce legal effects or similarly does not materially affect the data subject of the automated decision-making.
  • Anonymous data (without personal data) will not be resold to third parties.

§11 Legal basis of personal data processing

The Website collects and processes User data on the basis of:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
    • Article 6 para. 1(a)
      The data subject has given his or her consent to the processing of his or her personal data for one or more specified purposes
    • Article 6 para. 1(b)
      the processing is necessary for the performance of an agreement to which the data subject is party or in order to take steps at the request of the data subject prior to entering into an agreement
    • Article 6 para. 1(f)
      data processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party
  • Polish Act of 10 May 2018 on Personal Data Protection (Dz.U. 2018.1000)
  • Polish Act of 16 July 2004 on the Telecommunications Code (Dz.U. 2004.171.1800)
  • Polish Act of 04 February 1994 on Copyright and Derivative Rights (Dz.U. 1994.24.83)

§12 Period for processing personal data

Personal data provided voluntarily by Users:

As a general rule, this personal data shall only be stored for the duration of the provision of services on the Website by the Data Controller. They are deleted or anonymised up to 30 days after termination of the service (e.g. deletion of a registered user account, unsubscribing from the newsletter list, etc.)

The exception to this is if it is necessary to safeguard the legitimate purposes of further processing of such data by the Data Controller. In such a situation, the Data Controller will store the data from the time of the request for erasure by the User, for no longer than a period of 3 years in case of violation or suspected violation of the Website Terms of Use by the User.

Anonymous data (without personal data) collected automatically:

Anonymous statistical data, which does not constitute personal data, is stored for an indefinite period of time by the Data Collector for service statistics management.

§13 User’s rights to personal data processing

The Website collects and processes User data on the basis of:

  • The right of access to personal data
    Users have the right to access their personal data, exercised upon request made to the Data Controller.
  • The right to rectification of personal data
    Users have the right to request from the Data Controller the immediate rectification of personal data that is inaccurate and/or the completion of incomplete personal data, carried out upon request submitted to the Data Controller.
  • The right to erasure of personal data
    Users have the right to request from the Data Controller the immediate deletion of their personal data, exercised upon request made to the Data Controller. In the case of User accounts, the deletion of data consists of the anonymisation of the data which enables the identification of the User. The Data Controller reserves the right to suspend the performance of a request for deletion of data in order to protect the legitimate interest of the Data Controller (e.g. when the User has committed an infringement of the Terms of Use or the data was collected as a result of communications between the User and the Data Controller).
    For the newsletter service, the User has the option of deleting his/her personal data himself/herself using the link provided in each newsletter e-mail sent.
  • The right to restrict personal data processing
    Users have the right to restrict the processing of personal data in circumstances specified in GDPR Article 18, including questionable accuracy of personal data, to be performed upon request made to the Data Controller.
  • The right to data portability
    Users have the right to obtain from the Data Controller personal data concerning them in a structured, commonly used machine-readable format, to be performed upon request made to the Data Controller.
  • The right to object to personal data processing
    Users have the right to object to the processing of their personal data in circumstances specified in GDPR Article 21, to be performed upon request made to the Data Controller.
  • The right of complaint
    Users have the right to lodge a complaint with the data protection supervisory authority.

§14 Data Controller contact details

The Data Controller can be contacted in one of the following ways

  • By traditional mail: ALED S.C., ul. Pawliczka 22a, 41-800 Zabrze, Poland
  • By e-mail: handlowy@aled.pl
  • By phone: +48 501 032 250
  • By online contact form: available at: /contact

§15 Website requirements

  • Restricting the storage of and access to cookies on the User Terminal may result in the failure of certain features of the Website to work.
  • The Data Controller shall not be held liable for any failure of Website features if the User restricts the storage and reading of cookies in any way.

§16 Third-party links

The Website – its articles, posts, or User comments – may feature be links to third-party websites, with which the Website Owner does not cooperate. These links and the pages or files they refer to may be dangerous to User Terminals or pose a security risk to User data. The Data Controller is not responsible for any content outside the Website.

§17 Changes to the Privacy Policy

  • The Data Controller reserves the right to change this Privacy Policy provisions concerning the use and application of anonymised data or the use of cookies, at any time and without prior notice to Users.
  • The Data Controller reserves the right to change this Privacy Policy at any time with regard to the processing of Personal Data, of which it will notify the Users who have User accounts or who are subscribed to the newsletter service, with the notice served by e-mail within 7 days of the Privacy Policy change. By continuing to use the services, you are deemed to have read and accepted the changes to the Privacy Policy that have been made. If the User does not agree with the changes, the User shall delete his/her account from the Website or unsubscribe from the newsletter service, as applicable.
  • Any changes made to the Privacy Policy will be published on this Website page.
  • Each Privacy Policy change committed will become effective on the date of publishing.