Announcement on implementation of GDPR

On the 25th May, 2018 Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation, “GDPR”) concerning personal data came into effect. On that day regulations of the Act implementing GDPR – Act of 10 May 2018 on personal data protection (Journal of Laws 2018 item 1000 as amended) also came into effect.

In order to comply with GDPR regulations we have updated Terms and Conditions and the related Privacy Policy. Web Services remained unchanged. Modifications in Terms and Conditions, including a scope of new Privacy Policy were introduced in order to provide you with full knowledge and comfort in the use of Web Services In order to provide you with information on methods of processing your personal data clearly and transparently, we have divided Privacy Policy into several chapters. In particular chapters we describe in detail which of your data we may hold and in what manner we may use it. We have also added information on the rights that you have, e.g. how you may access your data and request for discontinuation of its processing.

Before you visit the Service, we recommend you to read updated Terms and Conditions and new Privacy Policy, where the manners of collecting, processing and sharing personal data of users of Web Services’ were described. By clicking “I agree”, you agree for provisions provided below, and that you recognise the use of the Services automatically triggers storage of the so-called cookie files on device that you are currently using and thus you agree for processing your personal data left in the Services while you were using them and other parameters that are recorded in cookie files (e.g. IP address on our devices) for marketing and educational purposes, including aggregation of profiling and analytical purposes by Controller that is Przemysław Diering and by Reliable Partners.

If you use our Services and you do not make changes of settings in your Internet browser in the scope of cookie files (e.g. block them) on your own, it will imply that those files will be automatically recorded in memory of device that you use to visit our Services. Click here to learn more, including how to manage and block your cookie files, if you do not agree for processing your personal data stored in cookie files by us or our Reliable Partners.

Please feel free to contact our Data Protection Supervisor with any questions or doubts.

Who is the Controller of your data?

The Controller of your data is the Service Provider, i.e. Przemysław Diering, who conducts business activity under name MEXPO Przemysław Diering, ul. Pułaskiego 8, 81-368, Gdynia, NIP [tax id. no.]: 5841076375. In order to provide professional processing, protection and efficiency of Services, we cooperate with trusted suppliers. All of your data is protected and stored on servers of our Reliable Partner, that is mSerwis.

Data Protection Supervisor

To guarantee security of processing your personal data in a transparent and legal manner, we have appointed a Data Protection Supervisor. You may contact the Data Protection Supervisor to obtain information in any matters regarding processing of yourpersonal data and using entitlements related to processing. In order to contact the Data Protection Supervisor when needed, please use the correspondence data listed below:

e-mail address:
correspondence address: Mexpo Przemysław Diering, ul. Pułaskiego 8, 81-368 Gdynia

What kind of information (personal data) do we process?

We process the data given or left while using our Services, including the data recorded in cookie files, which are installed on the pages of Services.

That data is primarily data necessary to enable your use of full functionalities of Services, including the data necessary to provide the service: name and surname, country of origin, email address, telephone number. To sum up, the data provided in forms and windows available in our Services as well as data left by you during navigating through our Services, that is data left by you in the so-called cookies (cookie files), e.g. your IP Address, information on how many times you have visited Services, when and what contents shared by Services you have reviewed.

The basis and purpose of processing your personal data

Our processing of your personal data always requires an explicit legal basis. GDPR provides several types of such legal basis on processing data, and in the case of using Services, including our Services, three of them are applicable as a rule.

Firstly, we process your personal data in order to perform contracts concluded with you, and enabling you the use of our Services and providing our Services to you. The legal basis for such processing of your personal data is article 6(1)(b) of GDPR, pursuant to which the processing is necessary to perform a contract in which a party is a Service User, meaning you. Processing on this legal basis refers to performing contracts for providing Services, concluded by complete use of Services as well as using contents published at Services without providing some of personal data, meaning data that does not lead to concluding a contract (use of the service constitutes concluding a contract which is detailed in Terms and Conditions) including also processing a complaint, adjusting Services to your needs, analysing and improving Services, as well as providing security of Services.

Secondly, we process your personal data in order to collect and process aggregated data for statistical purposes, improve quality and contents of our Services (including analysing and profiling data for research and marketing purposes). The legal basis for mentioned processing of personal data is article 6(1)(f) of GDPR, that is necessity of processing for purposes resulting from legitimate interest implemented by the Controller (Service Provider), that is us.

Legitimate interest that we have consists in the necessity of adjusting the contents of Services to Service Users’ preferences and optimisation of use of our web pages, as well as necessity to compile statistics, which constitute the basis for analysis on the ways in which you and other Service Users use the Service and on that basis, among others to prepare specific contents in a specific form, that draw the greatest interest and are in the highest demand.

Thirdly, we process your personal data by properly aggregating it in order to carry out educational mission through marketing forms regarding products and our or our Reliable Partner’s Services (including analysing and profiling data of user groups for educational and marketing purposes). The legal basis for mentioned processing of personal data is article 6(1)(a) of GDPR, that is voluntary, explicit consent for such processing.

Period for which data will be processed

Your personal data shall be stored within the term of the contract for providing Services and after termination of the contractual term in order to complete settlement of parties’ services and liabilities, resulting from a contract, until the expiry period, indicated in applicable regulations on claims expiry resulting from such a contract, available to Service Provider (the data Controller), as well as Service User, and in the scope of tax settlements for the period of tax settlements expiry, resulting from currently applicable provisions (currently, period of tax settlements expiry is 5 years from the end of a fiscal year, in which the necessity of tax payment due to Services provided to you occurred.)

We will process the data due to our legitimate interest until the time of possible filing an effective observation by you.

However, data processed on the basis of your consent shall be processed only until the time of possible withdrawal of your consent or termination of a contract.

Also exercising the right to be forgotten by you will result in removal of your data upon your explicit request.

Who has access to your data?

We shall never transfer your data, sell it nor exchange it for any purposes, including marketing ones, with others. Your data shall be transferred only to our Reliable Partners that are outside companies acting on our behalf, among others providers of IT services. Data transferred to outside entities (“Reliable Partners”) shall be used only to provide you our Services or implementing concluded contracts (e.g. collecting equipment or services related to payments). Whereby, Reliable Partners process data on the basis of contract concluded with us and only in accordance to our commands, our Privacy Policy and standards of information security.

Furthermore, your data may be transferred to entities authorised to obtaining it on the basis of applicable law, to offices and bodies entitled to process data on the basis of specific provisions, e.g. law enforcement agencies in case of a body making a demand on an appropriate legal basis.

What are your rights in relation to your data?

You have among others the right to access your data, amend it, remove it (the right to be forgotten), the right to limit data processing and right to data portability. You may also appeal against data processing and revoke your consent to data processing. You are also entitled to file a complaint to supervisory authority (The President of the Office of Data Protection), if you believe that we process your personal data in improper manner. We describe how to exercise your rights in Privacy Policy.